Cracking .htdigest files with HashCat

Written 2019-05-02

Tags:OpenCL HashCat CUDA Password 

HTDigest files come in the following format:

$username:$realm:$hash

$hash is calculated as:

MD5($username:$realm:$password)

This is not a format directly supported by hashcat. Instead, we must reorganize it, like so:

$hash:$salt

We can place our username, colon, realm, and trailing colon in the salt like so:

$hash:$username:$realm:

and save it in a file named crackme. Then we use the following command:

./hashcat -m 20 -o output.txt crackme -O dictionary.txt