Hashcat Password Cracking Cheatsheet

Complete hashcat reference for hash modes, attack types, mask characters, rule-based attacks, and optimization flags. (39 payloads)

Common Hash Modes (-m)

(12)

hashcat -m 0 hash.txt wordlist.txt

-m 0: MD5

hashcat -m 100 hash.txt wordlist.txt

-m 100: SHA-1

hashcat -m 1400 hash.txt wordlist.txt

-m 1400: SHA-256

hashcat -m 1000 hash.txt wordlist.txt

-m 1000: NTLM (Windows password hashes)

hashcat -m 5500 hash.txt wordlist.txt

-m 5500: NetNTLMv1

hashcat -m 5600 hash.txt wordlist.txt

-m 5600: NetNTLMv2 (Responder captures)

hashcat -m 13100 hash.txt wordlist.txt

-m 13100: Kerberoast (TGS-REP)

hashcat -m 18200 hash.txt wordlist.txt

-m 18200: AS-REP Roast

hashcat -m 3200 hash.txt wordlist.txt

-m 3200: bcrypt ($2*$)

hashcat -m 1800 hash.txt wordlist.txt

-m 1800: sha512crypt ($6$) — Linux /etc/shadow

hashcat -m 500 hash.txt wordlist.txt

-m 500: md5crypt ($1$) — old Linux/MD5 shadow

hashcat -m 16500 jwt.txt wordlist.txt

-m 16500: JWT (HS256) weak secret cracking

Attack Modes (-a)

(6)

hashcat -m 0 -a 0 hash.txt /usr/share/wordlists/rockyou.txt

-a 0: Dictionary attack — wordlist only

hashcat -m 0 -a 1 hash.txt wordlist1.txt wordlist2.txt

-a 1: Combination attack — concatenate every word from both lists

hashcat -m 0 -a 3 hash.txt "?l?l?l?l?l?l"

-a 3: Brute force with mask (6 lowercase letters)

hashcat -m 0 -a 6 hash.txt wordlist.txt "?d?d?d"

-a 6: Hybrid wordlist + mask (word + 3 digits)

hashcat -m 0 -a 7 hash.txt "?d?d?d" wordlist.txt

-a 7: Hybrid mask + wordlist (3 digits + word)

hashcat -m 0 -a 0 hash.txt wordlist.txt -r rules/best64.rule

-r rules: Rule-based attack (mutations, leetspeak, capitalization)

Mask Characters

(7)

?l

Lowercase letters: abcdefghijklmnopqrstuvwxyz

?u

Uppercase letters: ABCDEFGHIJKLMNOPQRSTUVWXYZ

?d

Digits: 0123456789

?s

Special characters: !"#$%&'()*+,-./:;<=>?@[\]^_`{|}~

?a

All printable ASCII (?l + ?u + ?d + ?s)

?b

All bytes (0x00-0xFF)

hashcat -m 0 -a 3 hash.txt "?u?l?l?l?d?d?s"

Example: uppercase + 3 lower + 2 digits + 1 special (7 chars)

Rules

(4)

hashcat -m 0 -a 0 hash.txt wordlist.txt -r /usr/share/hashcat/rules/best64.rule

Best64 — 64 most effective mutation rules

hashcat -m 0 -a 0 hash.txt wordlist.txt -r /usr/share/hashcat/rules/rockyou-30000.rule

Rockyou-30000 — 30000 rules from rockyou analysis

hashcat -m 0 -a 0 hash.txt wordlist.txt -r /usr/share/hashcat/rules/d3ad0ne.rule

d3ad0ne rule set — comprehensive mutations

hashcat -m 0 -a 0 hash.txt wordlist.txt -r /usr/share/hashcat/rules/Passw0rd_1337.rule

Password1 style rules — common corporate password patterns

Performance & Status

(6)

hashcat -m 0 hash.txt wordlist.txt -O

-O: Optimized kernel — faster but limits max password length to ~32

hashcat -m 0 hash.txt wordlist.txt -w 3

-w 3: Workload profile (1-4, higher = more GPU usage)

hashcat -m 0 hash.txt wordlist.txt --session mysession

Name the session for checkpointing

hashcat --restore --session mysession

Restore/resume a saved session

hashcat --show -m 0 hash.txt

--show: Display already-cracked hashes from potfile

hashcat -m 0 hash.txt wordlist.txt --status --status-timer=10

Show status every 10 seconds

Preparing Hashes

(4)

cat /etc/shadow | cut -d: -f2 | grep '$6$' > shadow_hashes.txt

Extract sha512crypt hashes from /etc/shadow

impacket-secretsdump -sam SAM -system SYSTEM LOCAL

Extract NTLM hashes from SAM/SYSTEM (offline)

impacket-secretsdump domain/user:pass@dc-ip

DCSync NTLM hashes from domain controller

Invoke-Kerberoast -OutputFormat Hashcat | Select-Object -ExpandProperty Hash

Extract Kerberoast hashes via PowerShell

ShareX LinkedIn Reddit

Level up your security testing

Install the CLI

npx payload-playground

Explore All Tools

Encoding, hashing, JWT & more

Browse Cheat Sheets

Quick-reference payload guides

Related Generators

Active Directory

Related Cheat Sheets

Post-Exploitation Cheat Sheet Active Directory & Kerberos Cheat Sheet Mimikatz Credential Dumping Cheatsheet

$loading...