Hashcat
Hashcat is a well-known password cracking tool for Linux, Windows, and macOS. From 2009 until 2015 it was proprietary software, but has since been released as open-source. Featuring fantastic GPU support, it can be used to crack a large variety of hashes. Hashcat supports multiple attack (cracking) modes which can be used to efficiently attack password hashes.
The success of a password cracking attempt largely depends on the quality of the wordlists and the complexity of the passwords being targeted.
General Syntax
hashcat -a <attack_mode> -m <hash_type> <hashes> [wordlist, rule, mask, ...]
| Argument | Description |
|---|---|
-a | Attack mode |
-m | Hash type ID |
<hashes> | Either a hash string or a file containing one or more password hashes of the same type |
[wordlist, rule, mask, ...] | Additional arguments depending on the attack mode |
Hashing
Hashing is the process of converting a password into a fixed-length string of characters. Hashes are designed to be irreversible, meaning that it should be computationally infeasible to retrieve the original password from its hash. Common hashing algorithms include MD5, SHA-1, SHA-256, and bcrypt. Typically, a hash function always returns values of the same length regardless of the input size, complexity, etc.
When passwords are stored in databases, they are often hashed to protect them from being easily read if the database is compromised. However, if an attacker can obtain the hash values, they can attempt to crack them using tools like Hashcat. Hashcat can read values from a wordlist, hash them, and compare them to the target hash values to find matches.
Hash Algorithms
SHA-512
SHA-512 (Secure Hash Algorithm 512-bit) is a member of the SHA-2 family of cryptographic hash functions. It produces a 512-bit (64-byte) hash value, typically represented as a 128-character hexadecimal string. SHA-512 is widely used for data integrity verification and digital signatures due to its strong security properties.
Blowfish
Blowfish is a symmetric-key block cipher designed by Bruce Schneier in 1993. It operates on 64-bit blocks and supports key sizes ranging from 32 bits to 448 bits. Blowfish is known for its speed and effectiveness, making it a popular choice for encrypting data in various applications.
Bcrypt
Bcrypt is a password hashing function designed to be computationally intensive to resist brute-force attacks. It incorporates a salt to protect against rainbow table attacks and allows for adjustable work factors, making it adaptable to increasing computational power over time. Bcrypt is widely used for securely storing passwords in databases.
MD5
MD5 (Message-Digest Algorithm 5) is a widely used cryptographic hash function that produces a 128-bit (16-byte) hash value, typically represented as a 32-character hexadecimal string. Although it was once considered secure, MD5 is now vulnerable to collision attacks and is not recommended for security-sensitive applications.
Argon2
Argon2 is a modern password hashing algorithm that won the Password Hashing Competition in 2015. It is designed to be resistant to GPU and ASIC attacks by being memory-intensive and computationally expensive. Argon2 has three variants: Argon2d, Argon2i, and Argon2id, each optimized for different security needs.
Hash Types
Hashcat supports hundreds of different hash types, each assigned an ID. A list of associated IDs can be generated by running:
hashcat --help
Common hash types:
| ID | Name | Category |
|---|---|---|
0 | MD5 | Raw Hash |
100 | SHA1 | Raw Hash |
500 | MD5 Crypt / Cisco-IOS / FreeBSD MD5 | Operating System |
900 | MD4 | Raw Hash |
1000 | NTLM | Operating System |
1300 | SHA2-224 | Raw Hash |
1400 | SHA2-256 | Raw Hash |
1700 | SHA2-512 | Raw Hash |
1800 | SHA-512 Crypt (Unix) | Operating System |
3200 | bcrypt | Operating System |
5600 | NetNTLMv2 | Network Protocol |
6000 | RIPEMD-160 | Raw Hash |
10800 | SHA2-384 | Raw Hash |
17300 | SHA3-224 | Raw Hash |
17400 | SHA3-256 | Raw Hash |
17500 | SHA3-384 | Raw Hash |
17600 | SHA3-512 | Raw Hash |
The hashcat website hosts a comprehensive list of example hashes which can assist in manually identifying an unknown hash type.
