What Is Dehashing ?
First of all, what is dehashing? It is a process of getting a plain string of random letters and numbers. It is also a security measure not to store plain passwords in the database. There are many types of hashes. There also exist ‘salt’ term, but what is that? Salt is an additional part of the hash.
It has randomly generated string added to the hash. If it is added, then the hash is harder to dehash. I will not explain every hash type there. To recognize a hash type you can use this site (in hashcat every hash have it is own code, for example, MD5 have 0). However, how can you recognize hash? It is just a combination of letters and numbers. For example:
You cannot even recognize what letters are used in the real password, so how you can check it? There are some programs to do it, but the most advanced and the best is hashcat – console program that allows you to dehash almost every type of hash and get a plain string (password)(do not buy any paid dehashing programs, hashcat is free and the best). It is world’s fastest password recovery tool and can come in CPU-based or GPU-based variants. This software can dehash for you large databases with millions of rows.
The dehashing process speed depends on your PC components. You will also need large disk for dictionaries. However, why you need them? Hashcat without dictionaries/wordlists is useless (you can use a bruteforce mode to dehash without dictionaries, but it will take years to crack a simple password like Madonna5432Sarah, that is why we will use wordlists). Wordlist contains billions of passwords combinations. Where can you find the wordlists? What is the good amount of wordlists? As much as possible.
There is a list of useful links to download the dictionaries. Let’s move to the practical part. Download hashcat and unzip it into a folder. Open this folder, right click on blank space and select Open command window here option from context menu. You will see a console window with hashcat path. As you probably already guess, it will not work without commands, so you have to learn some, but you have to do something else before it.
You have to create one folder and one .txt file in hashcat folder. Name the .txt file hashes.txt and the folder dict. In folder put all your wordlists (do not have to be in .txt extension, some of the wordlist have .wordlist extension, and hashcat still loads them). In the hashes.txt file, you will have to put your hashed database/combo in format user:hash or e-mail:hash. Move again to console window and type command :
That is all. Simple and noob-friendly. Now you can open your output file, load it to Sentry MBA or SNIPR and start cracking.