pwny.cc
  • Home
  • SO
    • AI
      • Evasion
        • Exercise 1
        • Exercise 2
        • Exercise 3
        • Exercise 4
    • Android
      • adb
      • apktool
      • burp suite
      • dns spoofing
      • frida
      • intent
      • jadx
      • JNI
      • objection
      • tcpdump
      • webview
    • iOS
      • objection
    • Linux
      • Internal Recon
      • Bypasses
      • Network
      • Exfiltration
      • Containers
      • Iptables
    • Windows
      • Internal Recon
      • External Recon
      • Bypasses
      • Network
      • Exfiltration
  • SHELLS
    • Misc
    • Web Shells
    • Reverse Shells
    • Obfuscated Shells
  • WEB ATTACKS
    • Misc
    • Command Injection
    • Cross-Site Scripting (XSS)
      • XSS Tips
      • WAF Bypasses
    • Insecure Direct Object Reference (IDOR)
    • Insecure File Upload
    • Local File Inclusion (LFI)
      • Bypass Techniques
      • LFI to RCE
    • OAuth
    • Open Redirect
      • Open Redirect to XSS
    • Server Side Request Forgery (SSRF)
    • Server Side Template Injection (SSTI)
    • SQL Injection (SQLi)
      • SQLMap
      • MySQL
      • MSSQL
      • Oracle
      • PostgreSQL
    • XML External Entity (XXE)
  • OTHER
    • Cracking
      • Hashcat
      • John the Ripper
    • Sandbox Escape
Powered by GitBook
On this page
  • Tool
  • Parameters
  • Attack examples
  • Complete guide about hashcat use (in spanish)

Was this helpful?

  1. OTHER
  2. Cracking

Hashcat

PreviousCrackingNextJohn the Ripper

Last updated 2 years ago

Was this helpful?

Tool

Parameters

-m: Mode (hash type)
-a: Attack type
    0 = Straight (dictionary)
    1 = Combination
    2 = Toggle-Case
    3 = Brute-force
    4 = Permutation
    5 = Table-Lookup
    8 = Prince
-w: Workload profile
    1 = Low
    2 = Medium
    3 = High
    4 = Nightmare
-O: Enable optimized kernels (limits password length)
-o: Output (if you want it to be saved in a txt)

Attack examples

#Dictionary attack
hashcat -m 1800 -a 0 shadow.txt /usr/share/wordlists/rockyou.txt​

#Brute-force attack
hashcat -m 1800 -a 3 shadow.txt

Complete guide about hashcat use (in spanish)

GitHub - hashcat/hashcat: World's fastest and most advanced password recovery utilityGitHub
Hashcat - World's fastest and most advanced password recovery utility
example_hashes [hashcat wiki]
Generic hash types
Logo
Introducción al Password CrackingJesuX Blog
Guia: Introduccion al Password Crackingó
Logo
Logo