Hashcat

World's fastest and most advanced password recovery utility GitHub - hashcat/hashcat

Basic usage

Find hash-type (for -m option) hashcat --example-hashes or example_hashes -> search for start of hash (e.g. $7z)

Execute hashcat

hashcat -m 5600 <hashes-file> <wordlist-file>

Wordlist attacks

Using rule to increase coverage, e.g. OneRuleToRuleThemAll.rule

hashcat -m 1000 hashes.txt rockyou.txt -r OneRuleToRuleThemAll.rule

NTLM

hashcat -m 1000 'abd3b436b51404eeaad3c435b51404ee:b84242f37e45371aff235a6ebcac4ffe' rockyou.txt

mscash

hashcat -m 2100 '$DCC2$10240#administrator#65481e9a192e14343eb382574678c93c' rockyou.txt

Brute force (mask) attacks

Built-in charsets

?l = abcdefghijklmnopqrstuvwxyz
?u = ABCDEFGHIJKLMNOPQRSTUVWXYZ
?d = 0123456789
?h = 0123456789abcdef
?H = 0123456789ABCDEF
?s = «space»!"#$%&'()*+,-./:;<=>?@[\]^_`{|}~ 
?a = ?l?u?d?s
?b = 0x00 - 0xff

Example #1

hashcat -a 3 -m 1000 hashes.txt -1 2?l?d2 "?1?1?1?1?1?1?1"

Example #2

hashcat -a 3 -m 1000 hashes.txt --increment -1 "?l?u" -2 "?s?d" "?1?l?l?l?l?l?2?2"

PreviousPasswords NextJohn the Ripper (JTR)

Last updated 2 years ago