Hashcat Basic Usage

Learn the basic usage of Hashcat for password cracking, including installation, command syntax, and common operations

This guide covers the basic usage of Hashcat, including installation, command syntax, and common operations for password cracking.

Installation

Linux Installation

Install Hashcat on Linux using package managers or from source:

Using apt (Debian/Ubuntu):

sudo apt update
sudo apt install hashcat

Using yum (CentOS/RHEL):

sudo yum install epel-release
sudo yum install hashcat

From source:

git clone https://github.com/hashcat/hashcat.git
cd hashcat
make
sudo make install

Verify the installation:

hashcat --version

Basic Command Syntax

The basic syntax for Hashcat commands follows this pattern:

hashcat [options] hashfile [dictionary|mask|directory]

Essential Parameters

1
Hash Mode (-m)

Specify the hash type using the -m parameter:

hashcat -m 0 example.hash wordlist.txt

Common hash modes:

  • 0: MD5
  • 100: SHA1
  • 1000: NTLM
  • 1800: SHA512crypt (Linux)
  • 3000: LM
  • 5500: NetNTLMv1
  • 5600: NetNTLMv2
  • 13100: Kerberos 5 TGS-REP

To see all supported hash types:

hashcat --help | grep -i "Hash modes"
2
Attack Mode (-a)

Specify the attack type using the -a parameter:

hashcat -m 0 -a 0 example.hash wordlist.txt  # Dictionary attack

Attack modes:

  • 0: Dictionary attack
  • 1: Combinator attack
  • 3: Mask attack
  • 6: Hybrid dictionary + mask
  • 7: Hybrid mask + dictionary
  • 9: Association mode
3
Input Files

Specify hash and wordlist files:

# Single hash directly in command line
hashcat -m 0 -a 0 5f4dcc3b5aa765d61d8327deb882cf99 wordlist.txt

# Hash file (one hash per line)
hashcat -m 0 -a 0 hashes.txt wordlist.txt

# Multiple wordlists
hashcat -m 0 -a 0 hashes.txt wordlist1.txt wordlist2.txt

Note:

Hashcat automatically detects if a single hash is provided directly or if a file path is given.

Common Operations

Dictionary Attack

A dictionary attack uses a wordlist to attempt password recovery:

hashcat -m 0 -a 0 example.hash wordlist.txt

Common wordlists:

  • rockyou.txt: A popular wordlist containing millions of real passwords
  • crackstation.txt: A large collection of common passwords
  • wordlists/fasttrack.txt: A smaller list of very common passwords

Example with options:

# Use a dictionary attack with rules and show the status
hashcat -m 1000 -a 0 ntlm.hash wordlist.txt -r rules/best64.rule --status

Dictionary attacks are most effective when the password is a common word or phrase.

Managing Sessions

1
Session Management

Hashcat automatically creates session files to allow resuming interrupted cracking sessions:

# Start a new named session
hashcat -m 0 -a 0 example.hash wordlist.txt --session=mysession

# Resume a session
hashcat --session=mysession --restore

You can also use the default session:

# After interruption, simply run
hashcat --restore
2
Output Management

Control how Hashcat outputs recovered passwords:

# Specify output file
hashcat -m 0 -a 0 example.hash wordlist.txt -o cracked.txt

# Specify output format
hashcat -m 0 -a 0 example.hash wordlist.txt --outfile-format=2

Output formats:

  • 1: hash[:salt]:password
  • 2: plain password
  • 3: hash[:salt]:password:hex_plain
  • 4: hex_plain
  • 5: hash[:salt]:password:plain
  • 6: plain:hex_plain
3
Potfile Management

The potfile stores all previously cracked passwords:

# Specify custom potfile
hashcat -m 0 -a 0 example.hash wordlist.txt --potfile-path=custom.pot

# Disable potfile usage
hashcat -m 0 -a 0 example.hash wordlist.txt --potfile-disable

# Show contents of default potfile
hashcat --show

Note:

Using the potfile prevents Hashcat from re-cracking previously cracked hashes, saving time and resources.

Performance Optimization

Hardware Optimization

Optimize hardware usage for better performance:

Device selection:

# List available devices
hashcat -I

# Use specific devices
hashcat -m 0 -a 0 example.hash wordlist.txt -d 1  # Use device #1
hashcat -m 0 -a 0 example.hash wordlist.txt -d 1,2  # Use devices #1 and #2

Device types:

# Use only GPUs
hashcat -m 0 -a 0 example.hash wordlist.txt -D 2

# Use only CPUs
hashcat -m 0 -a 0 example.hash wordlist.txt -D 1

Temperature management:

# Set temperature abort value (in °C)
hashcat -m 0 -a 0 example.hash wordlist.txt --hwmon-temp-abort=90

Troubleshooting

1
Common Issues

No devices found:

  • Ensure proper drivers are installed
  • Check if your GPU supports OpenCL/CUDA
  • Try running with --force option

Slow performance:

  • Update GPU drivers
  • Check for thermal throttling
  • Try different workload profiles
  • Use optimized attack modes for your hash type

Crashes or freezes:

  • Reduce workload profile (-w 1 or -w 2)
  • Update drivers
  • Check system cooling
  • Try running with --opencl-device-types=1 (CPU only)
2
Debug Mode

Use debug mode to identify issues:

# Basic debug information
hashcat -m 0 example.hash wordlist.txt --debug-mode=1

# More verbose debug information
hashcat -m 0 example.hash wordlist.txt --debug-mode=4

# Full debug with file output
hashcat -m 0 example.hash wordlist.txt --debug-mode=4 --debug-file=debug.log

Debug modes:

  • 1: Basic information
  • 2: Rule engine information
  • 3: Wordlist information
  • 4: Full information
3
Compatibility Issues

OpenCL/CUDA issues:

# Force OpenCL
hashcat -m 0 example.hash wordlist.txt --opencl-device-types=1,2

# Ignore warnings
hashcat -m 0 example.hash wordlist.txt --force

Driver issues:

  • For NVIDIA: Install latest CUDA toolkit
  • For AMD: Install latest AMD drivers with OpenCL support
  • For Intel: Install OpenCL runtime for Intel processors

Legacy hardware:

# Use legacy OpenCL kernels
hashcat -m 0 example.hash wordlist.txt --opencl-device-types=1,2 --force

Next Steps

Now that you understand the basic usage of Hashcat, explore these related topics:

  • Hash Types - Learn about the various hash algorithms supported by Hashcat
  • Attack Modes - Explore different strategies for password recovery
  • Advanced Techniques - Discover more sophisticated cracking methods