# Hashcat

> **World's Fastest Password Cracking Tool**

## 📋 Overview

Hashcat adalah password recovery tool yang paling cepat dan canggih di dunia. Mendukung lebih dari 300+ hashing algorithms dan dikembangkan untuk keperluan penetration testing, security auditing, dan password recovery. Hashcat menggunakan GPU acceleration untuk performa maksimal.

## 🎯 Key Features

### ⚡ **High Performance**

* **GPU Acceleration** - Support NVIDIA CUDA, AMD OpenCL, Intel GPU
* **Multi-core CPU** - CPU-based cracking support
* **Distributed Cracking** - Multi-system support
* **Rule-based Attacks** - Advanced password transformation rules
* **Session Management** - Resume interrupted cracking sessions

### 🔐 **Algorithm Support**

* **300+ Hash Types** - MD5, SHA-1, SHA-256, bcrypt, scrypt, Argon2
* **Database Hashes** - Oracle, MySQL, MSSQL, PostgreSQL
* **Password Managers** - 1Password, LastPass, KeePass
* **Operating Systems** - Windows LM/NTLM, Linux shadow, macOS keychain
* **File Archives** - ZIP, RAR, 7-Zip, PDF

### 🎯 **Attack Modes**

* **Dictionary Attack** (-a 0) - Wordlist-based cracking
* **Brute Force Attack** (-a 3) - Exhaustive key search
* **Mask Attack** (-a 3) - Pattern-based brute force
* **Combination Attack** (-a 1) - Combine two wordlists
* **Hybrid Attack** (-a 6/7) - Dictionary + brute force combination

### 🔧 **Advanced Features**

* **Rule Engine** - Custom password transformation rules
* **Prince Attack** - Password mutation strategies
* **Fingerprinting** - Hash type identification
* **Benchmark Mode** - Performance testing
* **GPU Temperature Monitoring** - Hardware protection

## 🚀 Installation

### Linux Installation

```bash
# Ubuntu/Debian
sudo apt-get update
sudo apt-get install hashcat hashcat-data

# Add PPA for latest version
sudo add-apt-repository ppa:hashcat/hashcat
sudo apt-get update
sudo apt-get install hashcat

# Install GPU drivers (NVIDIA)
wget https://developer.download.nvidia.com/compute/cuda/repos/ubuntu2004/x86_64/cuda-ubuntu2004.pin
sudo mv cuda-ubuntu2004.pin /etc/apt/preferences.d/cuda-repository-pin-600
wget https://developer.download.nvidia.com/compute/cuda/11.8.0/local_installers/cuda-repo-ubuntu2004-11-8-local_11.8.0-520.61.05-1_amd64.deb
sudo dpkg -i cuda-repo-ubuntu2004-11-8-local_11.8.0-520.61.05-1_amd64.deb
sudo cp /var/cuda-repo-ubuntu2004-11-8-local/cuda-*-keyring.gpg /usr/share/keyrings/
sudo apt-get update
sudo apt-get install cuda
```

### Windows Installation

```powershell
# Download from https://hashcat.net/hashcat/
# Extract to C:\hashcat
# Install NVIDIA CUDA drivers or AMD drivers
# Add to PATH: C:\hashcat

# Verify installation
hashcat.exe --version
hashcat.exe --benchmark
```

### macOS Installation

```bash
# Using Homebrew
brew install hashcat

# From source
git clone https://github.com/hashcat/hashcat.git
cd hashcat
make
sudo make install

# Install GPU drivers if needed
# NVIDIA: Download from NVIDIA website
# AMD: Download from AMD website
```

### Docker Installation

```bash
# Pull Hashcat image
docker pull hashcat/hashcat

# Run with GPU support (NVIDIA)
docker run --rm --gpus all hashcat/hashcat --benchmark

# Run with CPU only
docker run --rm hashcat/hashcat --benchmark -m 0 -a 3 ?a?a?a?a?a?a
```

