SecurityXploded.com
Hash Kracker Console : Free Command-line Tool to Find Password from MD5/SHA1/SHA256/SHA512 Hashes
 
 
Hash Kracker Console
 
 
 
 
See Also
 
 
Contents
 
 
About

Hash Kracker Console is the all-in-one command-line tool to find out the password from the Hash.

Currently it supports password recovery from following popular Hash types

  • MD5
  • SHA1
  • SHA256
  • SHA384
  • SHA512

Also it offers 4 types of Password Recovery methods based on the complexity of password

  • Dictionary Crack
  • Hybrid Crack
  • Brute-force Crack
  • Pattern based Brute-force Crack

Being a command-line makes it faster and easy for automation. It is fully portable tool and includes installer also.

If you are looking for more user friendly, GUI based tool then check out our tool - Hash Kracker.


Hash Kracker Console works on wide range of platforms starting from Windows XP to Windows 8.

 
 
 
Installation & Un-installation
Hash Kracker Console comes with Installer to help in local installation & un-installation. This installer has intuitive wizard which guides you through series of steps in completion of installation.
At any point of time, you can uninstall the product using the Uninstaller located at following location (by default)
 
[Windows 32 bit]
C:\Program Files\SecurityXploded\HashKrackerConsole

[Windows 64 bit]
C:\Program Files (x86)\SecurityXploded\HashKrackerConsole
 
 
 
How to use?
Hash Kracker Console is console based tool, hence it must be launched from command prompt.

Here is the general usage information
 
HashKrackerConsole [-q]
           [-d -f <dict_file>]
           [-h -f <dict_file> -n <length> -g "charlist" [ -s | -p ] ]
           [-b -m <length> -l <length> -c "charlist" -p "pattern" ]
           <hash_text>

 
Dictionary Crack Options:
   -d Perform dictionary crack
   -f Dictionary file with words on each line
   
Hybrid Crack Options:
   -h Perform hybrid crack operation using dictionary passwords.
Hybrid crack can find passwords like pass123, 123pass etc
   -f Dictionary file with words on each line
   -g Group of characters used for generating the strings
   -n Maximum length of strings to be generated using above character list
These strings are added to the dictionary word to form the password
   -s Suffix the generated characters to the dictionary word(pass123)
   -p Prefix the generated characters to the dictionary word(123pass)
   
Brute Force Crack Options:
   -b Perform brute force crack
   -c Character list used for brute force cracking process
   -m [Optional] Specify the minimum length of password
   -l Specify the maximum length of password
   -p  [Optional] Specify the pattern for the password
   
 
 
Examples of Hash Kracker Console
 
// Dictionary Crack of MD5 Hash
HashKrackerConsole.exe -d -f c:\dictfile.txt 785aae79d0608e76509eecc7f725a633
 
// Hybrid Crack of SHA256 Hash
HashKrackerConsole.exe -h -f c:\dictfile.txt -n 3 -g "123" -s b60841687ce399d0115df379910ff839672443718bedf815848337c5d1454c5a
 
// Bruteforce Crack of SHA1 Hash
HashKrackerConsole.exe -q -b -m 3 -l 10 -c "abcdetps123" 3087916cf835ff998bca5d90d695a7c29a2fcc4d
 
// Bruteforce Crack with pattern - [recommended for half-known passwords]
HashKrackerConsole.exe -q -b -m 3 -l 10 -c "abcdetps123" -p "pa??f??123" 3087916cf835ff998bca5d90d695a7c29a2fcc4d
 
 
Quiet mode ( -q option ) will disable printing each password while recovery is in progress. This makes it much faster especially for brute force operation.

Character list (-g for hybrid and -c for brute force) specifies the characters to be used for generating passwords. If you don't specify then the default character list is used.

For brute force -m indicates the minimum length of password to be generated. This can reduce the generated passwords and hence the time considerably when large number of character set is specified. Similarly -l (small 'L') specifies the maximum length of password to be generated. For example, if you specify -m 6 and -l 8 then only passwords which are of length at least 6 and above but below 8 will be generated.


Also if you know the partial password then you can use Pattern based Brute-force crack to speed up the password recovery. For example, assume that you know the exact password length as 12 and it begins with 'secret' and ends with '123' then command will look like below

 
HashKrackerConsole.exe -b -c "abyz" -l 12 -p "secret???123" <put_hash_text>
 
This will reduce the time to few minutes which otherwise would have taken days or hours to crack that password. You can even crack the impossible looking passwords using the right pattern.
 
 
 
Hash Password Recovery Methods
 
Hash Kracker Console supports 4 types of hash password recovery methods

1) Dictionary Crack
In this mode, it uses dictionary file having each password on separate line. You can find lot of online dictionary with different sizes and use it effectively. This method is more quicker and can find out common passwords.
 
2) Hybrid Crack
This is advanced dictionary method, in which each word in the dictionary file is prefixed or suffixed with generated word from known character list. This can find out password like pass123, 12test, test34 etc. From the specified character list (such as 123), all combinations of strings are generated and appended or prefixed to the dictionary word based on user settings.
 
3) Brute-force Crack
In this method, all possible combinations of words from given character list is generated and then subjected to cracking process. This may take long time depending upon the number of characters and position count specified. 
 
4) Pattern based Brute-force Crack
Pattern based cracking method significantly reduces the password recovery time especially when you know the part of password.. This method can be used only when you know the exact password length and remember few characters.
 
 
 
Screenshots
 
Screenshot 1: Hash Kracker Console showing the recovered Password for MD5 hash using Hybrid Crack method.
 
MysqlPasswordAuditor
 
 
 
Test Results

Hash Kracker Console is successfully tested on Windows XP to Windows 8.

It can recover the hash password successfully for MD5/SHA1/SHA256/SHA384/SHA512 hash data.

 
 
Disclaimer

Hash Kracker Console is designed with good intention to recover the Lost Password.

Like any other tool its use either good or bad, depends upon the user who uses it. However neither author nor SecurityXploded is in anyway responsible for damages or impact caused due to misuse of HashKrackerConsole.

Read our complete 'License & Disclaimer' policy here.

 
 
 
Release History
 
Version 2.0:  11th Apr 2015
Integrated Uninstaller into Windows Add/Remove Programs, now you can uninstall it in a standard way.
 
Version 1.5:  12th Jun 2014
Added feature to automatically copy the recovered Hash Password to clipboard on success.
 
Version 1.1:  20th May 2013
Automatically detects and prompts when Run directly without using CMD prompt
 
Version 1.0:  24th Mar 2013
First public release of Hash Kracker Console.
 
 
 
Download
FREE Download Hash Kracker Console v2.0

License  : Freeware
Platform : Windows XP, 2003, Vista, Windows 7, Windows 8

Download
 
 
 
See Also