$devvkit learn --librarie hashcat-guide
Hashcat Guide
[crypto][password][gpu][security]
Security & Cryptography
Install
brew install hashcat # Download: hashcat.net/hashcat/ sudo apt install hashcat # Windows: download from website (no installer needed)
hashcat harnesses GPU power (NVIDIA CUDA, AMD ROCm, or Apple Metal) to crack password hashes at billions of guesses per second. It supports 320+ hash modes (MD5, SHA1/256/512, bcrypt, scrypt, NTLM, Kerberos, WPA/WPA2, etc.).
The basic workflow: get a hash (e.g., from a breach dump), identify the hash type (`hashid` or `hashcat --example-hashes`), pick a wordlist (rockyou.txt, SecLists), and choose appropriate rules. Typical: `hashcat -m 1000 -a 0 hashes.txt rockyou.txt -r best64.rule`.
Hash modes: `-m 0` = MD5, `-m 1000` = NTLM, `-m 1400` = SHA256, `-m 3200` = bcrypt (cost factor 5+), `-m 17200` = PKZIP. Attack modes: `-a 0` = dictionary, `-a 3` = brute-force mask, `-a 6` = hybrid dict + mask, `-a 7` = hybrid mask + dict.
Dictionary Attack
Dictionary attack— Basic wordlist attack.
hashcat -m 1000 -a 0 hashes.txt rockyou.txt # -m 1000 = NTLM, -a 0 = dictionary # Default: use all GPUs, auto-detect hashcat -m 0 -a 0 hashes.txt /usr/share/wordlists/rockyou.txt # MD5
Show cracked passwords— List recovered hashes.
hashcat -m 1000 --show hashes.txt # Show cracked: hash:password hashcat -m 1000 --left hashes.txt # Show remaining uncracked hashcat -m 1000 --show --username hashes.txt # If hashes have usernames
Rule-Based
With rules— Mutations on wordlist.
# best64.rule: common mutations (append digit, capitalize, l33t) hashcat -m 1000 -a 0 hashes.txt rockyou.txt -r rules/best64.rule # OneRuleToRuleThemAll (more comprehensive): hashcat -m 1000 -a 0 hashes.txt rockyou.txt -r /opt/OneRuleToRuleThemAll.rule # Custom rule: append 2 digits and a special char hashcat -m 1000 -a 0 hashes.txt rockyou.txt -j "$?d$?d$?s"
Brute-Force Mask
Brute-force mask— Exhaustive pattern search.
# ?l = lowercase, ?u = uppercase, ?d = digit, ?s = special, ?a = all hashcat -m 1000 -a 3 hashes.txt ?l?l?l?l?l?l?l?l # 8 lowercase chars hashcat -m 1000 -a 3 hashes.txt ?u?l?l?l?l?l?l?d?d # Capital + 6 lower + 2 digits hashcat -m 1000 -a 3 hashes.txt -i ?a # Incrementing length
Hybrid attack— Dict + mask combined.
# -a 6: wordlist + mask (Password -> Password123) hashcat -m 1000 -a 6 hashes.txt rockyou.txt ?d?d?d # -a 7: mask + wordlist (123Password) hashcat -m 1000 -a 7 hashes.txt ?d?d?d rockyou.txt
WPA/WPA2 handshake— Crack Wi-Fi passwords.
# hcxdumptool captures handshakes # Convert to hashcat format: hcxpcapngtool -o capture.hccapx capture.pcapng # OR use hcxpcapngtool for new format: hcxpcapngtool -o capture.22000 capture.pcapng # Crack: hashcat -m 22000 capture.22000 rockyou.txt -r rules/best64.rule # Verify PMKID: hashcat -m 22002 capture.22000 rockyou.txt # PMKID mode
Benchmark
Benchmark performance— Test hash/s rate.
hashcat -b # Default benchmark hashcat -b --benchmark-all # All hash types (loooong) hashcat -b -m 1000 # NTLM only hashcat -b -m 3200 # bcrypt (slow, realistic) # Compare GPU vs CPU: hashcat -b -D 1 # Only CPU devices hashcat -b -D 2 # Only GPU devices
Mode Detection
Identify hash type— Guess the hash format.
# Hashid: hashid '$2y$10$N9qo8uLOickgx2ZMRZoMyeIjZAgcfl7p92ldGxad68LJZdL17lhWy' # Detects: bcrypt $2y$ (mode 3200) # hashcat example hashes: hashcat --example-hashes | grep -i bcrypt hashcat --example-hashes | grep NTLM hashcat --identify myhash.txt