Getting Started with Hashcat: The Ultimate Password Cracking Tool
Hashcat is the world's fastest and most versatile password recovery tool. It's used by cybersecurity professionals, penetration testers, and digital forensics experts to crack password hashes using brute force, dictionary, hybrid, and rule-based attacks.
If you're new to Hashcat or looking to sharpen your skills, this guide will walk you through:
- What Hashcat is
- How it works
- Practical cracking examples
- Optimization tips for advanced use
What is Hashcat?
Hashcat is an open-source tool designed to crack hashed passwords using GPUs for high-speed computation. Unlike tools like John the Ripper, Hashcat supports more than 300+ hash algorithms, including:
- MD5
- SHA1/SHA256
- bcrypt
- NTLM
- Kerberos 5 (HMAC-MD5)
- WPA/WPA2
- Office, PDF, ZIP file hashes
Hashcat is GPU-accelerated, meaning it takes advantage of your NVIDIA/AMD graphics card to dramatically speed up cracking.
Installing Hashcat
You can download Hashcat from the official site and extract it to a directory.
# Example for Linux
sudo apt install hashcat
Make sure your GPU drivers are correctly installed (e.g., NVIDIA CUDA or AMD ROCm).
Basic Usage
Hashcat syntax:
hashcat -m <hash_type> -a <attack_mode> <hash_file> <wordlist>
Example 1: Crack an MD5 Hash with a Dictionary
echo -n "password" | md5sum
# Output: 5f4dcc3b5aa765d61d8327deb882cf99
echo "5f4dcc3b5aa765d61d8327deb882cf99" > hash.txt
hashcat -m 0 -a 0 hash.txt rockyou.txt
-m 0
: MD5 hash type-a 0
: Dictionary attack moderockyou.txt
: A popular password wordlist
Example 2: NTLM Hash Cracking
hashcat -m 1000 -a 0 ntlm_hash.txt rockyou.txt
-m 1000
: NTLM hash (used in Windows authentication)
Common Hash Modes
Algorithm | Mode |
---|---|
MD5 | 0 |
SHA1 | 100 |
NTLM | 1000 |
bcrypt | 3200 |
WPA/WPA2 | 22000 |
SHA-256 | 1400 |
MS Office 2013 | 9600 |
For a full list, run:
hashcat -h | grep "Hash modes"
Attack Modes
Mode | Description |
---|---|
0 | Dictionary |
1 | Combination |
3 | Brute-force (mask) |
6 | Hybrid (wordlist + mask) |
7 | Hybrid (mask + wordlist) |
Example 3: Mask Attack (Brute Force)
Crack a 6-character password made of lowercase letters:
hashcat -m 0 -a 3 hash.txt ?l?l?l?l?l?l
?l
: Lowercase?u
: Uppercase?d
: Digit?s
: Special characters
Example 4: Rule-Based Attack
Apply mutations to a dictionary (e.g., appending numbers, capitalization):
hashcat -m 0 -a 0 -r rules/best64.rule hash.txt rockyou.txt
Pro Tips to Master Hashcat
Combine rules
, mask
, and hybrid
attacks for the most effective coverage.
1. Use Efficient Wordlists
- Try curated wordlists like
rockyou.txt
,SecLists
, or custom lists built from data breaches. - Use
CeWL
orCrunch
to generate context-specific wordlists.
2. Optimize GPU Performance
- Use
--benchmark
to test speeds. - Adjust workload:
hashcat -m 0 -a 0 hash.txt rockyou.txt --force --optimized-kernel-enable
3. Save Progress & Restore Sessions
hashcat -m 0 -a 0 hash.txt rockyou.txt --session=mycrack --restore
- Use
--restore
to resume from where you left off. - Saves time on long-running attacks.
4. Understand Output Format
Cracked hashes are stored in hashcat.potfile
.
hashcat -m 0 hash.txt --show
5. Use Hash-Identifier Tools
Not sure what hash type you're dealing with? Use:
hashid hash.txt
Legal & Ethical Reminder
Hashcat is a legitimate cybersecurity tool, but its use should always be ethical and authorized. Only use it on:
- Passwords you own
- Systems you have permission to test
- Training environments like TryHackMe, HackTheBox, or CTFs
Unauthorized cracking is illegal and punishable under computer crime laws!!!
Hashcat CLI Cheatsheet
A quick reference for using Hashcat effectively.
Basic Syntax
hashcat -m <mode> -a <attack> <hashfile> <wordlist_or_mask>
Common Hash Modes
Hash Type | Mode |
---|---|
MD5 | 0 |
SHA1 | 100 |
SHA256 | 1400 |
NTLM (Windows) | 1000 |
bcrypt | 3200 |
WPA/WPA2 | 22000 |
MS Office 2013 | 9600 |
Attack Modes
Mode | Attack Type | Description |
---|---|---|
0 | Dictionary | Simple wordlist |
1 | Combination | Wordlist + wordlist |
3 | Brute-force (mask) | Use placeholders like ?l, ?u, ?d |
6 | Hybrid wordlist + mask | Word + brute |
7 | Hybrid mask + wordlist | Brute + word |
Examples
MD5 Dictionary Attack
hashcat -m 0 -a 0 hash.txt rockyou.txt
NTLM + Brute Force 6 lowercase letters
hashcat -m 1000 -a 3 hash.txt ?l?l?l?l?l?l
SHA256 + Rule-based mutation
hashcat -m 1400 -a 0 -r rules/best64.rule hash.txt rockyou.txt
WPA2 Cracking (hcxpcapng)
hashcat -m 22000 -a 3 wifi.hc22000 ?d?d?d?d?d?d?d?d
Charset Placeholders
Char | Meaning |
---|---|
?l | Lowercase |
?u | Uppercase |
?d | Digit (0-9) |
?s | Special char |
?a | All above |
?b | All 8-bit chars |
Tips & Shortcuts
List hash modes
hashcat --help | grep Hash
Benchmark all hash types
hashcat -b
Resume from a previous session
hashcat --session=myjob --restore
Show cracked hashes
hashcat -m <mode> hash.txt --show
Set output file for cracked passwords
hashcat -o found.txt -m 0 hash.txt rockyou.txt
Performance Optimization
Optimize workload for GPU
hashcat -O -w 3 -m 0 -a 0 hash.txt rockyou.txt
-O
: Use optimized kernel-w 3
: Performance tuning level (0 = low, 4 = insane)
Helpful Tools
Tool | Purpose |
---|---|
hashid | Identify hash type |
potfile | Stores cracked hashes |
rules/ | Modify wordlists dynamically |
maskprocessor | Create custom masks |
Ethics Reminder
Only use Hashcat on systems and data you have permission to test. Unauthorized cracking is illegal and unethical.
Summary
Hashcat is an essential part of the password auditing and recovery toolkit for cybersecurity professionals. Whether you're cracking hashes for red team engagements, recovering passwords in forensics, or learning how attackers operate, Hashcat provides a powerful and flexible platform.
Crack responsibly—and securely.
***
Note on Content Creation: This article was developed with the assistance of generative AI like Gemini or ChatGPT. While all public AI strives for accuracy and comprehensive coverage, all content is reviewed and edited by human experts at IsoSecu to ensure factual correctness, relevance, and adherence to our editorial standards.