Cracking .htdigest files with HashCat

Written 2019-05-02

Tags:OpenCL HashCat CUDA Password 

HTDigest files come in the following format:


$hash is calculated as:


This is not a format directly supported by hashcat. Instead, we must reorganize it, like so:


We can place our username, colon, realm, and trailing colon in the salt like so:


and save it in a file named crackme. Then we use the following command:

./hashcat -m 20 -o output.txt crackme -O dictionary.txt