Hashcat Cheat Sheet: Mastering Password Cracking

Hashcat is a powerful open-source tool used for cracking passwords and decrypting hash values. Whether you’re a security professional or an ethical hacker, understanding Hashcat’s basics and common attack methods is essential. This Hashcat cheat sheet provides you with a comprehensive guide to get started and optimize your password cracking process.

Basic Usage

To use Hashcat, the fundamental command structure is as follows:

hashcat [options] hash_list.txt wordlist.txt

Here are some examples of how to use Hashcat effectively:

• Brute force attack:

  hashcat -m 0 -a 0 hashes.txt wordlist.txt

• Cracking SHA-3 hashes:

  hashcat -m 1000 -a 0 hashes.txt wordlist.txt

• Mask attack with custom character combinations:

  hashcat -m 500 -a 3 hashes.txt ?d?d?d?d?d

Attack Types

Hashcat supports various hash types and attack methods, each identified by a unique code. Here are a few examples:

• MD5 hash cracking:

  -m 0

• SHA-3 (Keccak) hash cracking:

  -m 1000

• DES hash cracking:

  -m 500

Options

Hashcat offers several options to customize and optimize your password cracking process:

• -h, --help: Displays the help message.
• -d, --force: Forces the use of hardware acceleration.
• -w, --workload-profile: Sets the workload profile (default: 3).
• -r, --rules-file: Customizes the attack using rules.
• -o, --output-file: Saves results to a file.
• -p, --separator: Defines the separator between the hash and password (default: :).
• --status-timer: Adjusts the status update frequency (default: 10).
• --remove: Removes successfully cracked hashes.
• --potfile-path: Sets the path for the potfile.

Examples

Here are some practical examples to demonstrate Hashcat’s capabilities:
Not: Don’t forget to take a look at the cheat sheet we wrote about wifi hacking. 😉

• Mask attack using lowercase letter combinations:

  hashcat -m 0 -a 3 hashes.txt ?l?l?l?l?l

• Dictionary attack with rule-based modifications:

  hashcat -m 500 -a 1 hashes.txt wordlist.txt --rules=dive.rule

• Saving results to a file:

  hashcat -m 1000 -a 0 hashes.txt wordlist.txt -o cracked.txt

• You can crack the NTLM hash using the following command.

hashcat -m 1000 -a 0 hash.txt wordlist.txt

This comprehensive Hashcat cheat sheet covers the basics and essential options for using Hashcat effectively. However, for more complex scenarios and advanced options, it’s recommended to refer to Hashcat’s official documentation.