HASHCAT

https://github.com/hashcat/hashcat

HASHCAT Mods

Dictionary Mode (-m 0)

hashcat -a 0 -m 0 “myHash” /usr/share/wordlists/rockyou.txt
Dictionary attack.

Combinator Mode (-m 1)

https://hashcat.net/wiki/doku.php?id=combinator_attack

hashcat -a 1 -m 0 "myHash" myPrefix.txt /usr/share/wordlists/rockyou.txt
Dictionary attack with a prefix.

Mask Mode (-m 3)

https://hashcat.net/wiki/doku.php?id=mask_attack

Jokers

?l
abcdefghijklmnopqrstuvwxyz

?u
ABCDEFGHIJKLMNOPQRSTUVWXYZ

?d
0123456789

?h
0123456789abcdef

?H
0123456789ABCDEF

?s
«space»!"#$%&'()*+,-./:;<=>?@[]^_`{|}~

?a
?l?u?d?s

?b
0x00 - 0xff

Exemples

hashcat -a 3 -m 0 "myHash" ?l?l?l?l
Brute force from aaaa to zzzz.

hashcat -a 3 -m 0 "myHash" "passBegining?l?l?l?l"
Brute force from passBeginingaaaa to passBeginingzzzz.

HASHCAT Flags

-a
Attack mode (ex: 0 = straight dictionary list).

-m
Hashing type (ex: 1800 = MD5).

-o myOutFile
Store output info in myFile.

HASHCAT Hash Type

https://hashcat.net/wiki/doku.php?id=example_hashes

-m 0
MD5.

-m 500
MD5crypt, MD5 (Unix), Cisco-IOS.

-m 1800
SHA256 Unix.

-m 1000
NTLM.

-m 1100
MS Cache - DCC (Domain Cached Credentials).

-m 2100
MS Cache - DCC2 (Domain Cached Credentials 2).

-m 13000
RAR.

-m 13600
WinZip.

HASHCAT Exemples

hashcat -a 0 -m 1100 0 '15a57c379ebdfea572ad1ff91eb6ef0c:Administrator' /usr/share/wordlists/rockyou.txt
Crack DCC (Domain Cached Credentials) hash.

zip2john myFile.zip > forhashcat.txt
Remove name of the file and archive from the hash (at the beginning and the end).

hashcat -a -m 13600 forhashcat.txt /usr/share/wordslist/rockyou.txt
Crack ZIP archive password.