Skip to content

Your First Password Crack

This guide walks you through performing your first password crack with KrakenHashes. By the end of this tutorial, you'll understand the complete workflow from setup to viewing results.

Prerequisites

  • KrakenHashes is installed and running
  • You're logged in as an admin user
  • You have access to a hashcat binary file
  • At least one agent machine is available (can be the same as the server)

Step 1: Upload Hashcat Binary

First, we need to upload the hashcat binary that agents will use to perform the actual cracking.

  1. From the main menu, click AdminBinary Management
  2. Click the Add Binary button in the top right

Binary Management Page

Upload the Binary

  1. In the upload dialog:
  2. Click Choose File or drag and drop your hashcat binary
  3. Supported formats: .7z, .zip, .tar.gz

  4. The binary should be compressed and include all necessary files

  5. Click Upload and wait for the process to complete

Getting Hashcat

If you don't have hashcat, download it from hashcat.net/hashcat/

For this tutorial, download the appropriate binary for your system: - Linux: hashcat-6.2.6.7z - Windows: hashcat-6.2.6.exe (compress to .zip first)

  1. After upload, the system will automatically verify the binary
  2. Status should show as verified
  3. Note the Binary ID for later reference

Step 2: Upload a Simple Wordlist

Next, let's create a basic wordlist for our first crack attempt.

  1. From the main menu, click ResourcesWordlists
  2. Click the Add Wordlist button

Wordlist Management

Create a Test Wordlist

For this tutorial, let's create a simple wordlist file:

  1. Create a text file named common-passwords.txt with these contents: 

    password
123456
password123
admin
letmein
welcome
monkey
dragon

  2. In the upload dialog:

  3. Name: "Common Passwords Tutorial"
  4. Description: "Basic wordlist for first crack tutorial"
  5. Type: General

  6. File: Select your common-passwords.txt

  7. Click Upload

Wordlist Types

  • General: Standard password lists
  • Usernames: Lists of common usernames
  • Custom: Specialized wordlists for specific targets

Step 3: Create a Test Hashlist

Now let's create some password hashes to crack. We'll use known passwords so you can verify the results.

Prepare Test Hashes

  1. Create a file named test-hashes.txt with these MD5 hashes: 
    5f4dcc3b5aa765d61d8327deb882cf99
e10adc3949ba59abbe56e057f20f883e
482c811da5d5b4bc6d497ffa98491e38

What are these hashes?

These are MD5 hashes of: - password → 5f4dcc3b5aa765d61d8327deb882cf99 - 123456 → e10adc3949ba59abbe56e057f20f883e
- password123 → 482c811da5d5b4bc6d497ffa98491e38

Upload the Hashlist

  1. Navigate to Hashlists from the main menu

Hashlist Management Page Hashlist Management page with UPLOAD HASHLIST button highlighted, showing the interface where users can view existing hashlists and initiate new uploads

  1. Click Upload Hashlist

Upload Hashlist Dialog

  1. Fill in the details:
  2. Name: "Tutorial Test Hashes"
  3. Description: "MD5 hashes for first crack tutorial"
  4. Hash Type: MD5 (mode 0)
  5. Client: (Optional - leave blank for tutorial)

  6. File: Select your test-hashes.txt

  7. Click Upload

The system will process your hashlist and show: - Total hashes: 3 - Unique hashes: 3 - Status: Active

Step 4: Connect an Agent

Agents are the worker machines that perform the actual password cracking. Let's connect one.

Generate a Claim Code

  1. Navigate to AdminAgent Management
  2. Click Generate Claim Code

Agent Management

  1. A claim code will be generated (e.g., ABCD-EFGH-IJKL)
  2. Copy this code - you'll need it for the agent

Install and Configure the Agent

On your agent machine (can be the same as the server):

  1. Download the KrakenHashes agent for your platform
  2. Extract it to a directory

  3. Run the registration command: 

    ./krakenhashes-agent --host your-server:31337 --claim ABCD-EFGH-IJKL

  4. The agent will:

  5. Register with the server
  6. Receive an API key
  7. Start heartbeat communication
  8. Sync required files (binaries, wordlists)

Agent Connected!

Once registered, you'll see the agent appear in the Agent Management page with: - Status: Online 🟢 - Hardware info (GPU details if available) - Last heartbeat timestamp

Step 5: Create and Run a Job

Now for the exciting part - let's crack those passwords!