Identifying Hash Types
Use hashid to quickly identify the hashcat hash type by specifying the -m argument:
hashid -m '$1$FNr44XZC$wQxY6HHLrgrGX0e1195k.1'
Analyzing '$1$FNr44XZC$wQxY6HHLrgrGX0e1195k.1'
[+] MD5 Crypt [Hashcat Mode: 500]
[+] Cisco-IOS(MD5) [Hashcat Mode: 500]
[+] FreeBSD MD5 [Hashcat Mode: 500]
Attack Modes
Hashcat has many different attack modes, including dictionary, mask, combinator, and association.
| Mode | Name | Description |
|---|---|---|
0 | Straight/Dictionary | Wordlist-based attack |
1 | Combination | Combines words from two wordlists |
3 | Brute-force/Mask | Uses masks to define keyspace |
6 | Hybrid Wordlist + Mask | Appends mask to wordlist entries |
7 | Hybrid Mask + Wordlist | Prepends mask to wordlist entries |
Dictionary Attack (-a 0)
Dictionary attack is, as the name suggests, a dictionary attack. The user provides password hashes and a wordlist as input, and Hashcat tests each word in the list as a potential password until the correct one is found or the list is exhausted.
Example: Cracking an MD5 hash using the rockyou.txt wordlist:
hashcat -a 0 -m 0 e3e3ec5831ad5e7288241960e5d4fdb8 /usr/share/wordlists/rockyou.txt
Example output:
Session..........: hashcat
Status...........: Cracked
Hash.Mode........: 0 (MD5)
Hash.Target......: e3e3ec5831ad5e7288241960e5d4fdb8
Time.Started.....: Sat Apr 19 08:58:44 2025 (0 secs)
Time.Estimated...: Sat Apr 19 08:58:44 2025 (0 secs)
Kernel.Feature...: Pure Kernel
Guess.Base.......: File (/usr/share/wordlists/rockyou.txt)
Speed.#1.........: 1706.6 kH/s (0.14ms) @ Accel:512 Loops:1 Thr:1 Vec:8
Recovered........: 1/1 (100.00%) Digests (total), 1/1 (100.00%) Digests (new)
Progress.........: 28672/14344385 (0.20%)
Using Rules
A wordlist alone is often not enough to crack a password hash. Rules can be used to perform specific modifications to passwords to generate even more guesses. The rule files that come with hashcat are typically found under /usr/share/hashcat/rules:
ls -l /usr/share/hashcat/rules
Common rule files:
| Rule File | Description |
|---|---|
best64.rule | 64 standard password modifications |
rockyou-30000.rule | Large ruleset based on rockyou patterns |
dive.rule | Comprehensive rule set |
d3ad0ne.rule | Popular community ruleset |
leetspeak.rule | Leet speak substitutions (e.g., a→4, e→3) |
toggles1-5.rule | Case toggling rules |
Example: Using best64.rule with a dictionary attack:
hashcat -a 0 -m 0 1b0556a75770563578569ae21392630c /usr/share/wordlists/rockyou.txt -r /usr/share/hashcat/rules/best64.rule
The best64.rule contains 64 standard password modifications—such as appending numbers or substituting characters with their “leet” equivalents.
Mask Attack (-a 3)
Mask attack is a type of brute-force attack in which the keyspace is explicitly defined by the user. For example, if we know that a password is eight characters long, rather than attempting every possible combination, we might define a mask that tests combinations of six letters followed by two numbers.
A mask is defined by combining a sequence of symbols, each representing a built-in or custom character set.
Built-in Character Sets
| Symbol | Charset |
|---|---|
?l | abcdefghijklmnopqrstuvwxyz |
?u | ABCDEFGHIJKLMNOPQRSTUVWXYZ |
?d | 0123456789 |
?h | 0123456789abcdef |
?H | 0123456789ABCDEF |
?s | Special characters: «space»!"#$%&'()*+,-./:;<=>?@[\]^_{ |
?a | ?l?u?d?s (all printable ASCII) |
?b | 0x00 - 0xff (all bytes) |
Custom Character Sets
Custom charsets can be defined with the -1, -2, -3, and -4 arguments, then referred to with ?1, ?2, ?3, and ?4.
Example: Password starting with uppercase, four lowercase, a digit, and a symbol:
# Mask: ?u?l?l?l?l?d?s
hashcat -a 3 -m 0 hash.txt ?u?l?l?l?l?d?s
Example: Custom charset (uppercase or lowercase letters):
hashcat -a 3 -m 0 hash.txt -1 ?l?u ?1?1?1?1?d?d?d?d
This tries passwords with 4 mixed-case letters followed by 4 digits.
