Hashcat

Hashcat is a powerful and widely-used password cracking tool designed to break various types of password hashes. It supports a broad range of algorithms, including those used in Unix, Windows, and other systems. Hashcat utilizes both CPU and GPU processing power to perform highly efficient brute-force, dictionary, and rainbow table attacks. It is known for its speed and flexibility, enabling users to crack complex passwords much faster compared to traditional tools. Hashcat is popular among security professionals for testing password strength during penetration tests and audits.

Installation:

sudo apt install hashcat

Usage & Manual :

https://hashcat.net/hashcat/

Charactersets : 
?d = Numerical Value (decimal)
?l = lowercase value
?u = uppercase value
?s = symbols
?a = all combined
?b = Hex based password

Next step is to define the attack mode & Attack codes can be found on the hashcat wiki page

Use cases & Examples :

Cracking MD5 Hashes

sudo hashcat -a 0 -m 0 hash.txt rockyou.txt

Hashcat Rules based cracking

sudo hashcat -a 0 -m 0 hash.txt rockyou.txt -r hashcat/rule/rockyou-3000.rule

Combination of two or more files

sudo hashcat -a 1 -m 0 hash.txt pass.txt pass1.txt

To show cracked hashes of files

sudo hashcat -a 0 -m 0 hash.txt pass.txt --show

Bruteforcing the hashes

sudo hashcat -a3 -m0 hash.txt
        OR (## for known passtype)
sudo hashcat -a3 -m0 hash.txt ?d?d?d?d

Example Bruteforcing on password hash : Ghoul@123(MD5)

sudo hashcat -a3 -m0 hash.txt ?u?l?l?l?l?s?d?d?d

Cracking hashes of incremental values

sudo hashcat -a3 -m0 --increment --increment-min 2 --increment-max 10 hash.txt
?d?d?d?d?d?d?d?d?d?d

PreviousJohn NextCrackMapExec

Last updated 12 months ago