## 🔧 Basic Usage

### Command Structure

```bash
hashcat [options] hashfile [wordlist|mask] [rulefile]

# Basic format
hashcat -m [hash-type] -a [attack-mode] [options] hashfile wordlist
```

### Common Commands

```bash
# MD5 hash cracking with dictionary
hashcat -m 0 -a 0 hashes.txt wordlist.txt

# Brute force attack (8 characters, lowercase)
hashcat -m 0 -a 3 hashes.txt ?l?l?l?l?l?l?l?l

# Show cracked passwords
hashcat -m 0 hashes.txt --show

# Benchmark performance
hashcat --benchmark

# Resume interrupted session
hashcat --session mysession --restore
```

## 🎯 Attack Modes

### Dictionary Attack (-a 0)

```bash
# Basic dictionary attack
hashcat -m 0 -a 0 hashes.txt wordlist.txt

# Dictionary with rules
hashcat -m 0 -a 0 hashes.txt wordlist.txt -r best64.rule

# Multiple wordlists
hashcat -m 0 -a 0 hashes.txt wordlist1.txt wordlist2.txt

# Show progress
hashcat -m 0 -a 0 hashes.txt wordlist.txt --status --status-timer=30
```

### Combination Attack (-a 1)

```bash
# Combine two wordlists
hashcat -m 0 -a 1 hashes.txt wordlist1.txt wordlist2.txt

# Combine with separator
hashcat -m 0 -a 1 hashes.txt wordlist1.txt wordlist2.txt -j ' '

# Reverse combination
hashcat -m 0 -a 1 hashes.txt wordlist1.txt wordlist2.txt --keep-guessing
```

### Brute Force Attack (-a 3)

```bash
# 8-character lowercase
hashcat -m 0 -a 3 hashes.txt ?l?l?l?l?l?l?l?l

# Mixed character set
hashcat -m 0 -a 3 hashes.txt ?l?u?d?s?l?u?d?s

# Custom charset
hashcat -m 0 -a 3 hashes.txt -1 ?l?u?d ?1?1?1?1?1?1?1?1

# Incremental attack
hashcat -m 0 -a 3 hashes.txt --increment --increment-min=4 --increment-max=8 ?l?l?l?l?l?l?l?l
```

### Mask Attack

```bash
# Common password patterns
hashcat -m 0 -a 3 hashes.txt ?u?l?l?l?l?d?d  # Upper + lowercase + 2 digits
hashcat -m 0 -a 3 hashes.txt word?d?d?d     # word + 3 digits
hashcat -m 0 -a 3 hashes.txt ?d?d?d?dword     # 4 digits + word

# Year patterns
hashcat -m 0 -a 3 hashes.txt word?d?d?d?d
hashcat -m 0 -a 3 hashes.txt ?d?dword?d?d

# Common symbols
hashcat -m 0 -a 3 hashes.txt word?S?S?S
```

## 🔧 Character Sets

### Built-in Character Sets

```bash
?l = abcdefghijklmnopqrstuvwxyz     # lowercase letters
?u = ABCDEFGHIJKLMNOPQRSTUVWXYZ     # uppercase letters
?d = 0123456789                     # digits
?s = !"#$%&'()*+,-./:;<=>?@[\]^_`{|}~  # special characters
?a = ?l?u?d?s                      # all characters
?b = 0x00 - 0xff                    # 8-bit values
?h = 0123456789abcdef               # hex lowercase
?H = 0123456789ABCDEF               # hex uppercase
```

### Custom Character Sets

```bash
# Define custom charset (-1, -2, -3, -4)
hashcat -m 0 -a 3 hashes.txt -1 abcdef ?1?1?1?1?1?1

# Multiple custom charsets
hashcat -m 0 -a 3 hashes.txt -1 abcdef -2 123456 ?1?1?1?1?2?2

# Example: phone number pattern
hashcat -m 0 -a 3 hashes.txt -1 0123456789 ?1?1?1-?1?1?1-?1?1?1?1
```

