crack passwords with hashcat | cheat-sheet
hashcat is a fast and advanced password recovery tool.
Scenarios and use cases ๐
- You can use hashcat to recover your lost WIFI access point password.
- recover password encrypted PDF file.
- recover password encrypted Microsoft Word file.
Be cautious ๐
Do not use hashcat to crack passwords of services that belong to other people. Use hashcat to recover your own lost passwords and forgotten passwords.
recover your forgotten WIFI password ๐
The best method to recover your forgotten WiFi password is to reset router. But if you want to recover the password and know it, capture the WPA handshake for the WiFi access point as packets.
After that, convert cap file into hccapx using cap2hccapx which is included with hashcat. Then use hashcat itself to crack the password hash recorded in the packet.
Here is the command to try all passwords from rockyou.txt wordlist on the wifi-handshake.hccapx and write the identified/recovered password into cracked_pass.txt if it is recovered successfully.
hashcat -m 2500 -w 3 -o cracked_pass.txt wifi-handshake.hccapx rockyou.txt
A command to try all passwords that consist of 8 digits from 00000000 to 99999999, and write the recovered password into a plain text file called cracked_pass.txt if it is found.
hashcat -m 2500 -a 3 -w 3 -o cracked_pass.txt wifi-handshake.hccapx '?d?d?d?d?d?d?d?d'
If you want to try all passwords that consist of 8 digits to 32 digits, use the following command.
hashcat -m 2500 -a 3 -w 3 -o cracked_pass.txt wifi-handshake.hccapx '?d?d?d?d?d?d?d?d?d?d?d?d' --increment --increment-min 8 --increment-max 32
recover forgotten PDF password ๐
If you have a password protected PDF file and you forgot it? You can use this command to extract the hash of the password.
pdf2john.pl sample-file.pdf > extracted-pdf-hash.txt
Then use hashcat to crack the hash.
hashcat -m 10500 extracted-pdf-hash.txt -a 0 password-list.txt
If you wanna try all passwords from 1 digit to 30 digits, use this command.
hashcat -m 10500 extracted-pdf-hash.txt -a 3 '?d?d?d?d?d?d?d?d' --increment-min 1 --increment-max 30
recover password protected Microsoft Word document ๐
If you have a Microsoft Word document which is password protected and you can’t open it or edit it because you forgot the password, you can use this command to extract the hash of the password.
python office2john.py sample-file.docx > extracted-word-hash.txt
After extracting the password hash, try to crack it using hashcat.
hashcat -a 0 -m 9400 --username -o cracked_pass.txt extracted-word-hash.txt wordlist.lst
General usage commands ๐
Perform a brute-force attack (mode 3) with the default hashcat mask:
hashcat --hash-type hash_type_id --attack-mode 3 hash_value
Perform a brute-force attack (mode 3) with a known pattern of 4 digits:
hashcat --hash-type hash_type_id --attack-mode 3 hash_value "?d?d?d?d"
Perform a brute-force attack (mode 3) using at most 8 of all printable ASCII characters:
hashcat --hash-type hash_type_id --attack-mode 3 --increment hash_value "?a?a?a?a?a?a?a?a"
Perform a dictionary attack (mode 0) using the RockYou wordlist of a Kali Linux box:
hashcat --hash-type hash_type_id --attack-mode 0 hash_value /usr/share/wordlists/rockyou.txt
Perform a rule-based dictionary attack (mode 0) using the RockYou wordlist mutated with common password variations:
hashcat --hash-type hash_type_id --attack-mode 0 --rules-file /usr/share/hashcat/rules/best64.rule hash_value /usr/share/wordlists/rockyou.txt
Perform a combination attack (mode 1) using the concatenation of words from two different custom dictionaries:
hashcat --hash-type hash_type_id --attack-mode 1 hash_value /path/to/dictionary1.txt /path/to/dictionary2.txt
Show result of an already cracked hash:
hashcat --show hash_value
Show all example hashes:
hashcat --example-hashes
To read more information about hashcat, check out the official documentation website: https://hashcat.net/wiki/doku.php?id=hashcat .
I hope you enjoyed reading this post as much as I enjoyed writing it. If you know a person who can benefit from this information, send them a link of this post. If you want to get notified about new posts, follow me on YouTube , Twitter (x) , LinkedIn , and GitHub .