Password Cracking
Premium roomLearn how passwords are hashed, identify hash types, and crack them with Hashcat and John the Ripper.
easy
To access material, start machines and answer questions login.
Passwords are the most common authentication mechanism on the internet and also one of the most reliable attack paths into a system. Whether we are dealing with a leaked database, a captured network handshake, or a hash extracted from a compromised machine, the ability to recover the plaintext from a hash is a fundamental red-team skill.
This room walks through password cracking from the ground up: how passwords are stored, how to identify which algorithm produced a given hash, which tools and techniques to apply, and when to use each. By the end, we will crack a set of real hashes using the exact workflow a penetration tester would follow on an engagement.
Learning objectives
- Explain how passwords are stored as hashes and what salting does
- Identify common hash types by their visual characteristics and with dedicated tools
- Use hashid to narrow down unknown hash formats
- Run dictionary attacks with Hashcat and
- Apply rule-based and mask attacks to extend coverage beyond a standard wordlist
- Choose the right tool and technique for a given hash and scenario
Prerequisites
- Fundamentals Part 1: Navigating the command line, reading and writing files
- Hashing Basics: What hash functions are and their core properties
- Introduction to Wordlists: CeWL, crunch, and for building and using targeted wordlists
I understand the learning objectives and am ready to password-crack!
Ready to learn Cyber Security?
The Password Cracking room is only available for premium users. Signup now to access more than 500 free rooms and learn cyber security through a fun, interactive learning environment.
Already have an account? Log in