Hashcat is an excellent tool to ‘recover’ (aka crack) a password from a hash. It has broad support for a large number of hash types. A key difference between hashcat and John is that hashcat requires you to specify the hash mode as a command argument.
Find the Mode
To figure out which hash mode applies, check the
hashcat --example-hashes | grep -B 2 "<hash_preamble>"
A common MySQL example:
$ hashcat --example-hashes | grep -B 2 '$2a' MODE: 3200 TYPE: bcrypt $2*$, Blowfish (Unix) HASH: $2a$05$MBCzKhG1KhezLh.0LRa0Kuw12nLJtpHy6DIaU.JAnqJUDYspHC.Ou
Use a wordlist
You’ll need to have the hashes you want to crack stored in a file.
If you just want to crack the password hash(es), then you can put one per line.
If you have usernames per hash, make sure the line format is
<username>:<pwhash> and when you run hashcat include the
To crack with a basic wordlist (e.g. rockyou.txt):
hashcat -m <hash_mode> [--username] hashes.txt passwords.txt
Show the results
To print out the results, use the
hashcat -m <hash_mode> [--username] hashes.txt --show
Switching it up with rules
But what if the password isn’t in a standard wordlist, and you want to try variants of a password(s)? Use a rule set!
hashcat -m <hash_mode> [--username] hashes.txt passwords.txt -r <rule_file> hashcat -m 3200 --username hashes.txt passwords.txt -r /usr/share/hashcat/rules/best64.rule # Example
Here’s a good reference article on other standard rules with some cost & cracking analysis.