Detailed Hashcat Cheat Sheet + Password Recovery Simulator

Hacking passwords isn’t just a black hat affair for criminals and neer-do-wells. Ethical hacking is an essential tool for IT professionals who want to expand their skills. This is where Hashcat comes in. Hashcat allows you to test out your (white hat and fully ethical) password-hacking skills. You’ll eventually learn the ins and outs of what Hashcat has to offer, but our Hashcat cheat sheet should help you ramp up your skillset faster.

Also: Test or create strong passwords with our password generator

In this post, you’ll find everything you need to know about getting started with HashCat:

  • A quick definition of what Hashcat and why you need it
  • Key features you’ll find in Hashcat
  • Common Hashcat syntax
  • Supported hash types
  • Advanced configurations for Hashcat power users
  • A free password-cracking simulator

We want to emphasize extra hard here that Hashcat should only be used for ethical hacking purposes only. If you have posters of the 1995 movie Hackers or the 1993 movie WarGames hanging up unironically on your wall, this is not the post for you.

Download the Complete HashCat Cheat Sheet

What Is Hashcat?

Hashcat is a simple yet effective password recovery tool designed to help ethical hackers use brute force to perform several activities related to account passwords, including password recovery and pen testing. The tool supports several commonly used hashing algorithms and can leverage CPUs, GPUs, and other hardware accelerators to improve its performance.

For ethical hacking, pen testing, and other white hat professionals, the most common use cases include:

  • Password recovery: Retrieving lost or forgotten passwords for yourself or your team
  • Security testing: Validating the strength of your organization’s passwords
  • Auditing: Identifying weak passwords in your network environment

Hashcat is a command-line tool. That being the case, if you want to use it effectively, you’ll need to familiarize yourself with all of its requisite syntax and parameters. This cheat sheet will guide you through everything from basic commands to advanced attack configurations.

Key Hashcat Features

Before you get into the nitty-gritty of what Hashcat does, take note of some of the higher-level features:

  • High speed: Hashcat is optimized for efficiently working its way through massive password libraries, making it faster than many other alternatives
  • Multi-platform support: Since it’s a command-line tool, it’s functional on Linux, MacOS, and Windows operating systems
  • Wide algorithm support: The tool covers over 200 hashing algorithms, including MD5, SHA-1, and bcrypt
  • Advanced attack modes: Supports 11 attack types, including brute-force, dictionary, rules-based, and mask attacks. Some attacks have specific CPU requirements
  • Hardware acceleration: Utilizes CPUs, GPUs, and other devices for performance gains

Download Hashcat

Here are three ways to download Hashcat:

Option A: Direct file downloads from hashcat.net:

You’ll also need this: Signing key on PGP keyservers: RSA, 2048-bit. Key ID: 2048R/8A16544F. Fingerprint: A708 3322 9D04 0B41 99CC 0052 3C17 DA8B 8A16 544F

Option B: GitHub Repository. Option B is ideal if you want the most up-to-date development version from the Hashcat team.

Comprehensive List of Hashcat Commands

Basic Command Syntax

hashcat [options] -m  -a   [dictionary or mask]

Options and Parameters

Option Description
-m Specify the hash type. (e.g., MD5, SHA-256)
-a Select the attack mode.
-o Specify an output file for cracked hashes.
–username Filter hash file entries by username (useful when hashes contain user information).
–remove Remove cracked hashes from the hash file.
–increment Enable incremental brute-force attacks, expanding the mask length gradually.
–restore Resume a previously paused session.
–session Specify a session name for pausing/resuming attacks.
–show Show cracked passwords in the hash file.
–potfile-disable Disable use of the potfile.
–status Enable detailed status updates during an attack.
–force Force Hashcat to ignore warnings and run anyway.

Hash Types

Mode Hash Type Description
0 MD5 Fast hashing algorithm.
100 SHA1 Secure Hash Algorithm 1.
1400 SHA256 Secure Hash Algorithm 256-bit.
1800 SHA512 Secure Hash Algorithm 512-bit.
3200 bcrypt Slow, cryptographically secure.
2500 WPA/WPA2 PMKID.
1000 NTLM Microsoft Windows hash.
5000 MD5(Unix) Unix MD5 crypt.
13100 Kerberos 5 TGS-REP Kerberos ticket-granting service.