Hybrid Attacks
Hybrid Wordlist + Mask (-a 6)
Appends a mask to each word from the wordlist:
hashcat -a 6 -m 0 hash.txt /usr/share/wordlists/rockyou.txt ?d?d?d
This tries each word from rockyou.txt with 3 digits appended (e.g., password123, password456).
Hybrid Mask + Wordlist (-a 7)
Prepends a mask to each word from the wordlist:
hashcat -a 7 -m 0 hash.txt ?d?d?d /usr/share/wordlists/rockyou.txt
This tries each word with 3 digits prepended (e.g., 123password, 456password).
Useful Options
| Option | Description |
|---|---|
-o <file> | Output cracked hashes to a file |
--show | Show previously cracked hashes from potfile |
--status | Enable automatic status updates |
--status-timer=N | Set status update interval (seconds) |
-w 3 | Workload profile (1=low, 2=default, 3=high, 4=nightmare) |
--increment | Enable mask increment mode |
--increment-min=N | Start mask length |
--increment-max=N | End mask length |
-O | Enable optimized kernels (faster, limits password length) |
--username | Ignore username in hash file (format: user:hash) |
--potfile-disable | Don’t write to potfile |
--force | Ignore warnings |
Examples
Crack MD5 hash with dictionary
hashcat -a 0 -m 0 hash.txt /usr/share/wordlists/rockyou.txt
Crack NTLM with rules
hashcat -a 0 -m 1000 ntlm_hashes.txt /usr/share/wordlists/rockyou.txt -r /usr/share/hashcat/rules/best64.rule
Brute-force 8-character password (lowercase + digits)
hashcat -a 3 -m 0 hash.txt ?l?l?l?l?l?l?d?d
Incremental mask attack (4-8 characters)
hashcat -a 3 -m 0 hash.txt ?a?a?a?a?a?a?a?a --increment --increment-min=4 --increment-max=8
Show previously cracked passwords
hashcat -m 0 hash.txt --show
Crack bcrypt hash
hashcat -a 0 -m 3200 bcrypt_hash.txt /usr/share/wordlists/rockyou.txt
Cracking Protected Files
The use of file encryption is often neglected in both private and professional contexts. Even today, emails containing job applications, account statements, or contracts are frequently sent without encryption. Nevertheless, encrypted files can still be cracked with the right combination of wordlists and tools.
In many cases, symmetric encryption algorithms such as AES-256 are used to securely store individual files or folders. For transmitting files, asymmetric encryption is typically employed, using two distinct keys: the sender encrypts with the recipient’s public key, and the recipient decrypts with the corresponding private key.
Hash Modes for Protected Files
| ID | Type |
|---|---|
9400 | MS Office 2007 |
9500 | MS Office 2010 |
9600 | MS Office 2013 |
10400 | PDF 1.1-1.3 (Acrobat 2-4) |
10500 | PDF 1.4-1.6 (Acrobat 5-8) |
10600 | PDF 1.7 Level 3 (Acrobat 9) |
10700 | PDF 1.7 Level 8 (Acrobat 10-11) |
13400 | KeePass 1/2 AES/Twofish |
22100 | BitLocker |
6211-6243 | TrueCrypt |
13711-13723 | VeraCrypt |
Hunting for Encrypted Files
Many different extensions correspond to encrypted files. Use this command to locate commonly encrypted files on a Linux system:
for ext in $(echo ".xls .xls* .xltx .od* .doc .doc* .pdf .pot .pot* .pp*"); do
echo -e "\nFile extension: " $ext
find / -name *$ext 2>/dev/null | grep -v "lib\|fonts\|share\|core"
done
Hunting for SSH Keys
SSH private keys can be identified by their header content:
grep -rnE '^\-{5}BEGIN [A-Z0-9]+ PRIVATE KEY\-{5}$' /* 2>/dev/null
To check if an SSH key is encrypted:
ssh-keygen -yf ~/.ssh/id_rsa
# If encrypted, prompts for passphrase
Note: SSH keys are typically cracked with John the Ripper using ssh2john.py, as hashcat doesn’t have a direct mode for SSH private keys.
