ENNAENNA

Hashcat Cheat Sheet

GPU-accelerated password cracking with hashcat. Covers attack modes, hash type identifiers, rule-based mutations, mask attacks, and session management for long-running jobs.

View Hashcat tool page

Attack Modes

Straight dictionary attack against MD5 hashes

$ hashcat -m 0 -a 0 hashes.txt wordlist.txt

Combination attack joining words from two wordlists

$ hashcat -m 0 -a 1 hashes.txt wordlist1.txt wordlist2.txt

Brute-force attack with mask for 6-character all-charset passwords

$ hashcat -m 0 -a 3 hashes.txt ?a?a?a?a?a?a

Hybrid wordlist + mask appending 4 digits to each word

$ hashcat -m 0 -a 6 hashes.txt wordlist.txt ?d?d?d?d

Hybrid mask + wordlist prepending 3 digits to each word

$ hashcat -m 0 -a 7 hashes.txt ?d?d?d wordlist.txt

Common Hash Types

Crack NTLM hashes (Windows authentication)

$ hashcat -m 1000 hashes.txt wordlist.txt

Crack sha512crypt hashes ($6$ Linux shadow entries)

$ hashcat -m 1800 hashes.txt wordlist.txt

Crack bcrypt ($2a$) hashes

$ hashcat -m 3200 hashes.txt wordlist.txt

Crack Kerberoast TGS-REP (RC4) hashes

$ hashcat -m 13100 hashes.txt wordlist.txt

Crack WPA2/WPA3 PMKID and EAPOL hashes

$ hashcat -m 22000 capture.hc22000 wordlist.txt

Rules

Apply best64 rule set for common password mutations

$ hashcat -m 0 -a 0 hashes.txt wordlist.txt -r rules/best64.rule

Apply d3ad0ne rules for aggressive mutation coverage

$ hashcat -m 0 -a 0 hashes.txt wordlist.txt -r rules/d3ad0ne.rule

Toggle case on each character position

$ hashcat -m 0 -a 0 hashes.txt wordlist.txt -r rules/toggles1.rule

Chain two rule files for combined mutations (multiplicative)

$ hashcat -m 0 -a 0 hashes.txt wordlist.txt -r r1.rule -r r2.rule

Mask Attacks

Mask: uppercase letter, 4 lowercase, 3 digits (e.g., Admin123)

$ hashcat -m 0 -a 3 hashes.txt ?u?l?l?l?l?d?d?d

Incremental mask from 6 to 10 characters across all charsets

$ hashcat -m 0 -a 3 --increment --increment-min 6 --increment-max 10 hashes.txt ?a?a?a?a?a?a?a?a?a?a

Custom charset: lowercase letters and digits, 8 characters

$ hashcat -m 0 -a 3 -1 ?l?d hashes.txt ?1?1?1?1?1?1?1?1

Fixed prefix with 4-digit suffix mask

$ hashcat -m 0 -a 3 hashes.txt company?d?d?d?d

Session Management

Start a named session for later restoration

$ hashcat -m 0 -a 0 hashes.txt wordlist.txt --session=crack1

Restore and continue a previously interrupted session

$ hashcat --session=crack1 --restore

Output cracked passwords only (no hash) to a file

$ hashcat -m 0 -a 0 hashes.txt wordlist.txt -o cracked.txt --outfile-format=2

Display already cracked hashes from the potfile

$ hashcat -m 0 hashes.txt --show

Disable potfile to re-crack previously found hashes

$ hashcat -m 0 -a 0 hashes.txt wordlist.txt --potfile-disable

More Cheat Sheets

Nmap Cheat Sheet

6 sections

SQLMap Cheat Sheet

5 sections

ffuf Cheat Sheet

5 sections

Nuclei Cheat Sheet

5 sections

Subfinder Cheat Sheet

4 sections

Metasploit Cheat Sheet

5 sections