hashcat

Hashcat is an excellent tool to ‘recover’ (aka crack) a password from a hash. It has broad support for a large number of hash types. A key difference between hashcat and John is that hashcat requires you to specify the hash mode as a command argument.

Find the Mode

To figure out which hash mode applies, check the --example-hashes

hashcat --example-hashes | grep -B 2 "<hash_preamble>"

A common MySQL example:

$ hashcat --example-hashes | grep -B 2 '$2a'           
MODE: 3200
TYPE: bcrypt $2*$, Blowfish (Unix)               
HASH: $2a$05$MBCzKhG1KhezLh.0LRa0Kuw12nLJtpHy6DIaU.JAnqJUDYspHC.Ou

Use a wordlist

You’ll need to have the hashes you want to crack stored in a file. If you just want to crack the password hash(es), then you can put one per line. If you have usernames per hash, make sure the line format is <username>:<pwhash> and when you run hashcat include the --username flag.

To crack with a basic wordlist (e.g. rockyou.txt):

hashcat -m <hash_mode> [--username] hashes.txt passwords.txt  

Show the results

To print out the results, use the --show flag

hashcat -m <hash_mode> [--username] hashes.txt --show

Switching it up with rules

But what if the password isn’t in a standard wordlist, and you want to try variants of a password(s)? Use a rule set!

hashcat -m <hash_mode> [--username] hashes.txt passwords.txt -r <rule_file>
hashcat -m 3200 --username hashes.txt passwords.txt -r /usr/share/hashcat/rules/best64.rule   # Example

Here’s a good reference article on other standard rules with some cost & cracking analysis.