hashcat tool common use cases
Hashcat is a password recovery tool that uses brute-force and dictionary attacks to recover passwords. It is commonly used for the following purposes:
- Password cracking: Hashcat can be used to crack passwords for a variety of purposes, including recovering forgotten passwords, testing password strength, and demonstrating the vulnerabilities of weak passwords.
- Penetration testing: Hashcat can be used as part of a penetration testing toolkit to test the security of systems and networks by attempting to recover passwords for various accounts and services.
- Security research: Hashcat can be used by security researchers to study password cracking techniques and the effectiveness of various password hashing algorithms.
- Digital forensics: Hashcat can be used by forensic analysts to recover passwords from seized digital devices as part of an investigation.
Hashcat is a powerful tool that can be used in a variety of contexts to recover passwords and test the security of systems and networks. It is important to use Hashcat responsibly and in accordance with relevant laws and regulations.
How to install hashcat using apt
apt update
apt install hashcat
How to install hashcat using source
wget https://hashcat.net/files/hashcat-6.2.5.tar.gz
tar -xf hashcat-6.2.5.tar.gz
cd hashcat-6.2.5
apt install g++
make
*install your GPU driver and you ready to crack passwords!
install Hashcat hashcat-utils
git clone https://github.com/hashcat/hashcat-utils.git
cd hashcat-utils/src
make
Examples command
| Command | Description |
|---|---|
| hashcat -example-hashes | View a list of Hashcat hash modes and example hashes |
| hashcat -b -m 1000 | \Perform a Hashcat benchmark test of a specific hash mode for example NTLM |
| hashcat -b | Perform a benchmark of all hash modes |
| hashcat -O | Optimization: Increase speed but limit potential password length |
| hashcat -w 3 | Optimization: Use when Hashcat is the only thing running, use 1 if running hashcat on your desktop. Default is 2 |
| hashcat -a 0 -m | Dictionary attack |
| hashcat -a 1 -m ‘hash type’ ‘hash file’ ‘wordlist1’ ‘wordlist2’ | Combination attack |
| hashcat -a 3 -m 0 ‘hash file’ -1 01 ‘Smartiot?u?l?d?l?l20?1?d’ | Mask attack |
| hashcat -a 7 -m 0 ‘hash file’ -1=01 ’20?1?d’ rockyou.txt | Hybrid attack |
Cap2hccapx – Convert To Crackable File./cap2hccapx.bin input.cap output.hccapxhashcat -a 0 -m 22000 Extract PMKID – Using Hcxpcaptool hashcat -a 0 -m 22000 pmkidhash rockyou.txt | Cracking Wireless (WPA/WPA2) Handshakes with Hashcat |
create password list under conditions
sed -ri '/^.{,7}$/d' rockyou.txt # remove shorter than 8sed -ri '/[!-/:-@\[-`\{-~]+/!d' rockyou.txt # remove no special charssed -ri '/[0-9]+/!d' rockyou.txt # remove no numbersSummery
Hashcat is a powerful and widely-used password recovery tool that uses brute-force and dictionary attacks to recover passwords. It is commonly used for recovering forgotten passwords, testing password strength, and demonstrating the vulnerabilities of weak passwords. Hashcat is also used by penetration testers, security researchers, and forensic analysts to recover passwords and test the security of systems and networks. It is a valuable tool for anyone who needs to recover passwords or test the security of their systems.
