fraggle/WebsiteTemplate
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
main
WebsiteTemplate/cheatsheets/hashcat.html
Fraggle 6f42a58ee5
first commit
2026-01-25 11:33:37 -04:00

311 lines
9.2 KiB
HTML
Raw Permalink Blame History

<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<meta http-equiv="Content-Security-Policy" content="default-src 'self'; script-src 'self'; style-src 'self'; font-src 'self' data:; img-src 'self' data:; connect-src 'self'; base-uri 'self'; form-action 'self' https://defcon.social https://bsky.app;">
<meta http-equiv="X-Content-Type-Options" content="nosniff">
<link rel="stylesheet" href="../assets/css/style.css">
<link rel="icon" type="image/x-icon" href="../favicon.ico">
<script>
(function() {
const theme = localStorage.getItem('theme') ||
(window.matchMedia && window.matchMedia('(prefers-color-scheme: dark)').matches ? 'dark' : 'light');
document.documentElement.setAttribute('data-theme', theme);
})();
</script>
<title>hashcat Cheatsheet - Cheatsheets - Launch Pad</title>
</head>
<body>
<button class="theme-toggle" id="themeToggle" aria-label="Toggle dark mode">
<svg class="theme-icon theme-icon-moon" xmlns="http://www.w3.org/2000/svg" width="24" height="24" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"><path d="M21 12.79A9 9 0 1 1 11.21 3 7 7 0 0 0 21 12.79z"></path></svg>
<svg class="theme-icon theme-icon-sun" xmlns="http://www.w3.org/2000/svg" width="24" height="24" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round" style="display: none;"><circle cx="12" cy="12" r="5"></circle><line x1="12" y1="1" x2="12" y2="3"></line><line x1="12" y1="21" x2="12" y2="23"></line><line x1="4.22" y1="4.22" x2="5.64" y2="5.64"></line><line x1="18.36" y1="18.36" x2="19.78" y2="19.78"></line><line x1="1" y1="12" x2="3" y2="12"></line><line x1="21" y1="12" x2="23" y2="12"></line><line x1="4.22" y1="19.78" x2="5.64" y2="18.36"></line><line x1="18.36" y1="5.64" x2="19.78" y2="4.22"></line></svg>
</button>
<br/><br/>
<div class="name">
__ _______________________ _________._________________________
\_ _____/ \______ \ / _ \ / _____/ / _____/ | | \_ _____/
| __) | _/ / /_\ \ / \ ___ / \ ___ | | | __)_
| \ | | \ / | \ \ \_\ \ \ \_\ \ | |___ | \
\___ / |____|_ / \____|__ / \______ / \______ / |_______ \ /_______ /
\/ \/ \/ \/ \/ \/ \/
</div>
<div class="blog-page-header">
<div class="blog-header-content">
<a href="/cheatsheets" class="back-link" title="Back to Cheatsheets">
<svg xmlns="http://www.w3.org/2000/svg" width="42" height="42" viewBox="0 0 24 24" class="home-icon"><path fill="currentColor" d="M10 20v-6h4v6h5v-8h3L12 3 2 12h3v8z"/></svg>
</a>
<h1 class="blog-page-title">hashcat Cheatsheet</h1>
</div>
</div>
<div class="blog-post-container">
<div class="blog-posts-container" style="max-width: 900px; margin: 0 auto;">
<div class="blog-post">
<div class="blog-post-content">
<p><a href="index.html">← Back to cheatsheets</a></p>
<p><a href="../index.html">← Home</a></p>
<hr>
