Getting Started with Hashcat: The Ultimate Password Cracking Tool

Hashcat is the world's fastest and most versatile password recovery tool. It's used by cybersecurity professionals, penetration testers, and digital forensics experts to crack password hashes using brute force, dictionary, hybrid, and rule-based attacks.

If you're new to Hashcat or looking to sharpen your skills, this guide will walk you through:

What Hashcat is
How it works
Practical cracking examples
Optimization tips for advanced use

What is Hashcat?

Hashcat is an open-source tool designed to crack hashed passwords using GPUs for high-speed computation. Unlike tools like John the Ripper, Hashcat supports more than 300+ hash algorithms, including:

MD5
SHA1/SHA256
bcrypt
NTLM
Kerberos 5 (HMAC-MD5)
WPA/WPA2
Office, PDF, ZIP file hashes

Hashcat is GPU-accelerated, meaning it takes advantage of your NVIDIA/AMD graphics card to dramatically speed up cracking.

Installing Hashcat

You can download Hashcat from the official site and extract it to a directory.

# Example for Linux
sudo apt install hashcat

Make sure your GPU drivers are correctly installed (e.g., NVIDIA CUDA or AMD ROCm).

Basic Usage

Hashcat syntax:

hashcat -m <hash_type> -a <attack_mode> <hash_file> <wordlist>

Example 1: Crack an MD5 Hash with a Dictionary

echo -n "password" | md5sum
# Output: 5f4dcc3b5aa765d61d8327deb882cf99
 
echo "5f4dcc3b5aa765d61d8327deb882cf99" > hash.txt
hashcat -m 0 -a 0 hash.txt rockyou.txt

-m 0: MD5 hash type
-a 0: Dictionary attack mode
rockyou.txt: A popular password wordlist

Example 2: NTLM Hash Cracking

hashcat -m 1000 -a 0 ntlm_hash.txt rockyou.txt

-m 1000: NTLM hash (used in Windows authentication)

Common Hash Modes

Algorithm	Mode
MD5	0
SHA1	100
NTLM	1000
bcrypt	3200
WPA/WPA2	22000
SHA-256	1400
MS Office 2013	9600

For a full list, run:

hashcat -h | grep "Hash modes"

Attack Modes

Mode	Description
0	Dictionary
1	Combination
3	Brute-force (mask)
6	Hybrid (wordlist + mask)
7	Hybrid (mask + wordlist)

Example 3: Mask Attack (Brute Force)

Crack a 6-character password made of lowercase letters:

hashcat -m 0 -a 3 hash.txt ?l?l?l?l?l?l

?l: Lowercase
?u: Uppercase
?d: Digit
?s: Special characters

Example 4: Rule-Based Attack

Apply mutations to a dictionary (e.g., appending numbers, capitalization):

hashcat -m 0 -a 0 -r rules/best64.rule hash.txt rockyou.txt

Pro Tips to Master Hashcat

Combine rules, mask, and hybrid attacks for the most effective coverage.

1. Use Efficient Wordlists

Try curated wordlists like rockyou.txt, SecLists, or custom lists built from data breaches.
Use CeWL or Crunch to generate context-specific wordlists.

2. Optimize GPU Performance

Use --benchmark to test speeds.
Adjust workload:

hashcat -m 0 -a 0 hash.txt rockyou.txt --force --optimized-kernel-enable

3. Save Progress & Restore Sessions

hashcat -m 0 -a 0 hash.txt rockyou.txt --session=mycrack --restore

Use --restore to resume from where you left off.
Saves time on long-running attacks.

4. Understand Output Format

Cracked hashes are stored in hashcat.potfile.

hashcat -m 0 hash.txt --show

5. Use Hash-Identifier Tools

Not sure what hash type you're dealing with? Use:

hashid hash.txt

Legal & Ethical Reminder

Hashcat is a legitimate cybersecurity tool, but its use should always be ethical and authorized. Only use it on:

Passwords you own
Systems you have permission to test
Training environments like TryHackMe, HackTheBox, or CTFs

Unauthorized cracking is illegal and punishable under computer crime laws!!!

Hashcat CLI Cheatsheet

A quick reference for using Hashcat effectively.

Basic Syntax

hashcat -m <mode> -a <attack> <hashfile> <wordlist_or_mask>

Common Hash Modes

Hash Type	Mode
MD5	0
SHA1	100
SHA256	1400
NTLM (Windows)	1000
bcrypt	3200
WPA/WPA2	22000
MS Office 2013	9600

Attack Modes

Mode	Attack Type	Description
0	Dictionary	Simple wordlist
1	Combination	Wordlist + wordlist
3	Brute-force (mask)	Use placeholders like ?l, ?u, ?d
6	Hybrid wordlist + mask	Word + brute
7	Hybrid mask + wordlist	Brute + word

Examples

MD5 Dictionary Attack

hashcat -m 0 -a 0 hash.txt rockyou.txt

NTLM + Brute Force 6 lowercase letters

hashcat -m 1000 -a 3 hash.txt ?l?l?l?l?l?l

SHA256 + Rule-based mutation

hashcat -m 1400 -a 0 -r rules/best64.rule hash.txt rockyou.txt

WPA2 Cracking (hcxpcapng)

hashcat -m 22000 -a 3 wifi.hc22000 ?d?d?d?d?d?d?d?d

Charset Placeholders

Char	Meaning
?l	Lowercase
?u	Uppercase
?d	Digit (0-9)
?s	Special char
?a	All above
?b	All 8-bit chars

Tips & Shortcuts

List hash modes

hashcat --help | grep Hash

Benchmark all hash types

hashcat -b

Resume from a previous session

hashcat --session=myjob --restore

Show cracked hashes

hashcat -m <mode> hash.txt --show

Set output file for cracked passwords

hashcat -o found.txt -m 0 hash.txt rockyou.txt

Performance Optimization

Optimize workload for GPU

hashcat -O -w 3 -m 0 -a 0 hash.txt rockyou.txt

-O: Use optimized kernel
-w 3: Performance tuning level (0 = low, 4 = insane)

Helpful Tools

Tool	Purpose
`hashid`	Identify hash type
`potfile`	Stores cracked hashes
`rules/`	Modify wordlists dynamically
`maskprocessor`	Create custom masks

Ethics Reminder

Only use Hashcat on systems and data you have permission to test. Unauthorized cracking is illegal and unethical.

Summary

Hashcat is an essential part of the password auditing and recovery toolkit for cybersecurity professionals. Whether you're cracking hashes for red team engagements, recovering passwords in forensics, or learning how attackers operate, Hashcat provides a powerful and flexible platform.

Crack responsibly—and securely.

***
Note on Content Creation: This article was developed with the assistance of generative AI like Gemini or ChatGPT. While all public AI strives for accuracy and comprehensive coverage, all content is reviewed and edited by human experts at IsoSecu to ensure factual correctness, relevance, and adherence to our editorial standards.