hashcat

Prerequisites

I have primarily used hashcat with CUDA and a NVIDIA card. CUDA can be installed via

sudo pacman -Syu cuda

It isn't necessary to install hashcat, as the binary can just be downloaded from their website.

General

Listing detected devices can be done via

./hashcat.bin -I

Where it is possible to choose between shown devices with the flag -d, e.g., -d 1,2.

Usage

Wordlist attack

Run every word in a wordlist as a password candidate against a file containing one or more hashes by

./hashcat.bin -a 0 -m mode hashlist wordlist

Wordlist + Rules attack

Run every word in a wordlist as a password candidate where rules will be applied to it

Combinator attack

Concatenating words from two wordlists. Each word in wordlist2 will be appended to each word in wordlist1.

Mask attack

Mask attacks have the ability to try every combination in a given keyspace like a classic brute-force attack, but can also be more specific to reduce the number of combinations. A mask is a string which will determine the keyspace of the password candidates using placeholders.

Every position in the password candidate must be configured by a placeholder. The placeholder determines the charset on a given position. Built-in charsets can be found below.

A mask for the password Bob123 could be ?u?l?l?d?d?d. However, the mask ?a?a?a?a?a?a would work as well, except the number of combinations would be much larger.

A mask attack is launched by

Where the above mentioned example would be

if the hashes in hashlist were MD5.

Hybrid attack

A hybrid attack is a combinator attack where one of the wordlists is replaced by a mask, such that the keyspace from the mask is either prepended og appended to each word in the provided wordlist.

Launched by

or

Reference

Full documentation can be found at https://hashcat.net/ or with ./hashcat.bin --help.