Detailed Hashcat Cheat Sheet + Password Recovery Simulator
Hacking passwords isn’t just a black hat affair for criminals and neer-do-wells. Ethical hacking is an essential tool for IT professionals who want to expand their skills. This is where Hashcat comes in. Hashcat allows you to test out your (white hat and fully ethical) password-hacking skills. You’ll eventually learn the ins and outs of what Hashcat has to offer, but our Hashcat cheat sheet should help you ramp up your skillset faster.
Also: Test or create strong passwords with our password generator
In this post, you’ll find everything you need to know about getting started with HashCat:
- A quick definition of what Hashcat and why you need it
- Key features you’ll find in Hashcat
- Common Hashcat syntax
- Supported hash types
- Advanced configurations for Hashcat power users
- A free password-cracking simulator
We want to emphasize extra hard here that Hashcat should only be used for ethical hacking purposes only. If you have posters of the 1995 movie Hackers or the 1993 movie WarGames hanging up unironically on your wall, this is not the post for you.
Download the Complete HashCat Cheat Sheet
What Is Hashcat?
Hashcat is a simple yet effective password recovery tool designed to help ethical hackers use brute force to perform several activities related to account passwords, including password recovery and pen testing. The tool supports several commonly used hashing algorithms and can leverage CPUs, GPUs, and other hardware accelerators to improve its performance.
For ethical hacking, pen testing, and other white hat professionals, the most common use cases include:
- Password recovery: Retrieving lost or forgotten passwords for yourself or your team
- Security testing: Validating the strength of your organization’s passwords
- Auditing: Identifying weak passwords in your network environment
Hashcat is a command-line tool. That being the case, if you want to use it effectively, you’ll need to familiarize yourself with all of its requisite syntax and parameters. This cheat sheet will guide you through everything from basic commands to advanced attack configurations.
Key Hashcat Features
Before you get into the nitty-gritty of what Hashcat does, take note of some of the higher-level features:
- High speed: Hashcat is optimized for efficiently working its way through massive password libraries, making it faster than many other alternatives
- Multi-platform support: Since it’s a command-line tool, it’s functional on Linux, MacOS, and Windows operating systems
- Wide algorithm support: The tool covers over 200 hashing algorithms, including MD5, SHA-1, and bcrypt
- Advanced attack modes: Supports 11 attack types, including brute-force, dictionary, rules-based, and mask attacks. Some attacks have specific CPU requirements
- Hardware acceleration: Utilizes CPUs, GPUs, and other devices for performance gains
Download Hashcat
Here are three ways to download Hashcat:
Option A: Direct file downloads from hashcat.net:
You’ll also need this: Signing key on PGP keyservers: RSA, 2048-bit. Key ID: 2048R/8A16544F. Fingerprint: A708 3322 9D04 0B41 99CC 0052 3C17 DA8B 8A16 544F
Option B: GitHub Repository. Option B is ideal if you want the most up-to-date development version from the Hashcat team.
Comprehensive List of Hashcat Commands
Basic Command Syntax
hashcat [options] -m-a [dictionary or mask]
Options and Parameters
| Option | Description |
|---|---|
| -m | Specify the hash type. (e.g., MD5, SHA-256) |
| -a | Select the attack mode. |
| -o | Specify an output file for cracked hashes. |
| –username | Filter hash file entries by username (useful when hashes contain user information). |
| –remove | Remove cracked hashes from the hash file. |
| –increment | Enable incremental brute-force attacks, expanding the mask length gradually. |
| –restore | Resume a previously paused session. |
| –session | Specify a session name for pausing/resuming attacks. |
| –show | Show cracked passwords in the hash file. |
| –potfile-disable | Disable use of the potfile. |
| –status | Enable detailed status updates during an attack. |
| –force | Force Hashcat to ignore warnings and run anyway. |
Hash Types
