# hashcat

[hashcat](https://hashcat.net) is good at cracking passwords.  Check out the BHIS [cheat sheet](https://www.blackhillsinfosec.com/hashcat-cheatsheet/) on this topic.

## Super basic crack job
```
hashcat -m MODE file-with-hashes.txt big-list-of-passwords.txt
```
### Specify device for crack job
If you've got multiple graphics cards you should specify which to use for the task with `-d`:

```
hashcat -m MODE file-with-hashes.txt big-list-of-passwords.txt -d 2
```

### Adjust hashcat's "workload"
That's the `-w` flag and basically:

* *`-w 1` consumes the least amount of resources*
* *`-w 2` is default - balance between decent performance without nuking system responsivness*
* *`-w 3` set profile to high for max performance*

## Crack a hash against a word list and include a rules file
```
hashcat -m MODE file-with-hashes.txt big-list-of-passwords.txt -r rules\somerule.rule
```

## Cracking specific hash types

### DCC2
Make sure you get rid of all the tailing/leading info (like if you pulled from secretsdump) so that the hash starts with `$DCC2$1040#admin#3333333...`, and then:

```
hashcat -m 2100 hash.txt wordlist.txt
```

## Brute-force X-character passwords
```
hashcat -m MODE hashes.txt -a 3 ?a?a?a?a?a?a?a?a 
```

### IPMI
First see our [Metasploit guidance](/pentesting/Internal/metasploit) for grabbing the hash, then:

```
hashcat -m 7300 hash.txt wordlist.txt
```

### PMKIDs
This is good for files you've created with [hcxdumptool](/pentesting/Wifi/hcxdumptool).

```
hashcat -m 22000 file.txt wordlist.txt
```

## Benchmark your hashcat rig
```
hashcat -b
```