Create a New Job

  1. Go back to Hashlists
  2. Find your "Tutorial Test Hashes" and click on it
  3. Click Create Job button

Create Job Dialog

Configure the Job

You have three options for creating jobs:

  1. Select the Preset Jobs tab
  2. Choose "Quick Dictionary Attack"
  3. This preset includes:
  4. Dictionary attack with your wordlists
  5. Basic rules for variations
  6. Optimized for speed
  1. Select the Custom tab
  2. Configure:
  3. Name: "Tutorial First Crack"
  4. Attack Mode: Dictionary (0)
  5. Wordlists: Select "Common Passwords Tutorial"
  6. Rules: (Optional - leave empty for now)
  1. Select the Workflows tab
  2. Choose a predefined workflow that runs multiple attack strategies

Start the Job

  1. Review your settings
  2. Click Create Job

The job will be: - Added to the queue - Assigned to an available agent - Started automatically

Step 6: Monitor Progress

View Job Status

  1. Navigate to Jobs from the main menu
  2. Find your job in the list

Job Progress

You'll see: - Status: Running 🔄 - Progress: Percentage complete - Speed: Hashes per second - Time: Elapsed and estimated remaining

Real-time Updates

The dashboard updates in real-time showing: - Candidates tested - Passwords cracked - Current speed - Agent assignment

Understanding Speed

Speed is measured in H/s (hashes per second). Higher is better! - CPU only: 1,000 - 100,000 H/s - Single GPU: 1,000,000+ H/s - Multiple GPUs: Much higher!

Step 7: View Results

Once the job completes (should be quick for this tutorial):

Check the Results

  1. Go back to your hashlist
  2. You'll see the status has updated:
  3. Cracked: 3/3 (100%)
  4. Status indicators next to each hash

View Cracked Passwords

  1. Click on a cracked hash to see details
  2. The plaintext password will be displayed
  3. You should see:
  4. 5f4dcc3b5aa765d61d8327deb882cf99password
  5. e10adc3949ba59abbe56e057f20f883e123456
  6. 482c811da5d5b4bc6d497ffa98491e38password123

Cracked Results Hashlist view showing successfully cracked passwords with their plaintext values revealed

Export Results

  1. Click Export button
  2. Choose format:
  3. CSV: For spreadsheets
  4. JSON: For programming

  5. Hashcat Potfile: hash:plain format

  6. Download includes:

  7. Original hashes
  8. Cracked plaintexts
  9. Crack timestamps
  10. Metadata

Understanding What Happened

Let's review the complete workflow:

graph LR
    A[Upload Binary] --> B[Upload Wordlist]
    B --> C[Create Hashlist]
    C --> D[Connect Agent]
    D --> E[Create Job]
    E --> F[Agent Executes]
    F --> G[View Results]

Key Concepts

  1. Hashcat Binary: The actual cracking engine
  2. Agents download and use this

  3. Supports many hash types and attack modes

  4. Wordlists: Lists of potential passwords

  5. Can be general or targeted

  6. Quality matters more than quantity

  7. Hashlists: Your target hashes to crack

  8. Organized by hash type

  9. Can contain thousands or millions

  10. Agents: Distributed workers

  11. Can be anywhere with internet
  12. Automatically sync files

  13. Report progress in real-time

  14. Jobs: Work assignments

  15. Define what to try (wordlists, rules, masks)
  16. Can be simple or complex workflows
  17. Automatically distributed to agents

KrakenHashes Dashboard Main dashboard view showing hashlist management with crack statistics and job execution interface - what you'll see after completing your first successful password crack

Next Steps

Now that you've completed your first crack:

1. Try More Complex Attacks

  • Add Rules: Transform wordlists (password → Password123!)
  • Use Masks: Pattern-based attacks (?u?l?l?l?d?d?d?d)
  • Combination Attacks: Combine multiple wordlists

2. Scale Up

  • Add More Agents: Distribute work across multiple machines
  • Use GPUs: Dramatically increase cracking speed
  • Upload Larger Wordlists: Try rockyou.txt or custom lists

3. Create Workflows

Build multi-stage attacks: 1. Quick dictionary attack 2. Dictionary with rules 3. Targeted masks 4. Brute force (last resort)

4. Explore Features

  • Client Management: Organize hashlists by client/project
  • Scheduling: Control when agents run jobs
  • Retention Policies: Automatic cleanup of old data
  • Team Collaboration: Share access with team members

Troubleshooting

Common Issues

Agent won't connect
  • Check firewall rules (port 8443)
  • Verify server URL is correct
  • Ensure claim code hasn't expired
  • Check agent logs for errors
Job stuck in queue
  • Verify agent is online
  • Check agent has required hardware
  • Ensure binary is verified
  • Look for error messages
No passwords cracked
  • Try a different wordlist
  • Add rules for variations
  • Check hash type is correct
  • Verify hash format
Slow performance
  • Use GPU-enabled agents
  • Optimize wordlists (remove duplicates)
  • Check network connectivity
  • Monitor system resources

Summary

Congratulations! You've successfully:

  • ✅ Uploaded a hashcat binary
  • ✅ Created a wordlist
  • ✅ Uploaded target hashes
  • ✅ Connected an agent
  • ✅ Ran a cracking job
  • ✅ Retrieved cracked passwords

You now understand the fundamental workflow of KrakenHashes. From here, you can scale up to crack real-world password hashes with more sophisticated attacks and distributed agents.

Ready for Real Work!

You're now equipped to:

  • Handle client hashlist submissions
  • Build effective attack strategies
  • Manage distributed cracking operations
  • Deliver results efficiently

Additional Resources