| Mode | Hash Type | Description |
|---|---|---|
| 0 | MD5 | Fast hashing algorithm. |
| 100 | SHA1 | Secure Hash Algorithm 1. |
| 1400 | SHA256 | Secure Hash Algorithm 256-bit. |
| 1800 | SHA512 | Secure Hash Algorithm 512-bit. |
| 3200 | bcrypt | Slow, cryptographically secure. |
| 2500 | WPA/WPA2 | PMKID. |
| 1000 | NTLM | Microsoft Windows hash. |
| 5000 | MD5(Unix) | Unix MD5 crypt. |
| 13100 | Kerberos 5 TGS-REP | Kerberos ticket-granting service. |
Run the following command for a full list of supported hash types:
hashcat --help
Attack Modes
| Mode | Name | Description |
|---|---|---|
| 0 | Dictionary | Use a wordlist to find the hash. |
| 1 | Combination | Combine two wordlists. |
| 3 | Mask | Brute-force attack with custom patterns (e.g., ?d for digits). |
| 6 | Hybrid Wordlist + Mask | Add custom rules to a wordlist attack. |
| 7 | Hybrid Mask + Wordlist | Combine mask attacks with wordlists. |
Examples
# Dictionary Attack hashcat -m 0 -a 0 hashes.txt rockyou.txt # Brute Force Mask Attack hashcat -m 0 -a 3 hashes.txt ?d?d?d?d # Save Cracked Hashes hashcat -m 0 -a 0 hashes.txt rockyou.txt -o cracked.txt # Incremental Brute Force hashcat -m 0 -a 3 hashes.txt ?l?l?l?l?d?d --increment # Filter by Username hashcat -m 0 -a 0 --username hashes.txt rockyou.txt # Restore Session hashcat --restore --session=mySession # Use Rules hashcat -m 0 -a 0 -r rules/best64.rule hashes.txt rockyou.txt # Limit GPU Temperature hashcat -m 0 -a 0 --gpu-temp-abort=80 hashes.txt rockyou.txt # Benchmark hashcat -b # Distributed Cracking split -n 2 hashes.txt hashcat -m 0 -a 0 hashes.txt.part1 rockyou.txt hashcat -m 0 -a 0 hashes.txt.part2 rockyou.txt
Advanced Usage
- Incremental Brute Force
hashcat -m 0 -a 3 hashes.txt ?l?l?l?l?d?d --incrementGradually increases the length of the mask during brute force.
- Filter by Username
hashcat -m 0 -a 0 --username hashes.txt rockyou.txt - Restore Session
hashcat --restore --session=mySessionRestores a paused session named
mySession. - Use Rules
hashcat -m 0 -a 0 -r rules/best64.rule hashes.txt rockyou.txtApplies the
best64.ruletransformation to the wordlist. - Limit GPU Temperature
hashcat -m 0 -a 0 --gpu-temp-abort=80 hashes.txt rockyou.txtStops the process if the GPU temperature exceeds 80°C.
- Benchmark
hashcat -bRuns a benchmark on supported algorithms.
- Distributed Cracking
split -n 2 hashes.txt hashcat -m 0 -a 0 hashes.txt.part1 rockyou.txt hashcat -m 0 -a 0 hashes.txt.part2 rockyou.txtSplits the hash file and processes it across multiple systems.
Mask Examples
| Mask | Description |
|---|---|
| ?d | Digit (0-9) |
| ?l | Lowercase letter (a-z) |
| ?u | Uppercase letter (A-Z) |
| ?s | Special character (e.g., @, $, !) |
| ?a | All (digits, letters, special characters) |
| ?1?1 | Custom charset defined via –custom-charset1 |
Custom Charset
hashcat -m 0 -a 3 --custom-charset1=?d?l?u hashes.txt ?1?1?1?1
Defines a charset combining digits, lowercase, and uppercase letters.
Session Management
- Start a Session
hashcat --session=mySession -m 0 -a 0 hashes.txt rockyou.txt - Pause and Restore
Performance Optimization
- Workload Profiles
hashcat --workload-profile=3 -m 0 -a 0 hashes.txt rockyou.txtAdjust workload levels (1 = low, 4 = high).
- Use All GPUs
hashcat --opencl-device-types=1,2 -m 0 -a 0 hashes.txt rockyou.txt
Tips to Get the Most Out of Hashcat
Hashcat is simple to use once you set it up, but here are a few extra tips to get the most out of it:
- Always start with a dictionary attack (faster than brute force)
- Use rules to transform wordlists (e.g., appending numbers or altering case)
- Monitor GPU temperature to prevent overheating
- Use distributed cracking for large hash files
Hashcat is a useful (and, dare I say, fun) tool. Mastering its commands and options can improve your experience with the tool and make it far more useful for ethical hacking, pen testing, and more.
How to Get Started with Hashcat
Instead of recreating the wheel here, we’ll point you to this excellent video from W. J. Pearce:
Password Cracking Simulator
If you’re new to password cracking, this free simulator will help you get a basic idea of how hashed password cracking works.
See how hashed password cracking works using this free simulator.
Source link
