Hashcat: Guide to Password Recovery Tool

hashcat tool common use cases

Hashcat is a password recovery tool that uses brute-force and dictionary attacks to recover passwords. It is commonly used for the following purposes:

  • Password cracking: Hashcat can be used to crack passwords for a variety of purposes, including recovering forgotten passwords, testing password strength, and demonstrating the vulnerabilities of weak passwords.
  • Penetration testing: Hashcat can be used as part of a penetration testing toolkit to test the security of systems and networks by attempting to recover passwords for various accounts and services.
  • Security research: Hashcat can be used by security researchers to study password cracking techniques and the effectiveness of various password hashing algorithms.
  • Digital forensics: Hashcat can be used by forensic analysts to recover passwords from seized digital devices as part of an investigation.

Hashcat is a powerful tool that can be used in a variety of contexts to recover passwords and test the security of systems and networks. It is important to use Hashcat responsibly and in accordance with relevant laws and regulations.

How to install hashcat using apt

apt update

apt install hashcat

How to install hashcat using source

wget https://hashcat.net/files/hashcat-6.2.5.tar.gz

tar -xf hashcat-6.2.5.tar.gz

cd hashcat-6.2.5

apt install g++

make

*install your GPU driver and you ready to crack passwords!

install Hashcat hashcat-utils

git clone https://github.com/hashcat/hashcat-utils.git

cd hashcat-utils/src

make

Examples command

CommandDescription
hashcat -example-hashesView a list of Hashcat hash modes and example hashes
hashcat -b -m 1000\Perform a Hashcat benchmark test of a specific hash mode for example NTLM
hashcat -bPerform a benchmark of all hash modes
hashcat -OOptimization: Increase speed but limit potential password length
hashcat -w 3Optimization: Use when Hashcat is the only thing running, use 1 if running hashcat on your desktop. Default is 2
hashcat -a 0 -mDictionary attack
hashcat -a 1 -m ‘hash type’ ‘hash file’ ‘wordlist1’ ‘wordlist2’Combination attack
hashcat -a 3 -m 0 ‘hash file’ -1 01 ‘Smartiot?u?l?d?l?l20?1?d’Mask attack
hashcat -a 7 -m 0 ‘hash file’ -1=01 ’20?1?d’ rockyou.txtHybrid attack
Cap2hccapx – Convert To Crackable File
./cap2hccapx.bin input.cap output.hccapx
hashcat -a 0 -m 22000 output.hccapx rockyou.txt

Extract PMKID – Using Hcxpcaptool
hcxpcaptool -z pmkidhash cracking_pmkid.cap


hashcat -a 0 -m 22000 pmkidhash rockyou.txt

Cracking Wireless (WPA/WPA2) Handshakes with Hashcat

 create password list under conditions

sed -ri '/^.{,7}$/d' rockyou.txt # remove shorter than 8
sed -ri '/[!-/:-@\[-`\{-~]+/!d' rockyou.txt # remove no special chars
sed -ri '/[0-9]+/!d' rockyou.txt # remove no numbers

Summery

Hashcat is a powerful and widely-used password recovery tool that uses brute-force and dictionary attacks to recover passwords. It is commonly used for recovering forgotten passwords, testing password strength, and demonstrating the vulnerabilities of weak passwords. Hashcat is also used by penetration testers, security researchers, and forensic analysts to recover passwords and test the security of systems and networks. It is a valuable tool for anyone who needs to recover passwords or test the security of their systems.

Screenshots gallery

Like this article?

You may also enjoy these articles

SearchSploit: Guide to Exploit Database Search

Searchsploit is a command-line tool that allows users to search the Exploit Database, which is a repository of publicly disclosed vulnerabilities and exploitation techniques. It

fuzzing with ffuf tool

Guide to FFUF tool – Web Application Fuzzing

FFUF is a powerful and flexible open-source tool for performing web application fuzzing. Whether you’re a security professional looking to identify vulnerabilities or a developer

Guide to sqlmap tool – sql injection

SQLmap is an powerful open source tool used by hackers to detect and exploit SQL
injection flaws. SQLmap automates the process of detecting and

Hydra

Hydra tool make password cracking to easy task, hydra can brute Force multiple protocols and services like ftp irc ldap2[s] ldap3 mongodb mssql mysql

Scroll to Top