Cracking Protected Archives
Besides standalone files, we often encounter password-protected archives such as ZIP files.
Hash Modes for Archives
| ID | Type |
|---|---|
11600 | 7-Zip |
13600 | WinZip |
17200 | PKZIP (Compressed) |
17210 | PKZIP (Uncompressed) |
17220 | PKZIP (Compressed Multi-File) |
17225 | PKZIP (Mixed Multi-File) |
17230 | PKZIP (Compressed Multi-File Checksum-Only) |
12500 | RAR3-hp |
13000 | RAR5 |
23700 | RAR3-p (Compressed) |
23800 | RAR3-p (Uncompressed) |
Cracking BitLocker-Encrypted Drives
BitLocker is a full-disk encryption feature developed by Microsoft using AES with 128-bit or 256-bit keys. To crack a BitLocker encrypted drive, use bitlocker2john from the John the Ripper suite to extract hashes:
bitlocker2john -i Backup.vhd > backup.hashes
grep "bitlocker\$0" backup.hashes > backup.hash
cat backup.hash
The script outputs four hashes: the first two are for the BitLocker password, the latter two for the recovery key. The recovery key is 48 digits and randomly generated, so focus on cracking the password hash ($bitlocker$0$...).
Crack with hashcat using mode 22100:
hashcat -a 0 -m 22100 '$bitlocker$0$16$02b329c0453b9273f2fc1b927443b5fe$1048576$12$00b0a67f961dd80103000000$60$d59f37e70696f7eab6b8f95ae93bd53f3f7067d5e33c0394b3d8e2d1fdb885cb86c1b978f6cc12ed26de0889cd2196b0510bbcd2a8c89187ba8ec54f' /usr/share/wordlists/rockyou.txt
Example output:
Session..........: hashcat
Status...........: Cracked
Hash.Mode........: 22100 (BitLocker)
Hash.Target......: $bitlocker$0$16$02b329c0453b9273f2fc1b927443b5fe$10...8ec54f
Time.Started.....: Sat Apr 19 17:49:25 2025 (1 min, 56 secs)
Time.Estimated...: Sat Apr 19 17:51:21 2025 (0 secs)
Speed.#1.........: 25 H/s (9.28ms) @ Accel:64 Loops:4096 Thr:1 Vec:8
Recovered........: 1/1 (100.00%) Digests (total), 1/1 (100.00%) Digests (new)
Progress.........: 2880/14344385 (0.02%)
Candidates.#1....: pirate -> soccer9
$bitlocker$0$...:1234qwer
Note: BitLocker uses strong AES encryption, so cracking may take considerable time depending on hardware.
Mounting BitLocker Drives in Windows
Double-click the .vhd file. Windows will show an error initially since it’s encrypted. After mounting, double-click the BitLocker volume to be prompted for the password.
Mounting BitLocker Drives in Linux
Install dislocker:
sudo apt-get install dislocker
Create mount directories:
sudo mkdir -p /media/bitlocker
sudo mkdir -p /media/bitlockermount
Configure VHD as loop device, decrypt, and mount:
sudo losetup -f -P Backup.vhd
sudo dislocker /dev/loop0p2 -u1234qwer -- /media/bitlocker
sudo mount -o loop /media/bitlocker/dislocker-file /media/bitlockermount
Browse the files:
cd /media/bitlockermount/
ls -la
Unmount when done:
sudo umount /media/bitlockermount
sudo umount /media/bitlocker
Cracking OpenSSL Encrypted GZIP Files
Some archive formats don’t natively support password protection. Use the file command to identify OpenSSL encrypted files:
file GZIP.gzip
# GZIP.gzip: openssl enc'd data with salted password
When cracking OpenSSL encrypted files with hashcat, you may encounter challenges including false positives. A more reliable approach is to use openssl within a loop:
for i in $(cat rockyou.txt); do
openssl enc -aes-256-cbc -d -in GZIP.gzip -k $i 2>/dev/null | tar xz
done
GZIP-related error messages can be safely ignored. When the correct password is found, the file is extracted to the current directory.
Collecting Archive File Extensions
To get a comprehensive list of archive file types:
curl -s https://fileinfo.com/filetypes/compressed | html2text | awk '{print tolower($1)}' | grep "\." | tee -a compressed_ext.txt