Hashcat

Usage

hashcat64.exe -a <ATTACK> -m <HASH FORMAT> -O --potfile-path <POT PATH> <HASH PATH> <WORDLIST PATH> -r <RULE PATH>

Additional Options:

Option Description
--username The hash file also contains username using format <USER>:<HASH>
-O Drasticly increases performance but can only crack passwords with less than 32 chars

Attack Types

Attack Option Description
Wordlist -a 0 use with derivation rules to increase efficiency
Combination -a 1 concatenate words from multiple wordlists
Mask (brute-force) -a 3 try all combination matching the mask

Hash Formats

Hash Number Format Example
SHA1 100 <SHA1> b89eaac7e61417341b710b727768294d0e6a277b
NTLM 1000 <NT> (NTLM = <LM>:<NT>) b4b9b02e6f09a9bd760f388b67351e2b
MSCACHEv1 1100 <HASH>:<USERNAME> a093d194cfd1ee709bb4faf7309bdb58:bobby
MSCACHEv2 2100 $DCC2$10240#<USERNAME>#<HASH> $DCC2$10240#tom#e4e938d12fe5974dc42a90120bd9c90f
WPA/WPA2 2500 <binary file>.hccapx (generated with hcxtools) N/A
NetNTLMv1, MSCHAPv2 5500 <USERNAME>::::<RESPONSE>:<CHALLENGE> jdoe::::e053ca2d9ef6bdae24a99f486c7d1c03feaafe674976294a:9486addefe0dabc0
Unix SHA256 ($5) 7400 $5$<SALT>$<HASH> $5$GX7BopJZJxPc/KEK$le16UF8I2Anb.rOrn22AUPWvzUETDGefUmAV8AZkGcD
WPA-PMKID-PBKDF2 16800 <HASH> (captured with hcxtools) 2582a8281bf9d4308d6f5731d0e61c61*4604ba734d4e*89acf0e761f4*ed487162465a774bfba60eb603a39f3a

See https://hashcat.net/wiki/doku.php?id=example_hashes for complete list.

Masks

Wildcard Charset
?l Lowercase: [a-z]
?u Uppercase: [A-Z]
?d Digits: [0-9]
?s Specials: <space>!"#$%&'()*+,-./:;<=>@[]+ ...
?a All the aboves
?b Binaries: [0x00-0xff]
Increment

Add --increment to also match shorter password with the mask.

Example: ?d?d?d?d is equivalent to ?d, ?d?d, ?d?d?d and ?d?d?d?d

Groups

Create group of wildcards by using numerical placeholders.

Example: -1 ?l?u -2 ?d?s ?1?1?1?1?d?d?d?d?2

Methodology