## 📊 Hash Types

### Common Hash Types (-m flag)

```bash
# Hash Type Reference: https://hashcat.net/wiki/doku.php?id=example_hashes

# Basic hashes
-m 0   = MD5
-m 10  = MD5($pass.$salt)
-m 20  = MD5($salt.$pass)
-m 100 = SHA1
-m 900 = MD4
-m 1400 = SHA256
-m 1700 = SHA512

# Windows
-m 1000 = NTLM
-m 3000 = LM

# Linux
-m 1800 = SHA-512(Unix)
-m 2100 = Domain Cached Credentials (DCC2), MS Cache
-m 7400 = sha256crypt($pass.$salt) (SHA256 Unix)

# Database
-m 200 = MySQL323
-m 300 = MySQL4.1/MySQL5
-m 131 = MSSQL (2000)
-m 132 = MSSQL (2005)
-m 1731 = MSSQL (2012, 2014)
-m 112 = Oracle 10g
-m 12340 = Oracle 12c

# Archives
-m 12500 = RAR3-hp
-m 13000 = 7-Zip
-m 13600 = WinZip
-m 10500 = PDF 1.1-1.3 (Acrobat 2-4)
-m 10400 = PDF 1.4-1.6 (Acrobat 5-8)

# Password Managers
-m 6800 = LastPass + LastPass sniffed
-m 6600 = 1Password
-m 13400 = KeePass 1 (AES/Twofish)
-m 15500 = JKS Java KeyStore
```

## 🔧 Rule-Based Attacks

### Built-in Rule Files

```bash
# Use best64 rules
hashcat -m 0 -a 0 hashes.txt wordlist.txt -r rules/best64.rule

# Use d3ad0ne rules
hashcat -m 0 -a 0 hashes.txt wordlist.txt -r rules/d3ad0ne.rule

# Use rockyou rules
hashcat -m 0 -a 0 hashes.txt wordlist.txt -r rules/rockyou-30000.rule

# Multiple rule files
hashcat -m 0 -a 0 hashes.txt wordlist.txt -r rule1.rule -r rule2.rule
```

### Creating Custom Rules

```
# myrules.rule
:  # No rule (original word)
l  # Lowercase
u  # Uppercase
c  # Capitalize first letter
C  # Capitalize all words
t  # Toggle case
T  # Toggle all characters
r  # Reverse word
d  # Duplicate word
p  # Duplicate first character
f  # Duplicate last character
{  # Rotate left
}  # Rotate right
$1 $2 $3  # Append characters
^1 ^2 ^3  # Prepend characters
[1 [2 [3  # Delete character at position
]1 ]2 ]3  # Delete last character
```

### Advanced Rule Examples

```
# Common password mutations
$! $@ $#     # Add common symbols
^1 $1       # Add same character to both ends
$d          # Duplicate
$r          # Reverse
$c          # Capitalize
$u $d       # Uppercase + duplicate
^$p         # Prepend space
$$p         # Append space
```

## 📈 Performance Optimization

### GPU Optimization

```bash
# Benchmark specific hash type
hashcat -m 0 --benchmark

# Optimize for GPU
hashcat -m 0 -a 3 hashes.txt ?a?a?a?a?a?a?a?a -O

# Workload profile (1-4, default 2)
hashcat -m 0 -a 3 hashes.txt ?a?a?a?a?a?a?a?a -w 4

# GPU temp limit
hashcat -m 0 -a 3 hashes.txt ?a?a?a?a?a?a?a?a --gpu-temp-disable

# Skip GPU (CPU only)
hashcat -m 0 -a 3 hashes.txt ?a?a?a?a?a?a?a?a --opencl-device-types 1
```

### Session Management

```bash
# Create named session
hashcat -m 0 -a 0 hashes.txt wordlist.txt --session myattack

# Show session status
hashcat --session myattack --status

# Restore interrupted session
hashcat --session myattack --restore

# List all sessions
hashcat --session
```

