← All Cheatsheets

exploitation

Hashcat — Offline Password Cracking

Hashcat is the world's fastest password recovery tool supporting 300+ hash types and GPU acceleration.

10 views Apr 2026 lazyhackers

Hash Identification & Modes (14)

hashcat --identify hash.txt

Auto-identify hash type

identify

hashid hash.txt

Identify hash with hashid tool

identify

hashcat -m 0 hash.txt wordlist.txt

MD5 crack with wordlist

md5 wordlist

hashcat -m 100 hash.txt wordlist.txt

SHA1 crack

sha1 wordlist

hashcat -m 1400 hash.txt wordlist.txt

SHA256 crack

sha256 wordlist

hashcat -m 1800 hash.txt wordlist.txt

SHA512crypt ($6$) — Linux shadow

sha512 linux shadow

hashcat -m 500 hash.txt wordlist.txt

MD5crypt ($1$) — Linux shadow

md5crypt linux

hashcat -m 1000 hash.txt wordlist.txt

NTLM hash (Windows)

ntlm windows

hashcat -m 5600 hash.txt wordlist.txt

NetNTLMv2 (Responder captures)

netntlmv2 smb

hashcat -m 13100 hash.txt wordlist.txt

Kerberoast TGS hash ($krb5tgs$23$)

kerberoast ad kerberos

hashcat -m 18200 hash.txt wordlist.txt

AS-REP Roast ($krb5asrep$23$)

asrep ad kerberos

hashcat -m 3200 hash.txt wordlist.txt

bcrypt ($2*$) — common web apps

bcrypt web

hashcat -m 7300 hash.txt wordlist.txt

IPMI2 RAKP HMAC-SHA1

ipmi

hashcat -m 22921 hash.txt wordlist.txt

RSA/DSA/EC/OpenSSH private key

ssh private-key

Attack Modes (7)

hashcat -m 1000 -a 0 hash.txt rockyou.txt

Dictionary attack (-a 0)

dictionary wordlist

hashcat -m 1000 -a 1 hash.txt wordlist1.txt wordlist2.txt

Combination attack: combine two wordlists (-a 1)

combo

hashcat -m 1000 -a 3 hash.txt ?a?a?a?a?a?a

Brute force 6-char all charset (-a 3)

bruteforce mask

hashcat -m 1000 -a 6 hash.txt wordlist.txt ?d?d?d

Hybrid: wordlist + mask suffix (-a 6)

hybrid

hashcat -m 1000 -a 7 hash.txt ?d?d?d?d wordlist.txt

Hybrid: mask prefix + wordlist (-a 7)

hybrid

hashcat -m 1000 -a 0 hash.txt rockyou.txt -r /usr/share/hashcat/rules/best64.rule

Dictionary + best64 rules

rules wordlist

hashcat -m 1000 -a 0 hash.txt rockyou.txt -r /usr/share/hashcat/rules/OneRuleToRuleThemAll.rule

Dictionary + OneRuleToRuleThemAll

rules wordlist

Mask Attack (Brute Force) (4)

# Mask charsets: ?l=lowercase ?u=uppercase ?d=digits ?s=special ?a=all ?h=hex

Hashcat mask character reference

mask reference

hashcat -m 1000 -a 3 hash.txt ?u?l?l?l?l?d?d?d

Mask: 1 upper + 4 lower + 3 digits

mask bruteforce

hashcat -m 1000 -a 3 hash.txt --increment --increment-min=4 --increment-max=8 ?a?a?a?a?a?a?a?a

Incremental mask attack 4-8 chars

mask incremental

hashcat -m 1000 -a 3 hash.txt -1 ?l?d ?1?1?1?1?1?1?1?1

Custom charset: lowercase + digits, 8 chars

mask custom-charset

Performance & GPU (7)

hashcat -m 1000 -a 0 hash.txt rockyou.txt -w 3

Workload profile 3 (high performance)

performance gpu

hashcat -m 1000 -a 0 hash.txt rockyou.txt --force

Force run (ignore warnings, useful in VMs)

force vm

hashcat -m 1000 -a 0 hash.txt rockyou.txt -d 1

Use GPU device 1 only

gpu device

hashcat -m 1000 -a 0 hash.txt rockyou.txt --status --status-timer=10

Show status every 10 seconds

status

hashcat -m 1000 -a 0 hash.txt rockyou.txt --potfile-disable

Disable potfile (crack same hash again)

potfile

hashcat --show -m 1000 hash.txt

Show already-cracked hashes from potfile

show potfile

hashcat -b -m 1000

Benchmark NTLM cracking speed

benchmark speed