2021-05-14 01:29:30 +01:00
|
|
|
# hashcat
|
|
|
|
|
|
|
|
|
|
> Fast and advanced password recovery tool.
|
2022-05-19 21:33:46 +01:00
|
|
|
> More information: <https://hashcat.net/wiki/doku.php?id=hashcat>.
|
2021-05-14 01:29:30 +01:00
|
|
|
|
|
|
|
|
- Perform a brute-force attack (mode 3) with the default hashcat mask:
|
|
|
|
|
|
|
|
|
|
`hashcat --hash-type {{hash_type_id}} --attack-mode {{3}} {{hash_value}}`
|
|
|
|
|
|
|
|
|
|
- Perform a brute-force attack (mode 3) with a known pattern of 4 digits:
|
|
|
|
|
|
|
|
|
|
`hashcat --hash-type {{hash_type_id}} --attack-mode {{3}} {{hash_value}} "{{?d?d?d?d}}"`
|
|
|
|
|
|
|
|
|
|
- Perform a brute-force attack (mode 3) using at most 8 of all printable ASCII characters:
|
|
|
|
|
|
|
|
|
|
`hashcat --hash-type {{hash_type_id}} --attack-mode {{3}} --increment {{hash_value}} "{{?a?a?a?a?a?a?a?a}}"`
|
|
|
|
|
|
|
|
|
|
- Perform a dictionary attack (mode 0) using the RockYou wordlist of a Kali Linux box:
|
|
|
|
|
|
|
|
|
|
`hashcat --hash-type {{hash_type_id}} --attack-mode {{0}} {{hash_value}} {{/usr/share/wordlists/rockyou.txt}}`
|
|
|
|
|
|
2021-08-15 18:59:09 +01:00
|
|
|
- Perform a rule-based dictionary attack (mode 0) using the RockYou wordlist mutated with common password variations:
|
2021-05-14 01:29:30 +01:00
|
|
|
|
|
|
|
|
`hashcat --hash-type {{hash_type_id}} --attack-mode {{0}} --rules-file {{/usr/share/hashcat/rules/best64.rule}} {{hash_value}} {{/usr/share/wordlists/rockyou.txt}}`
|
|
|
|
|
|
|
|
|
|
- Perform a combination attack (mode 1) using the concatenation of words from two different custom dictionaries:
|
|
|
|
|
|
|
|
|
|
`hashcat --hash-type {{hash_type_id}} --attack-mode {{1}} {{hash_value}} {{/path/to/dictionary1.txt}} {{/path/to/dictionary2.txt}}`
|
|
|
|
|
|
|
|
|
|
- Show result of an already cracked hash:
|
|
|
|
|
|
|
|
|
|
`hashcat --show {{hash_value}}`
|
