HashCat: Advanced Password Cracking Tool
Introduction
HashCat is the well-known and the self-proclaimed world’s fastest and most advanced password cracking tool. This tool has 7 attack modes for 200+ highly-optimized hashing algorithms (MD4, MD5, SHA-family, Unix Crypt, MySQL, Cisco Pix, etc.). It currently supports: CPUs, GPUs, and other hardware accelerators on Linux, Windows, and macOS, and has facilities to help enable distributed password cracking.
HashCat: World’s Fastest and Most Advanced Password Cracking Tool
HashCat is a very fast password cracking tool that can help you recover / crack passwords or just discover what’s hidden behind the hash out of curiosity. There are plenty of useful password cracking tools, but HashCat has been proving to be the fastest, the most effective and powerful for years. In addition, it’s full featured:
Features:
- World’s fastest password cracker, first and only in-kernel rule engine.
- Free and Open-Source (MIT License).
- Multi-OS (Linux, Windows and macOS) and Multi-Platform (CPU, GPU, DSP, FPGA, etc.).
- Can crack multiple hashes at the same time.
- Multi-Devices & Multi-Device-Types : utilizing multiple (mixed) devices in same system.
- Supports: password candidate brain functionality, distributed cracking networks (using overlay), interactive pause/resume, sessions, restore, reading password candidates from file and
stdin
,hex-salt
andhex-charset
, automatic performance tuning, automatic keyspace ordering markov-chains. - Built-in benchmarking system.
- Integrated thermal watchdog.
200+ Hash-types
implemented with performance in mind.
GPU DriverRequirements:
- AMD GPUs on Linux: RadeonOpenCompute (ROCm) Software Platform (1.6.180+)
- AMD GPUs on Windows: AMD Radeon Software Crimson Edition (15.12+)
- Intel CPUs: OpenCL Runtime for Intel Core and Intel Xeon Processors (16.1.1+)
- Intel GPUs on Linux: OpenCL 2.0 GPU Driver Package for Linux (2.0+)
- Intel GPUs on Windows: OpenCL Driver for Intel Iris and Intel HD Graphics
- NVIDIA GPUs: NVIDIA Driver (367.x+)
Attack Modes:
- Brute-Force attack
- Combinator attack
- Dictionary attack
- Hybrid attack
- Mask attack
- Rule-based attack
- Toggle-Case attack
Install
Linux
Download the latest version:
$ wget https://hashcat.net/files/hashcat-5.1.0.7z
To install on Kali Linux, run:
$ sudo apt-get install hashcat
Redhat/Centos/Fedora
Extract the archive using the installed 7zip utility:
$ 7za x hashcat-5.1.0.7z
Ubuntu/Debian:
$ p7zip -d hashcat-5.1.0.7z
Navigate to the HashCat directory:
$ cd hashcat-5.1.0
Usage
To list available options use --help.
Usage: hashcat [options]… hash|hashfile|hccapxfile
[dictionary|mask|directory]…
[ Options ] -
Options Short / Long | Type | Description | Example
================================+======+======================================================+=======================
-m, --hash-type | Num | Hash-type, see references below | -m 1000
-a, --attack-mode | Num | Attack-mode, see references below | -a 3
-V, --version | | Print version |
-h, --help | | Print help |
-t, --markov-threshold | Num | Threshold X when to stop accepting new markov-chains | -t 50
-o, --outfile | File | Define outfile for recovered hash | -o outfile.txt
-p, --separator | Char | Separator char for hashlists and outfile | -p :
-b, --benchmark | | Run benchmark of selected hash-modes |
-c, --segment-size | Num | Sets size in MB to cache from the wordfile to X | -c 32
-I, --opencl-info | | Show info about detected OpenCL platforms/devices | -I
-d, --opencl-devices | Str | OpenCL devices to use, separated with commas | -d 1
-D, --opencl-device-types | Str | OpenCL device-types to use, separated with commas | -D 1
