How to use the command 'hashcat' (with examples)
Hashcat is a fast and advanced password recovery tool that can be used to analyze and crack passwords. It supports various attack modes, including brute-force attacks, dictionary attacks, rule-based dictionary attacks, and combination attacks. This article will walk you through several examples of using the ‘hashcat’ command for different use cases.
Use case 1: Perform a brute-force attack (mode 3) with the default hashcat mask
Code:
hashcat --hash-type hash_type_id --attack-mode 3 hash_value
Motivation: This example is useful when you have a hashed password and want to attempt a brute-force attack, trying all possible combinations of characters to crack the password.
Explanation:
--hash-type hash_type_id: Specifies the type of hash to be cracked.--attack-mode 3: Sets the attack mode to brute-force mode.hash_value: The hash value of the password to be cracked.
Example output:
Hashcat starting…
...
Use case 2: Perform a brute-force attack (mode 3) with a known pattern of 4 digits
Code:
hashcat --hash-type hash_type_id --attack-mode 3 hash_value "?d?d?d?d"
Motivation: This example is useful when you know that the password consists of four digits and want to perform a brute-force attack specifically targeting this pattern.
Explanation:
--hash-type hash_type_id: Specifies the type of hash to be cracked.--attack-mode 3: Sets the attack mode to brute-force mode.hash_value: The hash value of the password to be cracked."?d?d?d?d": The mask specifying the pattern of the password. In this case, it represents four digits.
Example output:
Hashcat starting…
...
Use case 3: Perform a brute-force attack (mode 3) using at most 8 of all printable ASCII characters
Code:
hashcat --hash-type hash_type_id --attack-mode 3 --increment hash_value "?a?a?a?a?a?a?a?a"
Motivation: This example is useful when you have no specific information about the pattern of the password, but you know it consists of up to 8 characters from the set of all printable ASCII characters. This attack covers a wide range of possibilities.
Explanation:
--hash-type hash_type_id: Specifies the type of hash to be cracked.--attack-mode 3: Sets the attack mode to brute-force mode.--increment: Enables incremental mode where multiple character sets can be combined.hash_value: The hash value of the password to be cracked."?a?a?a?a?a?a?a?a": The mask specifying that the password can consist of up to 8 ASCII characters.
Example output:
Hashcat starting…
...
Use case 4: Perform a dictionary attack (mode 0) using the RockYou wordlist of a Kali Linux box
Code:
hashcat --hash-type hash_type_id --attack-mode 0 hash_value /usr/share/wordlists/rockyou.txt
Motivation: This example is useful when you suspect that the password is a common word or phrase that exists in popular wordlists. The RockYou wordlist, included in many Kali Linux distributions, contains millions of commonly used passwords.
Explanation:
--hash-type hash_type_id: Specifies the type of hash to be cracked.--attack-mode 0: Sets the attack mode to dictionary attack mode.hash_value: The hash value of the password to be cracked./usr/share/wordlists/rockyou.txt: The path to the RockYou wordlist file.
Example output:
Hashcat starting…
...
Use case 5: Perform a rule-based dictionary attack (mode 0) using the RockYou wordlist mutated with common password variations
Code:
hashcat --hash-type hash_type_id --attack-mode 0 --rules-file /usr/share/hashcat/rules/best64.rule hash_value /usr/share/wordlists/rockyou.txt
Motivation: This example is useful when you want to apply specific rules or mutations to a dictionary attack. The ‘best64.rule’ rule file included in hashcat provides common password transformations, such as appending numbers or capitalizing letters, which can increase the chances of successfully cracking passwords.
Explanation:
--hash-type hash_type_id: Specifies the type of hash to be cracked.--attack-mode 0: Sets the attack mode to dictionary attack mode.--rules-file /usr/share/hashcat/rules/best64.rule: Specifies the path to the rule file containing the password transformations.hash_value: The hash value of the password to be cracked./usr/share/wordlists/rockyou.txt: The path to the RockYou wordlist file.
Example output:
Hashcat starting…
...
Use case 6: Perform a combination attack (mode 1) using the concatenation of words from two different custom dictionaries
Code:
hashcat --hash-type hash_type_id --attack-mode 1 hash_value /path/to/dictionary1.txt /path/to/dictionary2.txt
Motivation: This example is useful when you suspect that the password is a combination of words from different sources. By providing two custom dictionaries, you can attempt to find the correct combination of words to crack the password.
Explanation:
--hash-type hash_type_id: Specifies the type of hash to be cracked.--attack-mode 1: Sets the attack mode to combination attack mode.hash_value: The hash value of the password to be cracked./path/to/dictionary1.txt: The path to the first custom dictionary file./path/to/dictionary2.txt: The path to the second custom dictionary file.
Example output:
Hashcat starting…
...
Use case 7: Show the result of an already cracked hash
Code:
hashcat --show hash_value
Motivation: This example is useful when you want to view the cracked password for a given hash. By using the ‘–show’ parameter, hashcat will display the cracked password associated with the provided hash value.
Explanation:
--show: Displays the result of a cracked hash.hash_value: The hash value for which you want to see the cracked password.
Example output:
Hashcat starting…
Cracked hash: 123456
Conclusion:
The ‘hashcat’ command is a powerful tool for password recovery and cracking. It offers various attack modes, including brute force, dictionary attacks, rule-based dictionary attacks, and combination attacks. By understanding and utilizing the different use cases of the ‘hashcat’ command, you can increase your chances of successfully cracking passwords and enhancing cybersecurity.