<p>hashcat is an advanced password recovery tool featuring GPU acceleration and support for over 300 hash types. It's the fastest and most advanced password cracking tool available.</p>
<hr>
<h2>Basic Syntax</h2>
<ul>
<li>hashcat -m &lt;hash_type&gt; &lt;hash_file&gt; &lt;wordlist&gt; - Basic attack</li>
</ul>
<ul>
<li>hashcat -m 0 hash.txt wordlist.txt - MD5 attack</li>
</ul>
<ul>
<li>hashcat -m 1000 hash.txt wordlist.txt - NTLM attack</li>
</ul>
<ul>
<li>hashcat -m 22000 hash.hc22000 wordlist.txt - WPA/WPA2 attack</li>
</ul>
<hr>
<h2>Common Hash Types</h2>
<ul>
<li>-m 0 - MD5</li>
</ul>
<ul>
<li>-m 100 - SHA1</li>
</ul>
<ul>
<li>-m 1000 - NTLM</li>
</ul>
<ul>
<li>-m 1800 - sha512crypt $6$ (Linux)</li>
</ul>
<ul>
<li>-m 22000 - WPA/WPA2 PMKID+EAPOL (hc22000 format)</li>
</ul>
<ul>
<li>-m 16800 - WPA/WPA2 PMKID</li>
</ul>
<ul>
<li>-m 2500 - WPA/WPA2 handshake</li>
</ul>
<ul>
<li>-m 500 - md5crypt $1$ (Linux)</li>
</ul>
<ul>
<li>-m 3200 - bcrypt $2$</li>
</ul>
<ul>
<li>-m 17210 - sha256crypt $5$ (Linux)</li>
</ul>
<ul>
<li>-m 1410 - sha256($salt.$pass)</li>
</ul>
<ul>
<li>-m 13100 - Kerberos 5 TGS-REP</li>
</ul>
<hr>
<h2>Attack Modes</h2>
<ul>
<li>-a 0 - Dictionary attack (default)</li>
</ul>
<ul>
<li>-a 1 - Combinator attack</li>
</ul>
<ul>
<li>-a 3 - Brute-force/Mask attack</li>
</ul>
<ul>
<li>-a 6 - Hybrid wordlist + mask</li>
</ul>
<ul>
<li>-a 7 - Hybrid mask + wordlist</li>
</ul>
<hr>
<h2>Brute-Force Masks</h2>
<ul>
<li>-a 3 ?l?l?l?l?l?l?l?l - 8 lowercase letters</li>
</ul>
<ul>
<li>-a 3 ?u?u?u?u - 4 uppercase letters</li>
</ul>
<ul>
<li>-a 3 ?d?d?d?d - 4 digits</li>
</ul>
<ul>
<li>-a 3 ?l?l?d?d - 2 letters + 2 digits</li>
</ul>
<ul>
<li>-a 3 ?a?a?a?a - 4 characters (any)</li>
</ul>
<ul>
<li>-a 3 password?d?d?d - "password" + 3 digits</li>
</ul>
<h3>Mask Characters</h3>
<ul>
<li>?l - Lowercase letters (a-z)</li>
</ul>
<ul>
<li>?u - Uppercase letters (A-Z)</li>
</ul>
<ul>
<li>?d - Digits (0-9)</li>
</ul>
<ul>
<li>?s - Special characters (!@#$%^&amp;*...)</li>
</ul>
<ul>
<li>?a - All characters (?l?u?d?s)</li>
</ul>
<ul>
<li>?b - Binary (0x00-0xff)</li>
</ul>
<ul>
<li>?h - Lowercase hex (0-9a-f)</li>
</ul>
<ul>
<li>?H - Uppercase hex (0-9A-F)</li>
</ul>
<hr>
<h2>Performance Options</h2>
<ul>
<li>-w &lt;1-4&gt; - Workload profile (1=low, 2=default, 3=high, 4=insane)</li>
</ul>
<ul>
<li>-O - Optimized kernels (may reduce supported password lengths)</li>
</ul>
<ul>
<li>--force - Ignore warnings</li>
</ul>
<ul>
<li>--hwmon-temp-abort=&lt;temp&gt; - Abort if GPU temp exceeds (Celsius)</li>
</ul>
<ul>
<li>--hwmon-disable - Disable hardware monitoring</li>
</ul>
<hr>
<h2>Output Options</h2>
<ul>
<li>-o &lt;file&gt; - Output file for recovered hashes</li>
</ul>
<ul>
<li>--outfile-format=&lt;num&gt; - Output format (1=hash:pass, 2=hex, 3=hash[:salt]:pass)</li>
</ul>
<ul>
<li>--show - Show cracked hashes</li>
</ul>
<ul>
<li>--left - Show uncracked hashes</li>
</ul>
<ul>
<li>--username - Show username (for formats with username)</li>
</ul>
<ul>
<li>--remove - Remove cracked hashes from hash file</li>
</ul>
<ul>
