Hashcat is a popular password cracking tool that supports various hashing algorithms and attack modes. Here’s a cheat sheet for Hashcat:
Hashcat Basics
Hashcat Help:
hashcat --help
Version Information:
hashcat --version
Hashcat Modes
MD5 Hash Cracking:
hashcat -m 0 hashes.txt wordlist.txt
SHA-256 Hash Cracking:
hashcat -m 1400 hashes.txt wordlist.txt
NTLM Hash Cracking:
hashcat -m 1000 hashes.txt wordlist.txt
Attack Modes
Dictionary Attack:
hashcat -m <hash_mode> -a 0 hashes.txt wordlist.txt
Brute-Force Attack:
hashcat -m <hash_mode> -a 3 hashes.txt ?a?a?a?a?a?a
Combination Attack:
hashcat -m <hash_mode> -a 1 hashes.txt wordlist1.txt wordlist2.txt
Mask Attack
Brute-Force with Known Characters:
hashcat -m <hash_mode> -a 3 hashes.txt ?l?l?l?l?d?d?d?d
Performance Tuning
Optimized Kernel for NVIDIA GPUs:
hashcat -I
Optimized Kernel for AMD GPUs:
hashcat -I --force
Benchmarking
Benchmark All Devices:
hashcat -b -w 4
Benchmark Specific Device:
hashcat -b -w 4 -d 1
Session Management
Resume Cracking Session:
hashcat --restore
Pause Cracking Session:
hashcat --pause
Advanced Options
Show Cracked Passwords:
hashcat --show
Generate Rule-Based Wordlist:
hashcat --stdout -r rules/best64.rule wordlist.txt > rule_wordlist.txt
Incremental Mode
Incremental Mode:
hashcat -m <hash_mode> -a 6 hashes.txt
Dictionary Management
Create Wordlist with Crunch:
crunch 8 12 -o wordlist.txt
Generate Wordlist with Combinator:
combinator wordlist1.txt wordlist2.txt > combined_wordlist.txt
Remember to replace <hash_mode>
with the actual hash mode you are targeting (e.g., 0 for MD5, 1000 for NTLM). Additionally, customize the attack parameters, such as wordlists and mask patterns, based on your specific use case.
Always ensure that you have the legal right to use Hashcat and comply with ethical hacking and cybersecurity laws and guidelines.