Home Cracking Cracking MD5, phpBB, MySQL and SHA1 passwords with Hashcat on Kali Linux

Cracking MD5, phpBB, MySQL and SHA1 passwords with Hashcat on Kali Linux




Hashcat or cudaHashcat is the self-proclaimed world’s fastest CPU-based password recovery tool. Versions are available for Linux, OSX, and Windows and can come in CPU-based or GPU-based variants. Hashcat or cudaHashcat currently supports a large range of hashing algorithms, including: Microsoft LM Hashes, MD4, MD5, SHA-family, Unix Crypt formats, MySQL, Cisco PIX, and many others.


Hashcat or cudaHashcat comes in two main variants:

  1. Hashcat – A CPU-based password recovery tool
  2. oclHashcat or cudaHashcat – A GPU-accelerated tool

Many of the algorithms supported by Hashcat or cudaHashcat can be cracked in a shorter time by using the well-documented GPU-acceleration leveraged in oclHashcat or cudaHashcat (such as MD5, SHA1, and others). However, not all algorithms can be accelerated by leveraging GPUs.

Hashcat or cudaHashcat is available for Linux, OSX and Windows. oclHashcat or cudaHashcat is only available for Linux and Windows due to improper implementations in OpenCL on OSX.

My Setup

My setup is simple. I have a NVIDIA GTX 210 Graphics card in my machine running Kali Linux 1.0.6 and will use rockyou dictionary for this whole exercise. In this post, I will show How to crack few of the most common hashes

  1. MD5
  2. MD5 – phpBB
  3. MySQL and
  4. SHA1

I will use 2 commands for every hash, hashcat and then cudahashcat. Because I am using a NVIDIA GPU, I get to use cudaHashcat. If you’re using AMD GPU, then I guess you’ll be using oclHashcat. Correct me if I am wrong here!

Before you enable GPU Cracking, I’ve spent last few months writing guides on how to enable those features in Kali Linux.


  1. Install proprietary NVIDIA driver on Kali Linux – NVIDIA Accelerated Linux Graphics Driver
  2. Install NVIDIA driver kernel Module CUDA and Pyrit on Kali Linux – CUDA, Pyrit and Cpyrit-cuda

AMD Users:

  1. Install AMD ATI proprietary fglrx driver in Kali Linux 1.0.6
  2. Install AMD APP SDK in Kali Linux
  3. Install Pyrit in Kali Linux
  4. Install CAL++ in Kali Linux

AMD is currently much faster in terms of GPU cracking, but then again it really depends on your card.

You can generate more hashes or collect them and attempt to crack them. Becuase I am using a dictionary, (it’s just 135MB), I am limited to selection number of passwords. The bigger your dictionary is, the more you’ll have success cracking an unknown hash. There are other ways to cracking them without using Dictionary (such as RainBow Tables etc.). I will try to cover and explain as much I can. Advanced users, I’m sure you already know these, so I would appreciate constructive comments. As always, read the manual and help file before you ask for help. Most of the things are covered in manuals and wiki available in www.hashcat.net.

A big thanks goes to the Hashcat or cudaHashcat Dev team, they are the ones who created and maintained this so well. Cudos!.

Getting hashes:

First of all, we need to get our hashes. You can download hash generator applications, but there’s online sites that will allow you to create them. I will use InsidePro who kindly created a page that allows you create hashes on the fly and it’s publicly available. Visit them and feel free to browse their website to understand more about hashes.

The password I am using is simple: abc123




All you need to do is enter this in password field of this page http://www.insidepro.com/hashes.php and click on generate.


Cracking hashed MD5 passwords

From the site, I copied the md5 hashed password and put it into a file.

vi md5-1.txt
cat md5-1.txt



MD5 cracking using hashcat and cudahashcat

Now it’s simple, I just typed in the following command and it took few seconds.

hashcat -m 0 -a 0 /root/md5-1.txt /root/rockyou.txt


Similarly, I can use cudahashcat.

cudahashcat -m 0 -a 0 /root/md5-1.txt /root/rockyou.txt


Cracking hashed MD5 – phpBB passwords

From the site, copy the phpBB hashed password and put it into a file.

vi md5phpbb-1.txt
cat md5phpbb-1.txt


What I didn’t explain in previous section, is that how do you know who mode to use or which attack code. You can type in hashcat --help or cudahashcat --help and read through it. Because I will stick with attack mode 0 (Straight Attack Mode), I just need to adjust the value for -m where you specify which type of hash is that.

hashcat --help | grep php


So it’s 400


MD5 – phpBB cracking using hashcat and cudahashcat

Let’s adjust our command and run it.

hashcat -m 400 -a 0 /root/md5phpbb-1.txt /root/rockyou.txt


and cudahashcat

cudahashcat -m 400 -a 0 /root/md5phpbb-1.txt /root/rockyou.txt


Cracking hashed MySQL passwords

Similar step, we get the file from the website and stick that into a file.

vi mysql-1.txt
cat mysql-1.txt

NOTE: *6691484EA6B50DDDE1926A220DA01FA9E575C18A <– this was the hash from the website, remove * from this one before you save this hash.