<li>--potfile-path=&lt;file&gt; - Path to potfile</li>
</ul>
<ul>
<li>--outfile-autohex-disable - Disable hex encoding in output</li>
</ul>
<hr>
<h2>Session Options</h2>
<ul>
<li>--session=&lt;name&gt; - Session name</li>
</ul>
<ul>
<li>--restore - Restore session</li>
</ul>
<ul>
<li>--status - Enable status update screen</li>
</ul>
<ul>
<li>--status-timer=&lt;sec&gt; - Status update interval (default 10)</li>
</ul>
<ul>
<li>--stdout - Output to stdout (no status screen)</li>
</ul>
<ul>
<li>--quiet - Suppress output</li>
</ul>
<hr>
<h2>Rules and Masks</h2>
<ul>
<li>-r &lt;file&gt; - Rules file</li>
</ul>
<ul>
<li>-g &lt;num&gt; - Generate num random rules</li>
</ul>
<ul>
<li>--rules-file=&lt;file&gt; - Rules file</li>
</ul>
<hr>
<h2>Common Examples</h2>
<h3>MD5 Dictionary Attack</h3>
<pre><code>hashcat -m 0 hash.txt wordlist.txt</code></pre>
<h3>WPA/WPA2 Attack</h3>
<pre><code>hashcat -m 22000 hash.hc22000 wordlist.txt</code></pre>
<h3>NTLM Attack</h3>
<pre><code>hashcat -m 1000 ntlm_hash.txt wordlist.txt</code></pre>
<h3>Brute Force 8 Lowercase</h3>
<pre><code>hashcat -m 0 hash.txt -a 3 ?l?l?l?l?l?l?l?l</code></pre>
<h3>Brute Force 4-8 Digits</h3>
<pre><code>hashcat -m 0 hash.txt -a 3 -i --increment-min=4 --increment-max=8 ?d?d?d?d</code></pre>
<h3>Combinator Attack</h3>
<pre><code>hashcat -m 0 hash.txt -a 1 wordlist1.txt wordlist2.txt</code></pre>
<h3>With Rules</h3>
<pre><code>hashcat -m 0 hash.txt wordlist.txt -r rules/best64.rule</code></pre>
<h3>Show Cracked Hashes</h3>
<pre><code>hashcat -m 0 hash.txt --show</code></pre>
<h3>Resume Session</h3>
<pre><code>hashcat --restore --session my_session</code></pre>
<h3>High Performance</h3>
<pre><code>hashcat -m 0 hash.txt wordlist.txt -w 4 -O</code></pre>
<h3>Save Results</h3>
<pre><code>hashcat -m 0 hash.txt wordlist.txt -o cracked.txt</code></pre>
<hr>
<h2>Tips</h2>
<ul>
<li>Use -w 4 for maximum performance (may affect system usability)</li>
</ul>
<ul>
<li>Use -O for optimized kernels (faster but limited password length)</li>
</ul>
<ul>
<li>Use --show to display already cracked hashes</li>
</ul>
<ul>
<li>Save session with --session to resume later</li>
</ul>
<ul>
<li>Use -a 3 with masks for targeted brute force</li>
</ul>
<ul>
<li>Combine dictionary with rules (-r) for better results</li>
</ul>
<ul>
<li>Monitor GPU temperature to prevent damage</li>
</ul>
<ul>
<li>Use -m 22000 for modern WPA/WPA2 captures (hc22000 format)</li>
</ul>
<ul>
<li>Always test on authorized systems only</li>
</ul>
<ul>
<li>Check hashcat examples on website for specific hash types</li>
</ul>
<ul>
<li>Use --remove to clean up successfully cracked hashes</li>
</ul>
<ul>
<li>Start with small wordlists before large brute force attacks</li>
</ul>
<hr>
<p><a href="index.html">← Back to cheatsheets</a></p>
<p><a href="../index.html">← Home</a></p>
</div>
</div>
</div>
</div>
<script async type="text/javascript" src="../blog/analytics.js"></script>
<script src="../theme.js"></script>
</body>
</html>
Reference in New Issue View Git Blame Copy Permalink