LinuxCommandLibrary

hashcat

Crack password hashes using various methods

TLDR

Perform a brute-force attack (mode 3) with the default hashcat mask

$ hashcat --hash-type [hash_type_id] --attack-mode [3] [hash_value]
copy

Perform a brute-force attack (mode 3) with a known pattern of 4 digits
$ hashcat --hash-type [hash_type_id] --attack-mode [3] [hash_value] "[?d?d?d?d]"
copy

Perform a brute-force attack (mode 3) using at most 8 of all printable ASCII characters
$ hashcat --hash-type [hash_type_id] --attack-mode [3] --increment [hash_value] "[?a?a?a?a?a?a?a?a]"
copy

Perform a dictionary attack (mode 0) using the RockYou wordlist of a Kali Linux box
$ hashcat --hash-type [hash_type_id] --attack-mode [0] [hash_value] [/usr/share/wordlists/rockyou.txt]
copy

Perform a rule-based dictionary attack (mode 0) using the RockYou wordlist mutated with common password variations
$ hashcat --hash-type [hash_type_id] --attack-mode [0] --rules-file [/usr/share/hashcat/rules/best64.rule] [hash_value] [/usr/share/wordlists/rockyou.txt]
copy

Perform a combination attack (mode 1) using the concatenation of words from two different custom dictionaries
$ hashcat --hash-type [hash_type_id] --attack-mode [1] [hash_value] /[path/to/dictionary1.txt] /[path/to/dictionary2.txt]
copy

Show result of an already cracked hash
$ hashcat --show [hash_value]
copy

Show all example hashes
$ hashcat --example-hashes
copy

SYNOPSIS

hashcat [OPTIONS] [HASHES] [MASK|WORDLIST|RULES_FILE|COMBO_FILE]

PARAMETERS

-h, --help
    Print help information

--version
    Print version information

-m, --hash-type=NUM
    Hash-type ID (see hashcat --help for 350+ types like 0=MD5, 1000=NTLM)

-a, --attack-mode=NUM
    Attack mode: 0=Straight, 1=Combination, 3=Brute-force, 6=Hybrid dict+mask, 7=Hybrid mask+dict, 9=Association

-o, --outfile=FILE
    Output cracked hashes to FILE

--stdout
    Generate candidates to stdout (no cracking)

-w, --workload-profile=NUM
    Workload profile: 1=Low, 2=Default, 3=High, 4=Very high

-O
    Enable optimized kernels (faster but less recovery options)

--force
    Ignore warnings and continue

-d, --opencl-device-types=NUM
    OpenCL device types: 1=CPU, 2=GPU, 4=FPGA (default: 2)

-D, --opencl-device-types-except=NUM
    Exclude OpenCL device types

-I, --opencl-info
    Show OpenCL runtime info

-i, --increment-min=NUM
    Skip mask increments below length (brute-force)

--increment-max=NUM
    Skip mask increments above length

-j, --left
    Add wordlist to left side for hybrid attacks

-k, --right
    Add wordlist to right side for hybrid attacks

-r, --rules-file=FILE
    Load rules from FILE for mutations

--keyspace
    Calculate potential passwords count

-b, --benchmark
    Run benchmark on selected hashes/devices

--potfile-disable
    Disable potfile usage (default stores ~/.hashcat/hashcat.potfile)

--session=NAME
    Session name for restore (default: hashcat)

--restore
    Restore session from files

DESCRIPTION

Hashcat is the world's fastest CPU- and GPU-based password recovery tool, supporting over 350 hash algorithms including MD5, SHA1, bcrypt, and NTLM. It excels in dictionary, brute-force, mask, combination, and hybrid attacks, leveraging OpenCL and CUDA for massive parallelization on modern GPUs. Designed for security professionals, penetration testers, and forensics experts, it enables rapid assessment of password strength and recovery from compromised hashes.

Key strengths include rule-based mutations for dictionary enhancement, custom charsets in masks, keyspace estimation, and benchmark modes to measure hardware performance. Sessions can be paused/resumed, with progress tracking and potfiles for duplicate avoidance. Distributed cracking via hashcat-utils extends capabilities across networks.

Usage requires hash files in specific formats; tools like hashcat-utils convert them. Optimized kernels balance speed and recovery rates. Always deploy ethically, legally, and with proper hardware cooling to prevent thermal throttling.

CAVEATS

Highly resource-intensive; requires powerful GPUs for speed. Generates significant heat/noise. Not for weak hardware. Legal use only (pentesting/recovery). Some hashes need conversion via hashcat-utils. Optimized mode (--O) may miss edge cases.

EXAMPLE USAGE

hashcat -m 0 -a 0 example.hashes wordlist.txt
Cracks MD5 hashes with straight dictionary attack.

hashcat -m 1000 -a 3 example.ntlm ?a?a?a?a?a?a
Brute-forces 6-char NTLM with full charset.

HASH TYPES

Use hashcat --help | grep 'Mode:' for full list. Examples: 0=MD5, 100=SHA1, 2500=WPA2, 3200=bcrypt.

PERFORMANCE TIPS

Run hashcat -b -D 2 for GPU benchmarks. Use -w 3 for high workload. Multiple GPUs auto-detected.

HISTORY

Originated as ocrpdf and phrasendrescher CPU crackers (2007) by Ivan Golubev. Jens 'atom' Steube ported to GPU (2009), renaming to hashcat. Open-sourced under MIT license. Milestones: v1.0 (2012) multi-GPU, v3.0 (2015) CUDA/OpenCL unification, v6.0 (2021) association attack. Community-driven on GitHub.

SEE ALSO

john(1), hydra(1), hashcat-utils(1)

Copied to clipboard