⚠️ Pracivo Security Lab — Hash identification, cracking techniques, Hashcat and John the Ripper guides.
Hashcat Complete Guide
# INSTALLATION
# Linux: apt install hashcat
# Windows: download from hashcat.net
# BASIC SYNTAX
hashcat -m MODE -a ATTACK_MODE hash.txt wordlist.txt
# ATTACK MODES (-a)
# 0 = Dictionary (wordlist)
# 1 = Combination (two wordlists combined)
# 3 = Brute Force / Mask
# 6 = Wordlist + Mask
# 7 = Mask + Wordlist
# COMMON HASH MODES (-m)
# 0 = MD5
# 100 = SHA-1
# 1000 = NTLM (Windows)
# 1400 = SHA-256
# 1700 = SHA-512
# 1800 = SHA-512crypt (Linux /etc/shadow $6$)
# 3200 = bcrypt
# 5600 = NetNTLMv2 (from Responder)
# 13100 = Kerberos TGS (Kerberoasting)
# 18200 = Kerberos AS-REP (AS-REP Roasting)
# DICTIONARY ATTACK (most common)
hashcat -m 1000 ntlm_hashes.txt /usr/share/wordlists/rockyou.txt
# RULE-BASED ATTACK (mutates wordlist)
hashcat -m 0 hashes.txt rockyou.txt -r /usr/share/hashcat/rules/best64.rule
hashcat -m 0 hashes.txt rockyou.txt -r dive.rule # best rule file
# BRUTE FORCE with mask
hashcat -m 0 hashes.txt -a 3 ?u?l?l?l?l?d?d
# ?u = uppercase, ?l = lowercase, ?d = digit, ?s = special, ?a = all
# Common corporate password pattern (Capital + word + number):
hashcat -m 1000 hashes.txt -a 3 ?u?l?l?l?l?l?d?d?d?d
# INCREMENTAL (try all lengths)
hashcat -m 0 hashes.txt -a 3 --increment ?a?a?a?a?a?a?a?a
# WORDLIST + RULES (most effective combo)
hashcat -m 1000 hashes.txt rockyou.txt -r best64.rule -r toggles1.rule
# USEFUL OPTIONS
--show # Show cracked hashes from potfile
--username # Input has username:hash format
-o cracked.txt # Save results to file
--remove # Remove cracked hashes from input file
-w 3 # Workload profile (3 = high performance)
--force # Ignore warnings (use on VMs)
# CHECK POTFILE (previously cracked)
hashcat --show -m 1000 hashes.txt