First of all let’s find out the mode we need to use for MYSQL password hashes.

hashcat --help | grep My



Ah, I’m not sure which one to use here …

MySQL hashed password cracking using hashcat and cudahashcat

I’ll try 200 and see how that goes …

hashcat -m 200 -a 0 /root/mysql-1.txt /root/rockyou.txt

Nope not good, Let’s try 300 this time…

hashcat -m 300 -a 0 /root/mysql-1.txt /root/rockyou.txt


and cudahashcat

cudahashcat -m 300 -a 0 /root/mysql-1.txt /root/rockyou.txt


Cracking hashed SHA1 passwords

Similar step, we get the file from the website and stick that into a file.

vi sha1-1.txt
cat sha1-1.txt


Let’s find out the mode we need to use for SHA1 password hashes.

hashcat --help | grep SHA1


SHA1 password cracking using hashcat and cudahashcat

We already know what to do next…

hashcat -m 100 -a 0 /root/sha1-1.txt /root/rockyou.txt


and cudahashcat

cudahashcat -m 100 -a 0 /root/sha1-1.txt /root/rockyou.txt


Location of Cracked passwords

Hashcat or cudaHashcat saves all recovered passwords in a file. It will be in the same directory you’ve ran Hashcat or cudaHashcat or oclHashcat. In my case, I’ve ran all command from my home directory which is /root directory.

cat hashcat.pot



Creating HASH’es using Kali

As always, great feedback from zimmaro, Thanks. See his comment below: (I’ve removed IP and email details for obvious reasons).

dude got some massive screen!!! 1920×1080 16:9 HD 1080p!!!

<email truncated>
<ip address truncared>

all always(our-friend):
excellent explanation and thank you for sharing your knowledge / experiences

PS:if I may :-)
some “” basic-hash “” can be generated directly with our KALI





This guide is here to show you how you can crack passwords using simple attack mode.You might ask why I showed the same command over and over again! Well, by the end of this guide, you will never forget the basics. There’s of course advanced usage, but you need to have a strong basics.

I would suggest to read Wiki and Manuals from www.hashcat.net to get a better understanding of rule based attacks because that’s the biggest strength of Hashcat. The guys in Hashcat forums are very knowledgeable and know what they are doing. If you need to know anything, you MUST read manuals before you go and ask something. Usually RTFM is the first response … so yeah, tread lightly.

Thanks for reading. Feel free to share this article.


      • blackMORE,

        I have followed your steps from installing kali to configuring the hashcat. And Thank you, it was all a success. But I have one problem though when running a mask attack:

        [email protected]:~$ sudo oclhashcat -m 0 ~/Desktop/megaerahashes -1 ?l?u?d? ?1?1?1?1?1?1?1
        oclHashcat v1.01 starting…

        Hashes: 14 total, 1 unique salts, 14 unique digests
        Bitmaps: 8 bits, 256 entries, 0x000000ff mask, 1024 bytes
        Rules: 1
        Applicable Optimizers:
        * Zero-Byte
        * Precompute-Init
        * Precompute-Merkle-Demgard
        * Meet-In-The-Middle
        * Early-Skip
        * Not-Salted
        * Not-Iterated
        * Single-Salt
        * Scalar-Mode
        * Raw-Hash
        Watchdog: Temperature abort trigger set to 90c
        Watchdog: Temperature retain trigger set to 80c
        Device #1: WinterPark, 256MB, 1800Mhz, 2MCU
        Device #1: Kernel ./kernels/4098/m0000_a0.WinterPark_1214.3_1214.3.kernel (916272 bytes)
        Device #1: Kernel ./kernels/4098/bzero.WinterPark_1214.3_1214.3.kernel (33868 bytes)

        ?1?1?1?1?1?1?1: No such file or directory

        I don’t know what directory is missing. I don’t get this error when running a dictionary or bruteforce. Please help.

        Thanks in advance

        • You’re using MASK directly instead of putting that into a .HMASK file, that’s all. Simple syntax error.

          oclhashcat -m 0 ~/Desktop/megaerahashes -1 ?l?u?d??1?1?1?1?1?1?1
  1. I need somebodys help!!
    When I type in: hashcat -m 0 -a 0 /root/tmp/hash.txt /root/tmp/hashh.txt
    Comes the error: /root/tmp/hash.txt: not such file or directory
    Please help me!!!!!

  2. hello guys i have passwords in mysql user table that i need help in i identifying and cracking one of them is here dd27F03B2D152B35. thanks

Comments are closed.