mirror of
https://github.com/hashcat/hashcat.git
synced 2024-11-21 23:58:07 +00:00
This file contains ambiguous Unicode characters
This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
Frequently asked questions
Source code
Hashcat suite
- hashcat - World's fastest and most advanced password recovery utility
- hashcat-utils - Small utilities that are useful in advanced password cracking
- maskprocessor - High-performance word generator with a per-position configureable charset
- statsprocessor - Word generator based on per-position markov-chains
- princeprocessor - Standalone password candidate generator using the PRINCE algorithm
- kwprocessor - Advanced keyboard-walk generator with configureable basechars, keymap and routes
Documentation for older hashcat versions like hashcat-legacy, oclHashcat, ... can be found by using the Sitemap button.
Core attack modes
- Dictionary attack - trying all words in a list; also called "straight" mode (attack mode 0, ''-a 0'')
- Combinator attack - concatenating words from multiple wordlists (mode 1)
- Brute-force attack and Mask attack - trying all characters from given charsets, per position (mode 3)
- Hybrid attack - combining wordlists+masks (mode 6) and masks+wordlists (mode 7); can also be done with rules
Other attacks
- Rule-based attack - applying rules to words from wordlists; combines with wordlist-based attacks (attack modes 0, 6, and 7)
- Toggle-case attack - toggling case of characters; now accomplished with rules
Most important wiki pages
- Example hashes
- Brute-Force attack (aka mask attack)
- When I click on hashcat.exe a black window flashes up and then disappears
- Timeout Patch
- HCCAPX format description
- Resuming cracking jobs and .restore file format description
- Cracking WPA/WPA2 with hashcat
- Using maskprocessor to generate rules
- Using rules to emulate hybrid attack
- Using rules to emulate toggle attack
- Using machine-readable output
- Ubuntu Server + AMD Catalyst + hashcat HOWTO (not up-to-date)
- HOWTO: Upgrading AMD Drivers on Windows (not up-to-date)
- hashcat and the drivers: Catalyst and ForceWare (not up-to-date)
<del>
Table-Lookup Attack beginner guide</del>
- only available in hashcat-legacy<del>
Distributing workload in oclHashcat-lite</del>
- now accomplished with ''-s/<nowiki>
--skip</nowiki>
and ''-l/<nowiki>
--limit</nowiki>
<del>
VCL Cluster HOWTO</del>
<del>
Distributing workload in oclHashcat</del>
<del>
Using maskprocessor to emulate brute-force attack</del>
- now implemented directly in hashcat<del>
Using maskprocessor to emulate mask attack in hashcat</del>
- now implemented directly in hashcat- Strike-through = Outdated article
Patches, tips and tricks
- Calculating total combinations for masks
- SSH into running terminal - using ''screen''
- I use hashcat on Windows and want to access it through ssh
<del>
Changing fan speed of ATI under linux</del>
<del>
WPA Clean and Convert Script</del>
- Strike-through = Outdated article
Howtos, Videos, Papers, Articles, etc. in the wild
- A cheat-sheet for password crackers
- A guide to password cracking with Hashcat
- Building a Password Cracking Rig for Hashcat
- Building a Password Cracking Rig for Hashcat - Part II
- Exploiting masks in Hashcat for fun and profit
- Hashcat Line Length Exceptions
- Agilebits 1Password support and Design Flaw?
- Colliding password protected MS office 97-2003 documents
- Colliding password protected PDF documents
- Facebook full directory of first and lastnames, 8GB, sorted with counts, latin and non-latin
- Explaining the PostgreSQL pass-the-hash vulnerability
- PHDays 2014, "Hashrunner challenge": Writeup Team hashcat
- PHDays 2015, "Hashrunner challenge": Writeup Team hashcat
- How not to salt a hash
- CheckPoint Security Gateway (firewall) and Security Management password hashes
- Cracking Netgear default WPA passwords with oclHashcat
- Cracking eight different TrueCrypt ciphers for the price of three
- DEFCON 2010, "Crack Me If You Can": Writeup Team hashcat
- DEFCON 2011, "Crack Me If You Can": Writeup Team hashcat
- DEFCON 2014, "Crack Me If You Can": Writeup Team hashcat
- DEFCON 2015, "Crack Me If You Can": Writeup Team hashcat
- Cracking Android passwords, a how-to
- Custom charsets and rules with John The Ripper and oclhashcat
- Efficient Password Cracking Where LM Hashes Exist for Some Users
- Introduction to Hashcat
- Passwords: A step-by-step analysis of breaking them
- Cracking IKE Mission:Improbable (Part 1)
- Cracking IKE Mission:Improbable (Part 2)
- Hashcat Per Position Markov Chains
- A Practical Guide to Cracking Password Hashes
- Rule-Fu: The art of word mangling
- How to Extract OS X Mavericks Password Hash for Cracking With Hashcat
- Statistics Will Crack Your Password
- Troy Hunt: Our password hashing has no clothes
- The 3 Way21 Confessions of a crypto cluster operator
- Passwords^12: Exploiting a SHA-1 weakness in password cracking
- Passwordscon: Advanced Password Cracking: Hashcat Techniques for the Last 20%
- Passwordscon: Optimizing the Computation of Hash Algorithms as an Attacker
- Passwordscon: I have the hashcat, I make the rules
- Cracking an MD5 of an IP address
- Bruteforcing .known_hosts file with hashcat
- Convert metasploit cachedump files to Hashcat format for cracking
- GPU Based Password Cracking with Amazon EC2 and oclHashcat
- How to crack WPA2-Enterprise EAP-MD5 with hashcat
- Cracking TrueCrypt: container, non-system, system, hidden (archived on archive.org, current version contains adware)
- Cracking Story – How I Cracked Over 122 Million SHA1 and MD5 Hashed Passwords
- Android Pin/Password Cracking
- Tool Deep Dive: PRINCE
- HASHCAT: GPU PASSWORD CRACKING FOR MAXIMUM WIN
- Video introduction to Hashcat v3 and Debug-Rules example
If your hashcat article is not listed, tell us. We would love to link it here.