You can use a free online resource to crack hashes with hashcat, without having to break the bank for an overpriced graphics card these days. It’s called Colabcat and using colabcat is a free easy way to crack passwords online. If you are a complete beginner to hashcat then read the complete guide to hashcat on this site.
In this tutorial, you will see how to use Colabcat and I will crack a hash I received through Kerberoasting in the new online ethical hacking course, Become An Ethical Hacker.
Table of Contents
What Is Colabcat?
Colaboratory, or “Colab” + “Hashcat” for short, is a product from Google Research. Colabcat is a free Jupyter Notebook, formerly known as IPython notebook that makes this Google Research Colab space available for use to crack passwords using beefed up GPU settings online.
From the page:
Colabcat creates a symbolic link between the dothashcat folder in your Google Drive and the /root/.hashcat folder on the Google Colab session.
This enables seamless session restore even if your Google Colab gets disconnected or you hit the time limit for a single session, by syncing the .restore, .log and the .potfile files across Google Colab sessions by storing them in your Google Drive.
Crack Hashes For Free Online Using Colabcat
The first step to use Colabcat is to open your Google Drive and then open a new tab and go to https://github.com/someshkar/colabcat. The directions are straightforward, but not 100% complete. Of course noone goes into detail about what exactly should be in your hashes folder, but I will show you.
From the directions page:
- Go to the link below to open a copy of the
colabcat.ipynbfile in Google Colab: https://colab.research.google.com/github/someshkar/colabcat/blob/master/colabcat.ipynb - Click on
Runtime,Change runtime type, and setHardware acceleratorto GPU. - Go to your Google Drive and create a directory called
dothashcat, with ahashessubdirectory where you can store hashes. - Come back to Google Colab, click on
Runtimeand thenRun all. - When it asks for a Google Drive token, go to the link it provides and authenticate with your Google Account to get the token.
- You can edit the last few cells in the notebook to customize the wordlists it downloads and the type of hash it cracks. A full list of these can be found here.
- If needed, simply type
!bashin a new cell to get access to an interactive shell on the Google Colab instance.
Start Cracking
You need to login to Google Drive and then go to the Colabcat Github page github to get started. Then create a folder in your Drive named dothashcat and create a folder within it named hashes. You can then put your text file with a hash to crack in the folder named hashes.
Change the command from ls to cat this is a better way to check that Colabcat can read your hashes.
# Check that your hashes are accessible to Colab
!cat /root/.hashcat/hashes/hash.txt
Since the password hash is of the type krb5tgs format hash, I use this command to crack the hash:
Here’s another password hash, a Linux /etc/shadow hash to crack. Let’s give it a rip!
bobjones:$6$DYJ9nsfT$wPGFwTv8eg.45vga9/wtRLM198fe/ikVS3wbQh6DNnNIfLZFr1N6..SObbBRdABO84wWf/pvFE29ttb4Xng2w.:18561:0:99999:7:::
!hashcat -m 1800 /root/.hashcat/hashes/hash.txt /root/wordlists/SecLists/Passwords/Leaked-Databases/rockyou.txt.tar.gz
Recommended Reading
Want to learn more ethical hacking? I highly recommend buying my book made for beginners to Pentesting Become An Ethical Hacker. Check the price on Amazon.
