HASHCAT

https://github.com/hashcat/hashcat

Attack Types

Attack (-a 0)

hashcat -a 0 -m 0 “myHash” /usr/share/wordlists/rockyou.txt
Dictionary attack.

Attack (-a 1)

https://hashcat.net/wiki/doku.php?id=combinator_attack

hashcat -a 1 -m 0 "myHash" myPrefix.txt /usr/share/wordlists/rockyou.txt
Dictionary attack with a prefix.

Attack (-a 3)

https://hashcat.net/wiki/doku.php?id=mask_attack

Jokers

?l
abcdefghijklmnopqrstuvwxyz

?u
ABCDEFGHIJKLMNOPQRSTUVWXYZ

?d
0123456789

?h
0123456789abcdef

?H
0123456789ABCDEF

?s
«space»!"#$%&'()*+,-./:;<=>?@[]^_`{|}~

?a
?l?u?d?s

?b
0x00 - 0xff

Examples

hashcat -a 3 -m 0 "myHash" ?l?l?l?l
Brute force from aaaa to zzzz.

hashcat -a 3 -m 0 "myHash" "passBegining?l?l?l?l"
Brute force from passBeginingaaaa to passBeginingzzzz.

Flags

-a
Attack mode (ex: 0 = straight dictionary list).

-m
Hashing type (ex: 1800 = MD5).

-o myOutFile
Store output info in myFile.

Hash Types

https://hashcat.net/wiki/doku.php?id=example_hashes

-m 0
MD5.

-m 500
MD5crypt, MD5 (Unix), Cisco-IOS.

-m 1800
SHA256 Unix.

-m 1000
NTLM.

hashcat -a 0 -m 5600 myHashes.txt /usr/share/wordlists/rockyou.txt
Crack NetNTMLv2 hashes.

hashcat -a 0 -m 1100 0 '15a57c379ebdfea572ad1ff91eb6ef0c:Administrator' /usr/share/wordlists/rockyou.txt
Crack DCC (Domain Cached Credentials) hash.

-m 2100
MS Cache - DCC2 (Domain Cached Credentials 2).

hashcat -a 0 -m 13100 myHash.txt /usr/share/wordlists/rockyou.txt
Crack Kerberos KRB_TGS_REP hash.

-m 13000
RAR.

zip2john myFile.zip > forhashcat.txt
Remove name of the file and archive from the hash (at the beginning and the end).

hashcat -a 0 -m 13600 forhashcat.txt /usr/share/wordslist/rockyou.txt
Crack ZIP archive password.