EN
ENNA

Getting Started Guide

How to Install and Use Hashcat

This guide covers installing Hashcat, identifying hash types, running dictionary attacks, and using rules for effective password cracking.

Prerequisites

  • -A GPU with up-to-date drivers (NVIDIA CUDA or AMD ROCm)
  • -Hashcat supports CPU-only mode but GPU is 10-100x faster
Official Documentation
1

Install Hashcat

Install Hashcat from your package manager or download the latest release.

Debian/Ubuntu

sudo apt install hashcat

macOS

brew install hashcat

Verify GPU support

hashcat -I

Note: hashcat -I shows detected compute devices. If your GPU doesn't appear, check your driver installation. On macOS, Metal is supported natively.

2

Identify the Hash Type

Before cracking, you need to know what type of hash you're working with. Hashcat uses numeric mode codes for each hash type.

List all hash modes

hashcat --help | grep -i 'ntlm\|md5\|sha'

Common modes

# MD5 = -m 0
# SHA1 = -m 100
# SHA256 = -m 1400
# NTLM = -m 1000
# bcrypt = -m 3200
# WPA2 = -m 22000

Note: Use the tool 'name-that-hash' or 'hashid' if you don't know what type of hash you have. NTLM hashes (from Windows) are mode 1000.

3

Dictionary Attack

The most common attack mode. Try every word in a wordlist against the hash.

Basic dictionary attack (MD5)

hashcat -m 0 hashes.txt /usr/share/wordlists/rockyou.txt

NTLM hashes

hashcat -m 1000 ntlm-hashes.txt /usr/share/wordlists/rockyou.txt

Show cracked passwords

hashcat -m 0 hashes.txt --show

Note: rockyou.txt is the classic starter wordlist with 14 million passwords. On Kali it's at /usr/share/wordlists/rockyou.txt.gz - unzip it first.

4

Rule-Based Attack

Rules mutate each word in the wordlist - adding numbers, capitalizing letters, replacing characters. This massively increases coverage without needing a bigger wordlist.

Best 64 rules (fast)

hashcat -m 0 hashes.txt rockyou.txt -r /usr/share/hashcat/rules/best64.rule

Dive rules (thorough)

hashcat -m 0 hashes.txt rockyou.txt -r /usr/share/hashcat/rules/dive.rule

OneRule to rule them all

hashcat -m 0 hashes.txt rockyou.txt -r OneRule.rule

Note: best64.rule is a great starting point - it's fast and catches common patterns. dive.rule is more aggressive. The community 'OneRule' combines the best from multiple rule sets.

5

Mask Attack (Brute Force with Patterns)

When you know the password structure (like 'starts with uppercase, ends with 4 digits'), mask attacks are more efficient than pure brute force.

8-char lowercase

hashcat -m 0 hashes.txt -a 3 ?l?l?l?l?l?l?l?l

Word + 4 digits

hashcat -m 0 hashes.txt -a 3 ?u?l?l?l?l?d?d?d?d

Custom charset

hashcat -m 0 hashes.txt -a 3 -1 ?l?d ?1?1?1?1?1?1?1?1

Note: Mask charsets: ?l=lowercase ?u=uppercase ?d=digit ?s=special ?a=all. You can define custom charsets with -1, -2, -3, -4.

6

Session Management

Long cracking jobs can be paused and resumed. Always use session names for important jobs.

Named session

hashcat -m 1000 hashes.txt rockyou.txt --session=client-ntlm

Resume session

hashcat --session=client-ntlm --restore

Check status during run

# Press 's' during a running session for status
Back to HashcatFull Documentation