HackrGG – Learn by Hacking

hashcat is the world's fastest password cracker. It takes a hash (like the ones stored in databases) and tries to find the original password by hashing millions of guesses and comparing them.

Remember the hashing module — a hash is one-way. hashcat doesn't reverse it. It guesses, hashes the guess, and compares. With a GPU, it can try billions of MD5 hashes per second.

INSTALL

KALI / DEBIAN

sudo apt install hashcat

MACOS

brew install hashcat

WINDOWS

Download from hashcat.net → extract → run hashcat.exe

Two main attack modes

Dictionary Attack (-a 0)

Try every word in a wordlist. rockyou.txt is the most common — it's a real leaked password list with 14 million passwords from a 2009 breach. Most people use passwords that are in it.

hashcat -m 0 -a 0 hashes.txt rockyou.txt

Brute Force (-a 3)

Try every possible combination of characters. Slow, but guaranteed to find the password eventually. Practical only for short passwords.

hashcat -m 0 -a 3 hashes.txt ?a?a?a?a?a?a

Hash types (-m flag)

hashcat needs to know what type of hash it's cracking. Common ones:

    -m 0MD5
    -m 100SHA-1
    -m 1400SHA-256
    -m 3200bcrypt
    -m 1800sha512crypt (Linux /etc/shadow)
    -m 1000NTLM (Windows passwords)
  

What is hashcat?

Two main attack modes

Hash types (-m flag)