Hashcat Examples

Explore common password cracking scenarios with practical Hashcat examples. Each example includes detailed explanations and command variations to help you understand and master Hashcat's capabilities.

Basic MD5 Password Cracking

Crack an MD5 hash using a wordlist attack

hashcat -m 0 -a 0 hash.txt wordlist.txt

This command performs a straight wordlist attack on an MD5 hash. The -m 0 specifies MD5 mode, and -a 0 indicates a straight attack using the provided wordlist.

Windows NTLM Hash Cracking

Crack Windows NTLM hashes using a combination attack

hashcat -m 1000 -a 1 hash.txt wordlist1.txt wordlist2.txt

This command attempts to crack NTLM hashes using a combination attack. It combines words from both wordlists to generate password candidates.

WPA/WPA2 Password Cracking

Crack WPA/WPA2 handshake captures

hashcat -m 22000 -a 0 capture.hc22000 wordlist.txt

This command attempts to crack a WPA/WPA2 handshake using a wordlist. The -m 22000 specifies WPA-PBKDF2-PMKID+EAPOL hash mode.

Rule-Based Attack

Use rules to modify wordlist entries

hashcat -m 0 -a 0 hash.txt wordlist.txt -r rules/best64.rule

This command applies the best64.rule to each word in the wordlist, generating multiple password candidates per word. Rules can significantly increase the effectiveness of your attacks.

Mask Attack for Numbers

Brute force all possible 8-digit numbers

hashcat -m 0 -a 3 hash.txt ?d?d?d?d?d?d?d?d

This command performs a mask attack to try all possible 8-digit numbers. The ?d placeholder represents any digit (0-9). Mask attacks are useful when you know the pattern of the password.

Quick Tips

Use --status to show progress
Use --show to display cracked hashes
Use -w 3 for better performance on GPUs
Use --force to ignore warnings
Always test your command on a small sample before running on large datasets

Related Resources

Remember:

Always use Hashcat responsibly and ethically. Unauthorized access to systems or data is illegal and unethical.