WebsiteGhoulsec-Vault

Hashcat

Hashcat is a powerful and widely-used password cracking tool designed to break various types of password hashes. It supports a broad range of algorithms, including those used in Unix, Windows, and other systems. Hashcat utilizes both CPU and GPU processing power to perform highly efficient brute-force, dictionary, and rainbow table attacks. It is known for its speed and flexibility, enabling users to crack complex passwords much faster compared to traditional tools. Hashcat is popular among security professionals for testing password strength during penetration tests and audits.

Installation: 

sudo apt install hashcat

Usage & Manual : 

https://hashcat.net/hashcat/
Basic Syntax of hashcat
Modes of Attack 
Charactersets : 
?d = Numerical Value (decimal)
?l = lowercase value
?u = uppercase value
?s = symbols
?a = all combined
?b = Hex based password

  • Next step is to define the attack mode & Attack codes can be found on the hashcat wiki page

Use cases & Examples :

  1. Cracking MD5 Hashes

sudo hashcat -a 0 -m 0 hash.txt rockyou.txt

  1. Hashcat Rules based cracking

sudo hashcat -a 0 -m 0 hash.txt rockyou.txt -r hashcat/rule/rockyou-3000.rule

  1. Combination of two or more files

sudo hashcat -a 1 -m 0 hash.txt pass.txt pass1.txt

  1. To show cracked hashes of files 

sudo hashcat -a 0 -m 0 hash.txt pass.txt --show

  1. Bruteforcing the hashes

sudo hashcat -a3 -m0 hash.txt
        OR (## for known passtype)
sudo hashcat -a3 -m0 hash.txt ?d?d?d?d

  1. Example Bruteforcing on password hash : Ghoul@123(MD5)

sudo hashcat -a3 -m0 hash.txt ?u?l?l?l?l?s?d?d?d

  1. Cracking hashes of incremental values

sudo hashcat -a3 -m0 --increment --increment-min 2 --increment-max 10 hash.txt
?d?d?d?d?d?d?d?d?d?d
PreviousJohnNextCrackMapExec

Last updated