hashcat brute-force or dictionary attacks tool

Hashcat is a password recovery tool, one of the fastest because it also uses the power of the GPU as well as that of the classic CPU. With hashcat you can do brute-force or dictionary attacks to an encrypted password.

Dictionary attack

Once you get a password’s hash, you can start a dictionary attack with following command:

hashcat  --force -m 1800 -a 0 hash.txt /path/dictionary.txt -o result.txt

Explanation:

--force = ignore warnings; it is useful if hashcat
          is runnings from a virtual Kali Linux
          machine;

-m 1800 = the -m option indicates the type of
          decryption to be used... in this case
          1800 point to SHA-512 hash  ($6);
          there are many hash types supported
          by hashcat; see hashcat's help for
          full list;

-a 0 = the -a option means the type of attack
       to execute:
       0 | Straight (dictionary attack)
       1 | Combination
       3 | Brute-force
       6 | Hybrid Wordlist + Mask
       7 | Hybrid Mask + Wordlist

hash.txt = it is the file containing the hash;

/path/dictionary.txt = it is the file containig
                       the wordlist for a
                       dictionary attack;

-o result.txt = it is the file in which a
                positive result will
                saved.

Brute-force attack

To make a brute-force attack, otherwise, the command will be the following:

hashcat -m 0 -a 3 hash.txt ?a -o result.txt

Explanation:

-m 0 = type of decryption to be used (see
       above and see hashcat's help);

-a 3 = attack type (3 = brute force attack):
       0 | Straight (dictionary attack)
       1 | Combination
       3 | Brute-force
       6 | Hybrid Wordlist + Mask
       7 | Hybrid Mask + Wordlist

hash.txt = it is the file containing the hash;

?a = character set to use for brute-force attack:
     l | abcdefghijklmnopqrstuvwxyz
     u | ABCDEFGHIJKLMNOPQRSTUVWXYZ
     d | 0123456789
     s | !"#$%&'()*+,-./:;<=>?@[\]^_`{|}~
     a | ?l?u?d?s
     b | 0x00 - 0xff

     in this case ?a options means all possible
     characters.
     For example, if we use ?l?l?l?l?d?d  to
     make a brute-force attack  we specify that
     the first 4 characters are only lowercase
     letters and the last 2 are only numbers;

-o result.txt = it is the file in which a
                positive result will be
                saved.

5 1 vote

Article Rating

2 Comments

Oldest

Newest Most Voted

Inline Feedbacks

View all comments

Guest

dustin

November 5, 2021 7:19 am

lots of useful information

Author

admin

November 5, 2021 7:35 am

Reply to dustin

Thanks very much. I tried to make a guide that was not very descriptive but very practical and I hope I succeeded.

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.