-O, --optimized-kernel-enable | | Enable optimized kernels (limits password length) |
-w, --workload-profile | Num | Enable a specific workload profile, see pool below | -w 3
-n, --kernel-accel | Num | Manual workload tuning, set outerloop step size to X | -n 64
-u, --kernel-loops | Num | Manual workload tuning, set innerloop step size to X | -u 256
-T, --kernel-threads | Num | Manual workload tuning, set thread count to X | -T 64
-s, --skip | Num | Skip X words from the start | -s 1000000
-l, --limit | Num | Limit X words from the start + skipped words | -l 1000000
-j, --rule-left | Rule | Single rule applied to each word from left wordlist | -j 'c'
-k, --rule-right | Rule | Single rule applied to each word from right wordlist | -k '^-'
-r, --rules-file | File | Multiple rules applied to each word from wordlists | -r rules/best64.rule
-g, --generate-rules | Num | Generate X random rules | -g 10000
-1, --custom-charset1 | CS | User-defined charset ?1 | -1 ?l?d?u
-2, --custom-charset2 | CS | User-defined charset ?2 | -2 ?l?d?s
-3, --custom-charset3 | CS | User-defined charset ?3 |
-4, --custom-charset4 | CS | User-defined charset ?4 |
-i, --increment | | Enable mask increment mode |
-S, --slow-candidates | | Enable slower (but advanced) candidate generators |
-z, --brain-client | | Enable brain client, activates -S |
[ Hash modes ] -
# | Name | Category
======+==================================================+======================================
900 | MD4 | Raw Hash
0 | MD5 | Raw Hash
5100 | Half MD5 | Raw Hash
100 | SHA1 | Raw Hash
...
16900 | Ansible Vault | Password Managers
18100 | TOTP (HMAC-SHA1) | One-Time Passwords
99999 | Plaintext | Plaintext
[ Brain Client Features ] -
| Features
===+========
1 | Send hashed passwords
2 | Send attack positions
3 | Send hashed passwords and attack positions
[ Outfile Formats ] -
| Format
===+========
1 | hash[:salt]
2 | plain
3 | hash[:salt]:plain
4 | hex_plain
5 | hash[:salt]:hex_plain
6 | plain:hex_plain
7 | hash[:salt]:plain:hex_plain
8 | crackpos
9 | hash[:salt]:crack_pos
10 | plain:crack_pos
11 | hash[:salt]:plain:crack_pos
12 | hex_plain:crack_pos
13 | hash[:salt]:hex_plain:crack_pos
14 | plain:hex_plain:crack_pos
15 | hash[:salt]:plain:hex_plain:crack_pos
[ Rule Debugging Modes ] -
| Format
===+========
1 | Finding-Rule
2 | Original-Word
3 | Original-Word:Finding-Rule
4 | Original-Word:Finding-Rule:Processed-Word
[ Attack Modes ] -
| Mode
===+======
0 | Straight
1 | Combination
3 | Brute-force
6 | Hybrid Wordlist + Mask
7 | Hybrid Mask + Wordlist
[ Built-in Charsets ] -
? | Charset
===+=========
l | abcdefghijklmnopqrstuvwxyz
u | ABCDEFGHIJKLMNOPQRSTUVWXYZ
d | 0123456789
h | 0123456789abcdef
H | 0123456789ABCDEF
s | !"#$%&'()*+,-./:;<=>?@[]^_`{|}~
a | ?l?u?d?s
b | 0x00 - 0xff
[ OpenCL Device Types ] -
| Device Type
===+=============
1 | CPU
2 | GPU
3 | FPGA, DSP, Co-Processor
[ Workload Profiles ] -
| Performance | Runtime | Power Consumption | Desktop Impact
===+=============+=========+===================+=================
1 | Low | 2 ms | Low | Minimal
2 | Default | 12 ms | Economic | Noticeable
3 | High | 96 ms | High | Unresponsive
4 | Nightmare | 480 ms | Insane | Headless
[ Basic Examples ] -
Attack- | Hash- |
Mode | Type | Example command
==================+=======+==================================================================
Wordlist | $P$ | hashcat -a 0 -m 400 example400.hash example.dict
Wordlist + Rules | MD5 | hashcat -a 0 -m 0 example0.hash example.dict -r rules/best64.rule
Brute-Force | MD5 | hashcat -a 3 -m 0 example0.hash ?a?a?a?a?a?a
Combinator | MD5 | hashcat -a 1 -m 0 example0.hash example.dict example.dict
If you stil
For full list of options and basic usage examples, click on the “documentation” button below.