LinuxCommandLibrary

hashcat

Crack password hashes using various methods

TLDR

Perform a brute-force attack (mode 3) with the default hashcat mask

$ hashcat --hash-type [hash_type_id] --attack-mode [3] [hash_value]
copy

Perform a brute-force attack (mode 3) with a known pattern of 4 digits
$ hashcat --hash-type [hash_type_id] --attack-mode [3] [hash_value] "[?d?d?d?d]"
copy

Perform a brute-force attack (mode 3) using at most 8 of all printable ASCII characters
$ hashcat --hash-type [hash_type_id] --attack-mode [3] --increment [hash_value] "[?a?a?a?a?a?a?a?a]"
copy

Perform a dictionary attack (mode 0) using the RockYou wordlist of a Kali Linux box
$ hashcat --hash-type [hash_type_id] --attack-mode [0] [hash_value] [/usr/share/wordlists/rockyou.txt]
copy

Perform a rule-based dictionary attack (mode 0) using the RockYou wordlist mutated with common password variations
$ hashcat --hash-type [hash_type_id] --attack-mode [0] --rules-file [/usr/share/hashcat/rules/best64.rule] [hash_value] [/usr/share/wordlists/rockyou.txt]
copy

Perform a combination attack (mode 1) using the concatenation of words from two different custom dictionaries
$ hashcat --hash-type [hash_type_id] --attack-mode [1] [hash_value] /[path/to/dictionary1.txt] /[path/to/dictionary2.txt]
copy

Show result of an already cracked hash
$ hashcat --show [hash_value]
copy

Show all example hashes
$ hashcat --example-hashes
copy

SYNOPSIS

hashcat [options] [hash_file] [wordlist/mask]

PARAMETERS

-m
    Specifies the hash type ID. Hashcat supports thousands of different hash types, each with a unique numeric ID.

-a
    Defines the attack mode to be used. Common modes include 0 (dictionary), 1 (combinator), 3 (brute-force/mask), 6 (hybrid wordlist + mask), and 7 (hybrid mask + wordlist).

-o
    Writes cracked passwords and corresponding hashes to the specified output file.

--force
    Forces the use of unsupported devices, drivers, or specific situations that Hashcat might otherwise prevent.

-D
    Specifies the device type to use for cracking. 1 for CPU, 2 for GPU, 3 for OpenCL, 4 for CUDA, etc.

--show
    Shows cracked hashes and their corresponding plaintexts from the hashcat.potfile.

--status
    Displays the cracking status regularly, showing progress, speed, and estimated time to completion.

-r
    Applies rules from a specified rule file to words from a dictionary (e.g., to add numbers, symbols, or common transformations).

-i --increment
    Enables increment mode for brute-force or mask attacks, which intelligently increases the length of the password being tried.

-1, -2, -3, -4
    Defines custom character sets for mask attacks. For example, '-1 ?l?d' defines set 1 as lowercase letters and digits.

DESCRIPTION

Hashcat is a highly advanced, GPU-accelerated password recovery utility known for its versatility and speed. It supports an extensive array of hashing algorithms, from common formats like MD5 and SHA1 to more complex ones such as NTLM, WPA/WPA2, and various database hashes. Designed for both auditing and security testing, Hashcat offers numerous attack modes including dictionary attacks, brute-force, combinator, hybrid, mask attacks, and rule-based transformations. Its ability to leverage the computational power of modern GPUs (via OpenCL and CUDA) makes it exceptionally efficient for cracking large sets of hashes. Hashcat is a crucial tool for cybersecurity professionals conducting penetration tests, incident response, or forensic analysis, enabling them to assess password strength and recover lost credentials. Its robust feature set and continuous development ensure it remains a leading solution in the field of password auditing.

CAVEATS

Hashcat's powerful capabilities make it a sensitive tool. It should only be used for legal and ethical purposes, such as penetration testing on systems you have explicit permission to test, or for recovering your own forgotten passwords. Misuse can lead to severe legal consequences.
Performance heavily depends on hardware (especially GPUs), hash type, and the complexity of the password. High-end GPUs are often required for efficient cracking of complex hashes.

ATTACK MODES

Hashcat supports various attack modes, each optimized for different scenarios. These include dictionary attack (0), which uses wordlists; combinator attack (1), combining two wordlists; brute-force attack (3) for trying all possible character combinations; mask attack (3, with masks), a more targeted brute-force; and hybrid attacks (6, 7) combining dictionary with mask components. Understanding the appropriate mode is crucial for efficient cracking.

HASH TYPE IDENTIFICATION

Before cracking, it's essential to identify the hash type. Hashcat offers a --hash-info or --identify option (or requires manual identification via online tools like Hash-ID) to help determine the correct -m value, which is critical for successful cracking. Incorrect hash type specification will result in failure.

HISTORY

Hashcat's origins trace back to independent projects: oclHashcat for OpenCL-based GPU cracking and cudaHashcat for CUDA-based GPU cracking. Developed by atom, these tools quickly gained prominence for their unparalleled speed and efficiency. In 2015, these two projects were merged into a single, unified codebase under the name hashcat, providing a consistent interface and broader hardware support. This consolidation cemented its position as the premier open-source password recovery tool, continuously evolving with new features, attack modes, and supported hash algorithms. Its development remains active, driven by the community and the ever-changing landscape of password security.

SEE ALSO

john(1), crunch(1), aircrack-ng(8)

Copied to clipboard