### Resource Management

```bash
# Limit CPU usage
hashcat -m 0 -a 3 hashes.txt ?a?a?a?a?a?a?a?a --cpu-affinity 2

# Memory limit
hashcat -m 0 -a 3 hashes.txt ?a?a?a?a?a?a?a?a --kernel-loops 256

# Progress monitoring
hashcat -m 0 -a 3 hashes.txt ?a?a?a?a?a?a?a?a --status --status-timer=10

# Automatic saving
hashcat -m 0 -a 3 hashes.txt ?a?a?a?a?a?a?a?a --potfile-path=custom.pot
```

## 🔗 Advanced Techniques

### Prince Attack

```bash
# Prince attack (password mutation)
hashcat -m 0 -a 0 --prince wordlist.txt -o prince_output.txt
hashcat -m 0 -a 0 hashes.txt prince_output.txt

# Prince with rules
hashcat -m 0 -a 0 --prince wordlist.txt -r prince.rule -o prince_output.txt
```

### Fingerprinting

```bash
# Identify hash types
hashcat --identify hashfile.txt

# Auto-detect hash type
hashcat -m 0 -a 0 --auto hashes.txt wordlist.txt
```

### Distributed Cracking

```bash
# Split attack across multiple systems
# System 1:
hashcat -m 0 -a 3 hashes.txt ?a?a?a?a?a?a?a?a --increment --increment-min=1 --increment-max=4

# System 2:
hashcat -m 0 -a 3 hashes.txt ?a?a?a?a?a?a?a?a --increment --increment-min=5 --increment-max=8
```

## 🎯 Practical Examples

### Real-World Scenarios

```bash
# Scenario 1: Corporate password policy (8 chars, 1 uppercase, 1 number, 1 symbol)
hashcat -m 0 -a 3 hashes.txt -1 ?u?d?s ?1?l?l?l?l?l?l?l

# Scenario 2: Social media passwords (word + 2 digits + symbol)
hashcat -m 0 -a 0 hashes.txt rockyou.txt -r rules/d3ad0ne.rule | hashcat -m 0 -a 6 hashes.txt rockyou.txt ?d?d?S

# Scenario 3: Windows NTLM (common patterns)
hashcat -m 1000 -a 0 ntlm_hashes.txt rockyou.txt -r rules/best64.rule
hashcat -m 1000 -a 3 ntlm_hashes.txt ?u?l?l?l?l?d?d

# Scenario 4: WPA/WPA2 handshake cracking
hashcat -m 2500 -a 0 capture.hccapx wordlist.txt

# Scenario 5: Bitcoin wallet.dat
hashcat -m 11300 -a 3 wallet_hash ?a?a?a?a?a?a?a?a?a?a?a?a?a?a?a?a?a?a
```

### Password Policy Compliance

```bash
# Check password strength against policy
# Policy: 8-12 chars, at least 1 uppercase, 1 lowercase, 1 number, 1 symbol

# Generate all compliant passwords (for testing)
hashcat -a 3 -1 ?u?l?d?s --increment --increment-min=8 --increment-max=12 custom_charset.txt

# Test known weak patterns
hashcat -m 0 -a 3 -1 ?l?u?d ?1?1?1?1?1?1?1?1
hashcat -m 0 -a 3 ?u?l?l?l?l?l?d?d
hashcat -m 0 -a 3 Password?d?d
```

## 📊 Wordlist Management

### Popular Wordlists

```bash
# RockYou wordlist (most common passwords)
# Download: https://github.com/danielmiessler/SecLists/blob/master/Passwords/rockyou.txt

# Common passwords
# https://github.com/danielmiessler/SecLists/tree/master/Passwords/Common-Credentials

# Password policy wordlists
# https://github.com/danielmiessler/SecLists/tree/master/Passwords/Common-Policy-Wordlists

# Custom wordlist creation
hashcat -m 0 -a 3 --stdout ?u?l?l?l?l?d?d | grep -E "^[A-Z][a-z]{4}[0-9]{2}$" > custom_wordlist.txt
```

