HTDark | Underground Hacking Forum and Cybersecurity Community
  • Earn real money by being active: Hello Guest, earn real money by simply being active on the forum — post quality content, get reactions, and help the community. Once you reach the minimum credit amount, you’ll be able to withdraw your balance directly. Learn how it works.

Cracking 🔓Hashcat - Cheatsheet, Tips and Useful Commands

dEEpEst

dEEpEst

☣☣ In The Depths ☣☣
Staff member
Administrator
Super Moderator
Hacker
Specter
Crawler
Shadow
Joined
Mar 29, 2018
Messages
13,859
Solutions
4
Reputation
27
Reaction score
45,545
Points
1,813
Credits
55,080
‎7 Years of Service‎
 
56%
🔓Hashcat - Cheatsheet, Tips and Useful Commands

🚀 This post was created for the Hack Tools Dark Community.


Below is a guide to Hashcat, one of the most powerful password cracking tools using GPU acceleration.
It includes techniques, practical commands, and advanced configurations to maximize results in pentesting or security audits.

⚠️ Disclaimer: This content is for educational purposes only and must be used exclusively in authorized environments.
Neither the author nor the HTDark community is responsible for any misuse.


What is Hashcat?
Hashcat is a fast and flexible password recovery tool that supports many hash types.
It uses GPU acceleration to significantly improve cracking performance.

Basic Commands
Bash: 
# Identify the hash type using hashid or hash-identifier
hashid hash.txt
hash-identifier

# Dictionary attack
hashcat -m 0 -a 0 hashes.txt rockyou.txt

# Custom brute-force attack
hashcat -m 0 -a 3 hashes.txt ?a?a?a?a?a?a

# Resume a previous session
hashcat --restore

# Show cracked passwords
hashcat -m 0 -a 0 hashes.txt rockyou.txt --show

Common Hash Modes (-m)
  • 0 = MD5
  • 100 = SHA1
  • 1400 = SHA256
  • 1800 = sha512crypt $6$
  • 3200 = bcrypt $2a$
  • 22000 = WPA/WPA2 PMKID/EAPOL
  • 1000 = NTLM (Windows)
  • 1710 = sha1(md5($pass))
  • 2811 = MYSQL5

Tips and Tricks
  • Use smart masks:
    Example: `?u?l?l?l?d?d?d` = 1 uppercase, 3 lowercase, 3 digits
  • Combine with rules:
    `-r rules/best64.rule` to apply mutations over wordlists
  • Use multiple dictionaries:
    `hashcat -a 0 -m 0 hash.txt dict1.txt dict2.txt`
  • Filter cracked passwords by length:
    `cat hashcat.potfile | awk '{print $2}' | awk 'length > 8'`
  • Avoid GPU overheating:
    Use `--gpu-temp-retain=70`
  • Combinator attack:
    Example: Names + dates
    `hashcat -a 1 -m 0 hash.txt names.txt dates.txt`

Command for WPA/WPA2 PMKID or EAPOL (-m 22000)
Bash: 
hashcat -m 22000 -a 0 capture.hc22000 rockyou.txt

Optimizing Performance
  • List available devices: `hashcat -I`
  • Force specific GPU: `-d 1`
  • Increase speed (with caution): `--force`
  • Benchmark your hardware: `--benchmark`

Common Mask Characters (?)
  • ?l = lowercase letter
  • ?u = uppercase letter
  • ?d = digit
  • ?s = special symbol
  • ?a = all printable ASCII
  • ?h = hex character (0-9, a-f)

🔗 Useful Projects with Hashcat



💬 What techniques do you use with Hashcat?
Do you have an effective custom wordlist? Any trick using rules or masks?

Share your tips and join the discussion!
 
Last edited:
You must log in or register to reply here.
Back
Top