Hashcat

GPU-accelerated hash cracker: identify the hash type first, then pick the right attack mode. Wordlist + rules covers the majority of real-world hashes.

Hash Modes

-m 0      MD5
-m 100    SHA1
-m 1000   NTLM
-m 1800   sha512crypt ($6$)
-m 3200   bcrypt
-m 5600   NetNTLMv2
-m 13100  Kerberoast TGS
-m 18200  AS-REP Roast
-m 16500  JWT

Attacks

Start with a wordlist, then combine with rules for mangled passwords. Fall back to mask brute force when the pattern is known (e.g. company name + year + special).

bash

# Wordlist
hashcat -m <mode> hash.txt /usr/share/dict/rockyou.txt

# Wordlist + rules
hashcat -m <mode> hash.txt /usr/share/dict/rockyou.txt -r /usr/share/hashcat/rules/best64.rule

# Mask brute force
hashcat -m <mode> hash.txt -a 3 ?u?l?l?l?d?d?d?d

Masks

?l = lowercase
?u = uppercase  
?d = digit
?s = special
?a = all

Hashcat ​

Hash Modes ​

Attacks ​

Masks ​

Hashcat

Hash Modes

Attacks

Masks