hashcat

Fast and advanced password recovery tool.

Prerequisites

I have primarily used hashcat with CUDA and a NVIDIA card. CUDA can be installed via

sudo pacman -Syu cuda

It isn't necessary to install hashcat, as the binary can just be downloaded from their website.

General

Listing detected devices can be done via

./hashcat.bin -I

Where it is possible to choose between shown devices with the flag -d, e.g., -d 1,2.

Usage

Wordlist attack

Run every word in a wordlist as a password candidate against a file containing one or more hashes by

./hashcat.bin -a 0 -m mode hashlist wordlist

Wordlist + Rules attack

Run every word in a wordlist as a password candidate where rules will be applied to it

./hashcat.bin -a 0 -m mode hashlist wordlist -r rules/example.rule

Combinator attack

Concatenating words from two wordlists. Each word in wordlist2 will be appended to each word in wordlist1.

./hashcat.bin -a 1 -m mode hashlist wordlist1 wordlist2

Mask attack

Mask attacks have the ability to try every combination in a given keyspace like a classic brute-force attack, but can also be more specific to reduce the number of combinations. A mask is a string which will determine the keyspace of the password candidates using placeholders.

Every position in the password candidate must be configured by a placeholder. The placeholder determines the charset on a given position. Built-in charsets can be found below.

?l = abcdefghijklmnopqrstuvwxyz
?u = ABCDEFGHIJKLMNOPQRSTUVWXYZ
?d = 0123456789
?h = 0123456789abcdef
?H = 0123456789ABCDEF
?s = «space»!"#$%&'()*+,-./:;<=>?@[\]^_`{|}~
?a = ?l?u?d?s
?b = 0x00 - 0xff

A mask for the password Bob123 could be ?u?l?l?d?d?d. However, the mask ?a?a?a?a?a?a would work as well, except the number of combinations would be much larger.

A mask attack is launched by

./hashcat.bin -a 3 -m mode hashlist mask

Where the above mentioned example would be

./hashcat.bin -a 3 -m 0 hashlist ?u?l?l?d?d?d

if the hashes in hashlist were MD5.

Hybrid attack

A hybrid attack is a combinator attack where one of the wordlists is replaced by a mask, such that the keyspace from the mask is either prepended og appended to each word in the provided wordlist.

Launched by

./hashcat.bin -a 6 -m mode wordlist mask

or 

./hashcat.bin -a 7 -m mode mask wordlist

Reference

Full documentation can be found at https://hashcat.net/ or with ./hashcat.bin --help.

PreviousgrepNextDriver Timeout Patch

Last updated