Run the following command for a full list of supported hash types:

hashcat --help

Attack Modes

Mode Name Description
0 Dictionary Use a wordlist to find the hash.
1 Combination Combine two wordlists.
3 Mask Brute-force attack with custom patterns (e.g., ?d for digits).
6 Hybrid Wordlist + Mask Add custom rules to a wordlist attack.
7 Hybrid Mask + Wordlist Combine mask attacks with wordlists.

Examples

# Dictionary Attack
hashcat -m 0 -a 0 hashes.txt rockyou.txt

# Brute Force Mask Attack
hashcat -m 0 -a 3 hashes.txt ?d?d?d?d

# Save Cracked Hashes
hashcat -m 0 -a 0 hashes.txt rockyou.txt -o cracked.txt

# Incremental Brute Force
hashcat -m 0 -a 3 hashes.txt ?l?l?l?l?d?d --increment

# Filter by Username
hashcat -m 0 -a 0 --username hashes.txt rockyou.txt

# Restore Session
hashcat --restore --session=mySession

# Use Rules
hashcat -m 0 -a 0 -r rules/best64.rule hashes.txt rockyou.txt

# Limit GPU Temperature
hashcat -m 0 -a 0 --gpu-temp-abort=80 hashes.txt rockyou.txt

# Benchmark
hashcat -b

# Distributed Cracking
split -n 2 hashes.txt
hashcat -m 0 -a 0 hashes.txt.part1 rockyou.txt
hashcat -m 0 -a 0 hashes.txt.part2 rockyou.txt

Advanced Usage

  1. Incremental Brute Force 
    
hashcat -m 0 -a 3 hashes.txt ?l?l?l?l?d?d --increment

    Gradually increases the length of the mask during brute force.

  2. Filter by Username 
    
hashcat -m 0 -a 0 --username hashes.txt rockyou.txt
  3. Restore Session 
    
hashcat --restore --session=mySession

    Restores a paused session named mySession.

  4. Use Rules 
    
hashcat -m 0 -a 0 -r rules/best64.rule hashes.txt rockyou.txt

    Applies the best64.rule transformation to the wordlist.

  5. Limit GPU Temperature 
    
hashcat -m 0 -a 0 --gpu-temp-abort=80 hashes.txt rockyou.txt

    Stops the process if the GPU temperature exceeds 80°C.

  6. Benchmark 
    
hashcat -b

    Runs a benchmark on supported algorithms.

  7. Distributed Cracking 
    
split -n 2 hashes.txt
hashcat -m 0 -a 0 hashes.txt.part1 rockyou.txt
hashcat -m 0 -a 0 hashes.txt.part2 rockyou.txt

    Splits the hash file and processes it across multiple systems.

Mask Examples

Mask Description
?d Digit (0-9)
?l Lowercase letter (a-z)
?u Uppercase letter (A-Z)
?s Special character (e.g., @, $, !)
?a All (digits, letters, special characters)
?1?1 Custom charset defined via –custom-charset1

Custom Charset


hashcat -m 0 -a 3 --custom-charset1=?d?l?u hashes.txt ?1?1?1?1

Defines a charset combining digits, lowercase, and uppercase letters.

Session Management

  1. Start a Session 
    
hashcat --session=mySession -m 0 -a 0 hashes.txt rockyou.txt
  2. Pause and Restore

Performance Optimization

  1. Workload Profiles 
    
hashcat --workload-profile=3 -m 0 -a 0 hashes.txt rockyou.txt

    Adjust workload levels (1 = low, 4 = high).

  2. Use All GPUs 
    
hashcat --opencl-device-types=1,2 -m 0 -a 0 hashes.txt rockyou.txt

Tips to Get the Most Out of Hashcat

Hashcat is simple to use once you set it up, but here are a few extra tips to get the most out of it:

  • Always start with a dictionary attack (faster than brute force)
  • Use rules to transform wordlists (e.g., appending numbers or altering case)
  • Monitor GPU temperature to prevent overheating
  • Use distributed cracking for large hash files

Hashcat is a useful (and, dare I say, fun) tool. Mastering its commands and options can improve your experience with the tool and make it far more useful for ethical hacking, pen testing, and more.

How to Get Started with Hashcat

Instead of recreating the wheel here, we’ll point you to this excellent video from W. J. Pearce:

Password Cracking Simulator

If you’re new to password cracking, this free simulator will help you get a basic idea of how hashed password cracking works.



Hashed Password Cracking Simulator

See how hashed password cracking works using this free simulator.


Source link
Related Articles
Exit mobile version