The last talk in the Open-Source password cracking series focuses on a tool that rivals the pay tools in function and capability – Hashcat.

Show Notes


The following is a summary of Hashcat functionality from the Hashcat Wiki. For more details, check out https://hashcat.net/wiki/

Very robust and open-source password hash attacking utility. The tool offers many of the options available in the pay password cracking suites and even offers some features the pay suites do not.

  • Two versions:
    • CPU based password recovery tool
    • GPU based password recovery tool (oclhashcat)
  • Available for Linux, OS X and Windows systems.
  • Command line or GUI interface


Attack Mode Highlights

Hashcat supports multiple attack modes. The following is a quick breakdown of what each does. The Hashcat wiki has much more detail so the link is included for more details. Some of these attacks, particularly the Table-Lookup Attack, are very clever approaches that some of the pay password cracking suites do not have.

  • Brute force Attack – tries all possible combinations of a given key-space.
  • Dictionary Attack – applies a wordlist to attempt to crack the password
  • Hybrid Attack – combination of a brute-force attack and dictionary attack
  • Rule-Based Attack – applies a series of rules to a dictionary attack, essentially a manually made hybrid attack. This is one of the more complicated attacks. Rules include such things as:
    • uppercase, lowercase, mixed case, etc
    • appending\ prepending
    • deleting first\ last character
    • deleting certain characters
    • duplicating certain characters certain amount of times
    • rotating words
  • Combinator Attack – allows you to apply two dictionaries in the attack, hashcat will append the words in dictionary 1 to dictionary 2 in different combinations. Also allows the creation of all possible mutations of a plaintext password via the Expander and will recombine the results with the same dictionary or another dictionary to create a third dictionary to be used in an attack.
  • Mask Attack – allows you to build a more efficient brute force attack based on password patterns by configuring a password crack attempt using placeholders. The placeholder can be a custom character set, built in character variables or static characters. There is also a incremental flag option to allow incremental building of attacks for certain character lengths.
  • Table Lookup Attack – automatic batch mask-attacks, includes character substitution tables (i.e. substituting “a” for “@, 8, ^” etc – very effective.
    • Substitution tables
    • leetspeak tables
  • Fingerprint Attack – all possible permutations are generated from the results of the Combinator
  • Permutation Attack – each word in a given dictionary generates all possible permutations of itself

Supported Algorithms (What you can attack!)

  • MD5 & SHA with or without salt
  • WordPress
  • MySQL
  • Oracle
  • WPA2
  • OS X (including 10.10)
  • Cisco
  • Skype
  • 7-zip
  • MS Office
  • Lastpass
  • Truecrypt
  • Blockchain wallet
  • Bitcoin Wallet
  • Android FDE

Source: https://hashcat.net/wiki/


Read more at:



SDF Training

Learn More

Surviving Encryption: Cryptanalysis

The open-source approach!
Learn More