Documentation Index
Fetch the complete documentation index at: https://docs.bytejmp.com/llms.txt
Use this file to discover all available pages before exploring further.
Overview
hashcat is the fastest offline password cracker available. For wireless attacks it cracks WPA2 handshakes (mode 22000), MSCHAPv2 hashes captured from WPA Enterprise rogue AP attacks (mode 5500), and NTLMv2 hashes from hostile portal attacks (mode 5600).
Install
Relevant Hash Modes
| Mode | Hash Type |
|---|
22000 | WPA-PMKID / WPA handshake (current) |
2500 | WPA handshake (legacy) |
5500 | NetNTLMv1 / MSCHAPv2 |
5600 | NetNTLMv2 |
Usage
hashcat -a <attack_mode> -m <hash_mode> <hashfile> <wordlist> [options]
Attack Modes
| Flag | Mode |
|---|
-a 0 | Dictionary attack |
-a 1 | Combination attack |
-a 3 | Brute-force / mask attack |
-a 6 | Hybrid wordlist + mask |
Common Flags
| Flag | Description |
|---|
-m <mode> | Hash type |
-a <mode> | Attack mode |
-w <1-4> | Workload profile (4 = insane) |
--force | Ignore warnings (needed in VMs) |
-o <file> | Output cracked hashes to file |
--show | Show previously cracked hashes |
-r <rules> | Apply rule file |
--status | Show live status during attack |
Examples
WPA2 handshake (mode 22000):
hashcat -a 0 -m 22000 hash.22000 ~/rockyou.txt --force
hashcat -a 0 -m 5500 hashcat.5500 ~/rockyou.txt --force
hashcat -a 0 -m 5600 responder.5600 ~/rockyou.txt --force
hashcat -a 0 -m 2500 hostapd.hccapx ~/rockyou.txt --force