### Wordlist Generation

```bash
# Generate wordlist from leaked passwords
cat leaked_passwords.txt | sort -u > custom_wordlist.txt

# Generate from dictionary + mutations
hashcat -a 0 dictionary.txt -r rules/mutation.rule --stdout > mutated_wordlist.txt

# Generate from company information
echo -e "companyname\n2024\npassword\n123456" | hashcat -a 1 - - | sort -u > company_wordlist.txt
```

## 🎓 Learning Resources

### Official Documentation

* [Hashcat Official Wiki](https://hashcat.net/wiki/)
* [Hashcat Example Hashes](https://hashcat.net/wiki/doku.php?id=example_hashes)
* [Hashcat Rules](https://hashcat.net/wiki/doku.php?id=rule_based_attack)
* [Hashcat Forum](https://hashcat.net/forum/)

### Training Resources

* [Hashcat Primer](https://www.aldeid.com/wiki/Hashcat)
* [Password Cracking with Hashcat](https://null-byte.wonderhowto.com/collection/hashcat-password-cracking-guide/)
* [Practical Password Cracking](https://www.pentesteracademy.com/course?id=46)

### Wordlist Resources

* [SecLists](https://github.com/danielmiessler/SecLists)
* [CrackStation](https://crackstation.net/)
* [Weakpass](https://weakpass.com/wordlist/)
* [Openwall Wordlists](https://www.openwall.com/wordlists/)

## 📈 Comparison with Other Tools

| Feature              | Hashcat   | John the Ripper | Hydra   | Medusa  |
| -------------------- | --------- | --------------- | ------- | ------- |
| **GPU Support**      | ✅         | ✅               | ❌       | ❌       |
| **Hash Types**       | 300+      | 200+            | N/A     | N/A     |
| **Speed**            | 🚀 Fast   | 🚀 Fast         | N/A     | N/A     |
| **Rule Engine**      | ✅         | ✅               | ❌       | ❌       |
| **Distribution**     | ✅         | ❌               | ❌       | ❌       |
| **Learning Curve**   | 📚 Medium | 📚 Medium       | 📚 Easy | 📚 Easy |
| **Platform Support** | ✅         | ✅               | ✅       | ✅       |

## 🔧 Troubleshooting

### Common Issues

```bash
# GPU not detected
# Install appropriate drivers
# Check hashcat -I for device info

# Out of memory errors
# Reduce mask complexity
# Use incremental attacks
# Split work across multiple sessions

# Slow performance
# Update GPU drivers
# Check GPU temperature
# Optimize rule sets
# Use -O for optimized kernels

# Session corruption
# Remove corrupted session files
# Start new session with different name
# Use --restore from checkpoint
```

### Debug Mode

```bash
# Show device information
hashcat -I

# Show benchmark with device
hashcat -b -d 1

# Debug rule processing
hashcat -m 0 -a 0 --stdout wordlist.txt -r rule.rule --debug-mode=1

# Verbose output
hashcat -m 0 -a 0 hashes.txt wordlist.txt -V
```

## 🛡️ Security and Legal Considerations

### Legal Compliance

* **Authorization**: Only crack passwords you own or have permission
* **Purpose**: Use for legitimate security testing and education
* **Documentation**: Keep records of authorization
* **Scope**: Stay within defined testing boundaries

### Best Practices

* **Wordlists**: Use legally obtained wordlists
* **Results**: Handle cracked passwords responsibly
* **Storage**: Secure sensitive hash and password files
* **Cleanup**: Remove temporary files and sensitive data

### Privacy Protection

* **Data Minimization**: Only collect necessary data
* **Secure Storage**: Encrypt sensitive files
* **Access Control**: Limit access to cracking results
* **Retention**: Don't keep cracked passwords longer than necessary

***

**⚠️ Legal Notice**: Hashcat should only be used for legitimate security testing, password recovery, and educational purposes. Unauthorized password cracking is illegal.

**⚡ Pro Tip**: Start with dictionary attacks and rule-based attacks before resorting to brute force. Most passwords are variations of common patterns, not random strings.

*📅 Last Updated: 2024*