Linux command
hashcat 命令
文本
复制后可按需替换文件名、目录或参数。
常用示例
Run a dictionary attack
hashcat -m 0 -a 0 [hashes.txt] [wordlist.txt]
Crack SHA-256 hashes
hashcat -m 1400 -a 0 -o [cracked.txt] [hashes.txt] [wordlist.txt]
Brute-force attack
hashcat -m 0 -a 3 [hashes.txt] '?l?l?l?l?l?l?l?l'
Run benchmark
hashcat -b
Show already cracked passwords
hashcat -m 0 --show [hashes.txt]
Crack bcrypt hashes
hashcat -m 3200 -a 0 -D 2 [hashes.txt] [wordlist.txt]
Resume a previous session
hashcat --restore
Crack NTLM hashes
hashcat -m 1000 -a 0 -r [rules/best64.rule] [hashes.txt] [wordlist.txt]
说明
hashcat is a high-performance password recovery tool that uses CPU, GPU, and other hardware accelerators to crack hashed passwords. It supports over 300 hash types including MD5, SHA-family, bcrypt, WPA, and many application-specific formats. The tool offers multiple attack modes: dictionary attacks use wordlists, brute-force uses masks to generate candidates, combinator joins words from multiple dictionaries, and hybrid modes combine approaches. Rules can transform dictionary words to match common password patterns. Hashcat maintains a potfile storing cracked hashes to avoid redundant work. Sessions can be paused and restored. The tool automatically optimizes for available hardware and supports distributed cracking across multiple machines.
参数
- -m, --hash-type _NUM_
- Hash type (0=MD5, 1000=NTLM, 1400=SHA256, 1800=SHA512crypt, 3200=bcrypt)
- -a, --attack-mode _NUM_
- Attack mode (0=dictionary, 1=combinator, 3=brute-force, 6=hybrid, 7=hybrid)
- -o, --outfile _FILE_
- Output file for recovered passwords
- -r, --rules-file _FILE_
- Rule file for word mangling
- -D, --opencl-device-types _NUM_
- Device types (1=CPU, 2=GPU, 3=FPGA/DSP/Co-Processor)
- -w, --workload-profile _NUM_
- Workload profile (1=low, 2=default, 3=high, 4=nightmare)
- -b, --benchmark
- Run benchmark on all hash types
- --show
- Show cracked passwords from potfile
- --remove
- Remove hashes from file once cracked
- --restore
- Restore previous session
- --session _NAME_
- Name session for restore capability
- --status
- Enable automatic status updates
- --runtime _SECS_
- Abort after specified seconds
- -1, -2, -3, -4
- Define custom character sets for masks
- -i, --increment
- Enable mask increment mode
- --increment-min _NUM_
- Start mask length for increment
- --increment-max _NUM_
- Stop mask length for increment
- -h, --help
- Show help message
- -V, --version
- Show version
FAQ
What is the hashcat command used for?
hashcat is a high-performance password recovery tool that uses CPU, GPU, and other hardware accelerators to crack hashed passwords. It supports over 300 hash types including MD5, SHA-family, bcrypt, WPA, and many application-specific formats. The tool offers multiple attack modes: dictionary attacks use wordlists, brute-force uses masks to generate candidates, combinator joins words from multiple dictionaries, and hybrid modes combine approaches. Rules can transform dictionary words to match common password patterns. Hashcat maintains a potfile storing cracked hashes to avoid redundant work. Sessions can be paused and restored. The tool automatically optimizes for available hardware and supports distributed cracking across multiple machines.
How do I run a basic hashcat example?
Run `hashcat -m 0 -a 0 [hashes.txt] [wordlist.txt]` in a terminal, then adjust file names, paths, flags, or remote targets for your system.
What does -m, --hash-type _NUM_ do in hashcat?
Hash type (0=MD5, 1000=NTLM, 1400=SHA256, 1800=SHA512crypt, 3200=bcrypt)