You must determine the following:
What type of hashing algorithm was used to protect passwords?
What level of protection does the mechanism offer for passwords?
What controls could be implemented to make cracking much harder for the hacker in the event of a password database leaking again?
What can you tell about the organization’s password policy (e.g. password length, keyspace, etc.)?
What would you change in the password policy to make breaking the passwords harder?
Password cracking explained (techniques described in 2013 still haven’t changed)
sudo hashcat -m 0 hash.txt -o crack.txt rockyou.txt
sudo hashcat -m 0 hash.txt -o crack.txt rockyou.txt --show
sudo cat crack.txt