Hash Catnip

I’ve been dabbling with password cracking using Hashcat. Previously I wrote a beginners guide called Getting Started with Hashcat that outlined basic usage. After going through the steps I mentioned in that article several times, I realized I could streamline and reduce some steps, so I wrote a python script to do exactly that. The Result? A utility that I’ve named Hash Catnip.

This is the first of my offerings to the cybersecurity community and Im looking forward to producing more. The goal is to get this in the hands of some folks that would find it useful and get some feedback on how to improve and develop it further. For now its covering my usage, and will get updated the more in depth I go with Hashcat overtime. But it would be cool to see what more advanced practitioners think.

How Does it Work?

The script will save you some time and key strokes by abstracting away a few commands and running them for you. I wont go into all the steps here, you can refer to the guide I linked above for the typical Hashcat usage, but basically the procedure goes something like this:

1. Save the hash you want to crack in a text file.

2. Point Hashcat to the saved file and it will display its guess of algorithm produced the hash.

3. Select the number of the algorithm(hash mode) to use to crack the hash and provide a word list.

4. Let Hashcat do its thing.

5. Decipher the output and find the cracked hash.

With Hash Catnip, the process is simplified to:

1. Pass in the hash to crack and word list

2. Select the number of the algorithm(hash mode) to use to crack the hash.

3. Decipher the output and find the cracked hash.

So I shave off 2 steps and a lot of key strokes.

How Do I Use it?

Now lets get to the good stuff!

• First step, clone the repo:

    git clone git@github.com:Coded-Alchemy/HashCatnip.git
  

• Next go into the cloned repo and run the help menu with this command:

    python hcn.py -h
  

  Hash Catnip will display how to use it and the options you can enter in:

  

• Run this command next but enter in you own hash and word list path:

    python hcn.py -H 4d10a268a303379f224d8852f2d13f11 -l ~/Documents/WordLists/rockyou.txt
  

  

  If you want to use the hash I provided you can, but you should probably run against the rockyou.txt file in your own environment.

• Hash Catnip will now display Hashcats typical hash mode selection, enter in the number of the hash mode for HashCat to use. If you’re following my example use 900:

  

Hash Catnip will then display the typical Hashcat output:

We can decipher from this output, that the hash has been cracked and the password used is princess:

Whats Next?

Ill be updating this script as I get more proficient with Hashcat, there is probably more advanced use cases that could be added in. I hope someone finds Hash Catnip useful and provides some feedback for some features I haven’t thought about.

Ill also be keeping an eye out for more offerings I could provide to the cybersecurity community. Coming from a software engineering background give me an advantage where I can make my own tools and I want to share for others to also benefit from.

I hope you enjoyed this write up, see you in the next one!