When reversing/cracking hashes, you might use Hashcat. But when I first started using Hashcat, it was a little confusing and hard to use.
Eventually I understood how to use Hashcat. But while I didn’t know how to use it, I created a tool called SHACracker, or SHACrack for short.
SHACrack was designed to be super easy to use. The tool is supposed to be a Hashcat alternative. Unfortunately, SHACrack can only crack/reverse SHA hashes.
Let’s try it out!
To get started, we’re going to need to pull the code from github.com. If you don’t have git installed, you can get the source code here. Make sure to have Java installed (SHACrack is written in Java).
$ git clone https://github.com/CodeShady/shacracker.git $ cd shacracker
Now, once you’re in the SHACrack directory, compile the code.
$ javac SHACrack.java
Great! Now, let’s run it!
Once SHACrack is compiled, you will be able run this command in the SHACrack directory.
$ java SHACrack
First, it will ask you for a wordlist file (rockyou.txt, john.txt, etc.) You can get some popular wordlist files here.
I’ll give it john.txt.
Second, it will ask you for a SHA type. It only accepts SHA-1, SHA-256, and SHA-512.
In this case, I’ve got a SHA256 hash. So I’ll put in 256 (SHA-256).
Then it’s going to ask you for the SHA hash or a file. You can ether give it a SHA hash directly, or if you have a list of SHA hashes, you can put them in a file and enter the filename. I have a SHA-256 hash copied in my clipboard, so I’ll just paste that in directly. Here’s my input below.
Wordlist File: john.txt SHA Type (1,256,512): 256 SHA-256 Hash, Or File: 5E884898DA280471...
After you hit enter, you’ll get all the information you need about your hash (and if it cracked or not).
Here’s my output when I ran SHACrack with the above input.
---------- Hash Found ---------- Time : 61 Milliseconds File : john.txt Type : SHA-256 Line : 4 Hash : 5e884898da28047151d0e56f8dc6292773603d0d6aabbdd62a11ef721d1542d8 Value : password 5e884898da28047151d0e56f8dc6292773603d0d6aabbdd62a11ef721d1542d8 = password