hashcat - Advanced Password Recovery

hashcat is the world's fastest and most advanced password recovery tool, supporting over 200 highly-optimized hashing algorithms. It's designed to crack password hashes using various attack modes and can utilize CPU, GPU, and other hardware accelerators.

🎯 Purpose

Password Cracking: Recover passwords from hash values
Hash Analysis: Identify and analyze different hash types
Security Testing: Test password strength and policies
Forensics: Recover passwords from seized systems

🚀 Basic Usage

Hash Identification

bash

# Identify hash type
hashcat --help | grep -i "hash modes"
hashid hash.txt

# Example hash modes
# MD5: -m 0
# SHA1: -m 100
# NTLM: -m 1000
# bcrypt: -m 3200

Basic Attacks

bash

# Dictionary attack
hashcat -m 0 -a 0 hash.txt rockyou.txt

# Brute force attack
hashcat -m 0 -a 3 hash.txt ?a?a?a?a?a?a

# Combination attack
hashcat -m 0 -a 1 hash.txt dict1.txt dict2.txt

🔧 Attack Modes

Dictionary Attack (-a 0)

bash

# Basic dictionary attack
hashcat -m 1000 ntlm_hashes.txt /usr/share/wordlists/rockyou.txt

# With rules
hashcat -m 1000 -r /usr/share/hashcat/rules/best64.rule ntlm_hashes.txt rockyou.txt

# Multiple wordlists
hashcat -m 0 hashes.txt wordlist1.txt wordlist2.txt

Combination Attack (-a 1)

bash

# Combine two wordlists
hashcat -m 0 -a 1 hashes.txt left.txt right.txt

# Example: passwords like "password123", "admin2021"
hashcat -m 0 -a 1 hashes.txt words.txt numbers.txt

Brute Force Attack (-a 3)

bash

# Mask attack - 8 character alphanumeric
hashcat -m 0 -a 3 hashes.txt ?a?a?a?a?a?a?a?a

# Custom mask for "password" + 4 digits
hashcat -m 0 -a 3 hashes.txt password?d?d?d?d

# Increment mode (try lengths 1-8)
hashcat -m 0 -a 3 --increment --increment-min 1 --increment-max 8 hashes.txt ?a?a?a?a?a?a?a?a

Hybrid Attacks (-a 6, -a 7)

bash

# Hybrid wordlist + mask (password123)
hashcat -m 0 -a 6 hashes.txt wordlist.txt ?d?d?d

# Hybrid mask + wordlist (123password)
hashcat -m 0 -a 7 hashes.txt ?d?d?d wordlist.txt

🎯 Common Hash Types

Popular Hash Modes

bash

# MD5
hashcat -m 0 hashes.txt wordlist.txt

# SHA1
hashcat -m 100 hashes.txt wordlist.txt

# NTLM (Windows)
hashcat -m 1000 ntlm.txt wordlist.txt

# bcrypt
hashcat -m 3200 bcrypt.txt wordlist.txt

# WPA/WPA2
hashcat -m 2500 capture.hccapx wordlist.txt

# PDF documents
hashcat -m 10400 pdf.hash wordlist.txt

# ZIP archives
hashcat -m 13600 zip.hash wordlist.txt

📁 Installation

Debian/Ubuntu

bash

sudo apt update
sudo apt install hashcat

From Official Repository

bash

# Download from https://hashcat.net/hashcat/
wget https://hashcat.net/files/hashcat-6.2.6.tar.gz
tar -xzf hashcat-6.2.6.tar.gz
cd hashcat-6.2.6
make
sudo make install

⚙️ Performance Optimization

GPU Acceleration

bash

# Use all available GPUs
hashcat -m 0 -a 0 -O hashes.txt wordlist.txt

# Specify GPU devices
hashcat -m 0 -a 0 -d 1,2 hashes.txt wordlist.txt

# Benchmark mode
hashcat -b

Workload Tuning

bash

# Adjust workload profile (1=low, 2=default, 3=high, 4=nightmare)
hashcat -m 0 -a 0 -w 3 hashes.txt wordlist.txt

# Manual tuning
hashcat -m 0 -a 0 -n 80 -u 1024 hashes.txt wordlist.txt

💡 Pro Tips

Rule-Based Attacks

bash

# Use built-in rules
hashcat -m 0 -r /usr/share/hashcat/rules/best64.rule hashes.txt wordlist.txt

# Multiple rules
hashcat -m 0 -r rule1.rule -r rule2.rule hashes.txt wordlist.txt

# Generate custom rules
# Create rules to append years, capitalize, etc.

Session Management

bash

# Create named session
hashcat -m 0 -a 0 --session mysession hashes.txt wordlist.txt

# Restore session
hashcat --restore --session mysession

# Show session status
hashcat --show --session mysession

Mask Files

bash

# Create mask file for common patterns
echo "?u?l?l?l?l?l?d?d" > masks.txt
echo "?l?l?l?l?d?d?d?d" >> masks.txt
hashcat -m 0 -a 3 hashes.txt masks.txt

🚨 Important Notes

Legal Use Only: Only crack passwords you own or have explicit permission to test
GPU Memory: Large wordlists may require significant GPU memory
Heat Management: Extended GPU usage generates significant heat
Power Consumption: High-performance cracking consumes substantial power
Results Storage: Use --show to display previously cracked passwords

🔍 Hash Extraction

Common tools for extracting hashes:

john: For various file formats
samdump2: For Windows SAM files
ophcrack: For Windows LM/NTLM hashes
hash-identifier: For identifying hash types

Part of the HackerHub.me tool documentation series

hashcat - Advanced Password Recovery ​

🎯 Purpose ​

🚀 Basic Usage ​

Hash Identification ​

Basic Attacks ​

🔧 Attack Modes ​

Dictionary Attack (-a 0) ​

Combination Attack (-a 1) ​

Brute Force Attack (-a 3) ​

Hybrid Attacks (-a 6, -a 7) ​

🎯 Common Hash Types ​

Popular Hash Modes ​

📁 Installation ​

Debian/Ubuntu ​

From Official Repository ​

⚙️ Performance Optimization ​

GPU Acceleration ​

Workload Tuning ​

💡 Pro Tips ​

Rule-Based Attacks ​

Session Management ​

Mask Files ​

🚨 Important Notes ​

🔍 Hash Extraction ​

hashcat - Advanced Password Recovery

🎯 Purpose

🚀 Basic Usage

Hash Identification

Basic Attacks

🔧 Attack Modes

Dictionary Attack (-a 0)

Combination Attack (-a 1)

Brute Force Attack (-a 3)

Hybrid Attacks (-a 6, -a 7)

🎯 Common Hash Types

Popular Hash Modes

📁 Installation

Debian/Ubuntu

From Official Repository

⚙️ Performance Optimization

GPU Acceleration

Workload Tuning

💡 Pro Tips

Rule-Based Attacks

Session Management

Mask Files

🚨 Important Notes

🔍 Hash Extraction