> ## Documentation Index
> Fetch the complete documentation index at: https://docs.bytejmp.com/llms.txt
> Use this file to discover all available pages before exploring further.

# hashcat

> GPU-accelerated offline password cracker: supports WPA2 handshakes, MSCHAPv2, NTLMv2, and hundreds of other hash modes.

## Overview

hashcat is the fastest offline password cracker available. For wireless attacks it cracks WPA2 handshakes (mode 22000), MSCHAPv2 hashes captured from WPA Enterprise rogue AP attacks (mode 5500), and NTLMv2 hashes from hostile portal attacks (mode 5600).

***

## Install

```bash theme={"dark"}
sudo apt install hashcat
```

***

## Relevant Hash Modes

| Mode    | Hash Type                           |
| ------- | ----------------------------------- |
| `22000` | WPA-PMKID / WPA handshake (current) |
| `2500`  | WPA handshake (legacy)              |
| `5500`  | NetNTLMv1 / MSCHAPv2                |
| `5600`  | NetNTLMv2                           |

***

## Usage

```
hashcat -a <attack_mode> -m <hash_mode> <hashfile> <wordlist> [options]
```

***

## Attack Modes

| Flag   | Mode                      |
| ------ | ------------------------- |
| `-a 0` | Dictionary attack         |
| `-a 1` | Combination attack        |
| `-a 3` | Brute-force / mask attack |
| `-a 6` | Hybrid wordlist + mask    |

***

## Common Flags

| Flag         | Description                     |
| ------------ | ------------------------------- |
| `-m <mode>`  | Hash type                       |
| `-a <mode>`  | Attack mode                     |
| `-w <1-4>`   | Workload profile (4 = insane)   |
| `--force`    | Ignore warnings (needed in VMs) |
| `-o <file>`  | Output cracked hashes to file   |
| `--show`     | Show previously cracked hashes  |
| `-r <rules>` | Apply rule file                 |
| `--status`   | Show live status during attack  |

***

## Examples

WPA2 handshake (mode 22000):

```bash theme={"dark"}
hashcat -a 0 -m 22000 hash.22000 ~/rockyou.txt --force
```

MSCHAPv2 from WPA Enterprise rogue AP (mode 5500):

```bash theme={"dark"}
hashcat -a 0 -m 5500 hashcat.5500 ~/rockyou.txt --force
```

NTLMv2 from hostile portal (mode 5600):

```bash theme={"dark"}
hashcat -a 0 -m 5600 responder.5600 ~/rockyou.txt --force
```

WPA2 legacy mode 2500:

```bash theme={"dark"}
hashcat -a 0 -m 2500 hostapd.hccapx ~/rockyou.txt --force
```
