← Back

Getting Started with Hashcat: The Ultimate Password Cracking Tool

Hashcat is the world's fastest and most versatile password recovery tool. It's used by cybersecurity professionals, penetration testers, and digital forensics experts to crack password hashes using brute force, dictionary, hybrid, and rule-based attacks.

If you're new to Hashcat or looking to sharpen your skills, this guide will walk you through:

  • What Hashcat is
  • How it works
  • Practical cracking examples
  • Optimization tips for advanced use

What is Hashcat?

Hashcat is an open-source tool designed to crack hashed passwords using GPUs for high-speed computation. Unlike tools like John the Ripper, Hashcat supports more than 300+ hash algorithms, including:

  • MD5
  • SHA1/SHA256
  • bcrypt
  • NTLM
  • Kerberos 5 (HMAC-MD5)
  • WPA/WPA2
  • Office, PDF, ZIP file hashes

Hashcat is GPU-accelerated, meaning it takes advantage of your NVIDIA/AMD graphics card to dramatically speed up cracking.


Installing Hashcat

You can download Hashcat from the official site and extract it to a directory.

# Example for Linux
sudo apt install hashcat

Make sure your GPU drivers are correctly installed (e.g., NVIDIA CUDA or AMD ROCm).


Basic Usage

Hashcat syntax:

hashcat -m <hash_type> -a <attack_mode> <hash_file> <wordlist>

Example 1: Crack an MD5 Hash with a Dictionary

echo -n "password" | md5sum
# Output: 5f4dcc3b5aa765d61d8327deb882cf99
 
echo "5f4dcc3b5aa765d61d8327deb882cf99" > hash.txt
hashcat -m 0 -a 0 hash.txt rockyou.txt
  • -m 0: MD5 hash type
  • -a 0: Dictionary attack mode
  • rockyou.txt: A popular password wordlist

Example 2: NTLM Hash Cracking

hashcat -m 1000 -a 0 ntlm_hash.txt rockyou.txt
  • -m 1000: NTLM hash (used in Windows authentication)

Common Hash Modes

AlgorithmMode
MD50
SHA1100
NTLM1000
bcrypt3200
WPA/WPA222000
SHA-2561400
MS Office 20139600

For a full list, run:

hashcat -h | grep "Hash modes"

Attack Modes

ModeDescription
0Dictionary
1Combination
3Brute-force (mask)
6Hybrid (wordlist + mask)
7Hybrid (mask + wordlist)

Example 3: Mask Attack (Brute Force)

Crack a 6-character password made of lowercase letters:

hashcat -m 0 -a 3 hash.txt ?l?l?l?l?l?l
  • ?l: Lowercase
  • ?u: Uppercase
  • ?d: Digit
  • ?s: Special characters

Example 4: Rule-Based Attack

Apply mutations to a dictionary (e.g., appending numbers, capitalization):

hashcat -m 0 -a 0 -r rules/best64.rule hash.txt rockyou.txt

Pro Tips to Master Hashcat

Combine rules, mask, and hybrid attacks for the most effective coverage.

1. Use Efficient Wordlists

  • Try curated wordlists like rockyou.txt, SecLists, or custom lists built from data breaches.
  • Use CeWL or Crunch to generate context-specific wordlists.

2. Optimize GPU Performance

  • Use --benchmark to test speeds.
  • Adjust workload:
hashcat -m 0 -a 0 hash.txt rockyou.txt --force --optimized-kernel-enable

3. Save Progress & Restore Sessions

hashcat -m 0 -a 0 hash.txt rockyou.txt --session=mycrack --restore
  • Use --restore to resume from where you left off.
  • Saves time on long-running attacks.

4. Understand Output Format

Cracked hashes are stored in hashcat.potfile.

hashcat -m 0 hash.txt --show

5. Use Hash-Identifier Tools

Not sure what hash type you're dealing with? Use:

hashid hash.txt

Legal & Ethical Reminder

Hashcat is a legitimate cybersecurity tool, but its use should always be ethical and authorized. Only use it on:

  • Passwords you own
  • Systems you have permission to test
  • Training environments like TryHackMe, HackTheBox, or CTFs

Unauthorized cracking is illegal and punishable under computer crime laws!!!


Hashcat CLI Cheatsheet

A quick reference for using Hashcat effectively.

Basic Syntax

hashcat -m <mode> -a <attack> <hashfile> <wordlist_or_mask>

Common Hash Modes

Hash TypeMode
MD50
SHA1100
SHA2561400
NTLM (Windows)1000
bcrypt3200
WPA/WPA222000
MS Office 20139600

Attack Modes

ModeAttack TypeDescription
0DictionarySimple wordlist
1CombinationWordlist + wordlist
3Brute-force (mask)Use placeholders like ?l, ?u, ?d
6Hybrid wordlist + maskWord + brute
7Hybrid mask + wordlistBrute + word

Examples

MD5 Dictionary Attack

hashcat -m 0 -a 0 hash.txt rockyou.txt

NTLM + Brute Force 6 lowercase letters

hashcat -m 1000 -a 3 hash.txt ?l?l?l?l?l?l

SHA256 + Rule-based mutation

hashcat -m 1400 -a 0 -r rules/best64.rule hash.txt rockyou.txt

WPA2 Cracking (hcxpcapng)

hashcat -m 22000 -a 3 wifi.hc22000 ?d?d?d?d?d?d?d?d

Charset Placeholders

CharMeaning
?lLowercase
?uUppercase
?dDigit (0-9)
?sSpecial char
?aAll above
?bAll 8-bit chars

Tips & Shortcuts

List hash modes

hashcat --help | grep Hash

Benchmark all hash types

hashcat -b

Resume from a previous session

hashcat --session=myjob --restore

Show cracked hashes

hashcat -m <mode> hash.txt --show

Set output file for cracked passwords

hashcat -o found.txt -m 0 hash.txt rockyou.txt

Performance Optimization

Optimize workload for GPU

hashcat -O -w 3 -m 0 -a 0 hash.txt rockyou.txt
  • -O: Use optimized kernel
  • -w 3: Performance tuning level (0 = low, 4 = insane)

Helpful Tools

ToolPurpose
hashidIdentify hash type
potfileStores cracked hashes
rules/Modify wordlists dynamically
maskprocessorCreate custom masks

Ethics Reminder

Only use Hashcat on systems and data you have permission to test. Unauthorized cracking is illegal and unethical.


Summary

Hashcat is an essential part of the password auditing and recovery toolkit for cybersecurity professionals. Whether you're cracking hashes for red team engagements, recovering passwords in forensics, or learning how attackers operate, Hashcat provides a powerful and flexible platform.

Crack responsibly—and securely.


***
Note on Content Creation: This article was developed with the assistance of generative AI like Gemini or ChatGPT. While all public AI strives for accuracy and comprehensive coverage, all content is reviewed and edited by human experts at IsoSecu to ensure factual correctness, relevance, and adherence to our editorial standards.