Just like Hydra, you will need to build a wordlist. This wordlist can be found on the server 220.127.116.11, but you’ll need to hack into it first using Hydra (the previous step)
You won’t find passwords in plain text stored on a server. Instead, the server will HASH these passwords, or put it through a crazy mathematical algorithm, and turn it into what looks like gibberish. That is our hash.
I’ve provided a single HASH in a file on the server 18.104.22.168. You’ll need to create a simple text file containing this hash.
Using the wordlist, you’ll use hashcat to put each password through the hashing process to see if it matches the provided hash, until you find a match. (and, you will, if you do it right)
sudo hashcat -a 0 -m 1800 -o mycrackedpassword.txt myhashfile.txt mywordlist.txt