Hashcat

Hashcat is the world's fastest password recovery tool, using GPU acceleration to crack password hashes. It supports hundreds of hash types and multiple attack modes.

Attack Modes

-a 0  Dictionary attack
-a 1  Combination attack
-a 3  Brute-force/mask attack
-a 6  Hybrid wordlist + mask
-a 7  Hybrid mask + wordlist

Basic Usage

# Dictionary attack on MD5
hashcat -m 0 hashes.txt wordlist.txt

# Brute force with mask
hashcat -m 0 hashes.txt -a 3 ?a?a?a?a?a?a

# bcrypt with wordlist and rules
hashcat -m 3200 hashes.txt wordlist.txt -r rules/best64.rule

# Show cracked passwords
hashcat -m 0 hashes.txt --show

Common Hash Modes

-m 0      MD5
-m 100    SHA1
-m 1000   NTLM (Windows)
-m 1800   sha512crypt (Linux)
-m 3200   bcrypt
-m 13100  Kerberos TGS-REP
-m 18200  Kerberos AS-REP

Mask Characters

?l  lowercase (a-z)
?u  uppercase (A-Z)
?d  digits (0-9)
?s  special characters
?a  all printable ASCII

Example: ?u?l?l?l?d?d?d?d (Password1234)

Rules

Rules transform wordlist entries to generate variations:

:     No operation
l     Lowercase all
u     Uppercase all
c     Capitalize first
$1    Append "1"
^!    Prepend "!"

See Also

• John the Ripper
• Rainbow Table
• bcrypt