惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

L
LINUX DO - 最新话题
cs.CV updates on arXiv.org
cs.CV updates on arXiv.org
PCI Perspectives
PCI Perspectives
cs.AI updates on arXiv.org
cs.AI updates on arXiv.org
K
KPMG report finds enterprise disconnect between AI and its ROI | CIO
H
Heimdal Security Blog
S
Security @ Cisco Blogs
N
News | PayPal Newsroom
J
Java Code Geeks
罗磊的独立博客
Security Archives - TechRepublic
Security Archives - TechRepublic
N
News and Events Feed by Topic
V
V2EX
WordPress大学
WordPress大学
Google Online Security Blog
Google Online Security Blog
N
News and Events Feed by Topic
www.infosecurity-magazine.com
www.infosecurity-magazine.com
月光博客
月光博客
AI
AI
小众软件
小众软件
The GitHub Blog
The GitHub Blog
MongoDB | Blog
MongoDB | Blog
A
Arctic Wolf
CTFtime.org: upcoming CTF events
CTFtime.org: upcoming CTF events
美团技术团队
Threat Intelligence Blog | Flashpoint
Threat Intelligence Blog | Flashpoint
Exploit-DB.com RSS Feed
Exploit-DB.com RSS Feed
Hacker News - Newest:
Hacker News - Newest: "LLM"
T
Tailwind CSS Blog
S
Schneier on Security
博客园 - 三生石上(FineUI控件)
F
Full Disclosure
B
Blog RSS Feed
Forbes - Security
Forbes - Security
S
SegmentFault 最新的问题
钛媒体:引领未来商业与生活新知
钛媒体:引领未来商业与生活新知
人人都是产品经理
人人都是产品经理
云风的 BLOG
云风的 BLOG
Jina AI
Jina AI
Cisco Talos Blog
Cisco Talos Blog
U
Unit 42
Project Zero
Project Zero
H
Hacker News: Front Page
Y
Y Combinator Blog
Application and Cybersecurity Blog
Application and Cybersecurity Blog
The Cloudflare Blog
大猫的无限游戏
大猫的无限游戏
S
Secure Thoughts
The Hacker News
The Hacker News
Microsoft Azure Blog
Microsoft Azure Blog

Black Hills Information Security, Inc.

Bad Habits: An ANTISOC Operation Same Problem, Different Angles: When Red Team and Blue Team Actually Talk to Each Other How to Identify and Exploit New Vulnerabilities Swapper – A Pure Regex Match/Replace Burp Extension A Practical Guide to BloodHound Data Collection Network Engineering Basics Signed, Trusted, and Abused: Proxy Execution via WebView2 Getting Started In Pentesting – Advice From The BHIS Pentest Lead Cloud Security: Tips and Resources for Securing the Cloud Lessons From A Chatbot Incident How to Lead Effective Tabletops Understanding GRC: How to Navigate Risks and Compliance Standards The “P” in PAM is for Persistence: Linux Persistence Technique Malware Analysis: How to Analyze and Understand Malware OSINT: How to Find, Use, and Control Open-Source Intelligence What to Do with Your First Home Lab When the SOC Goes to Deadwood: A Night to Remember Social Engineering and Microsoft SSPR: The Road to Pwnage is Paved with Good Intentions Common Cyber Threats Finding the Right Penetration Testing Company Deceptive-Auditing: An Active Directory Honeypots Tool The Curious Case of the Comburglar How to Set Smart Goals (That Actually Work For You) Inside the BHIS SOC: A Conversation with Hayden Covington Abusing Delegation with Impacket (Part 3): Resource-Based Constrained Delegation Why You Got Hacked – 2025 Super Edition Abusing Delegation with Impacket (Part 2): Constrained Delegation Abusing Delegation with Impacket (Part 1): Unconstrained Delegation GoSpoof – Turning Attacks into Intel Model Context Protocol (MCP) Bypassing WAFs Using Oversized Requests Getting Started with AI Hacking Part 2: Prompt Injection Wrangling Windows Event Logs with Hayabusa & SOF-ELK (Part 2) DomCat: A Domain Categorization Tool Wrangling Windows Event Logs with Hayabusa & SOF-ELK (Part 1) Microsoft Store and WinGet: Security Risks for Corporate Environments Default Web Content MailFail Commonly Abused Administrative Utilities: A Hidden Risk to Enterprise Security Stop Spoofing Yourself! Disabling M365 Direct Send Bypassing CSP with JSONP: Introducing JSONPeek and CSP B Gone Offensive Tooling Cheatsheets: An Infosec Survival Guide Resource DNS Triage Cheatsheet GraphRunner Cheatsheet Burp Suite Cheatsheet Impacket Cheatsheet Wireshark Cheatsheet EyeWitness Cheatsheet Nmap Cheatsheet Netcat (nc) Cheatsheet Hunt for Weak Spots in Your Wireless Network with Airodump-ng from the Aircrack-ng Suite Detecting ADCS Privilege Escalation Vulnerability Scanning with Nmap Getting Started with NetExec: Streamlining Network Discovery and Access How to Use Dirsearch Augmenting Penetration Testing Methodology with Artificial Intelligence – Part 3: Arcanum Cyber Security Bot How to Design and Execute Effective Social Engineering Attacks by Phone Abusing S4U2Self for Active Directory Pivoting Why Use a Macro Pad? Espanso: Text Replacement, the Easy Way Caging Copilot: Lessons Learned in LLM Security Augmenting Penetration Testing Methodology with Artificial Intelligence – Part 2: Copilot Augmenting Penetration Testing Methodology with Artificial Intelligence – Part 1: Burpference Intercepting Traffic for Mobile Applications that Bypass the System Proxy How to Root Android Phones Communicating Security to the C-Suite: A Strategic Approach Offline Memory Forensics With Volatility Getting Started with AI Hacking: Part 1 Go-Spoof: A Tool for Cyber Deception How to Test Adversary-in-the-Middle Without Hacking Tools Canary in the Code: Alert()-ing on XSS Exploits How to Hack Wi-Fi with No Wi-Fi Why Your Org Needs a Penetration Test Program Burp Suite Extension: Copy For Light at the End of the Dark Web Wi-Fi Forge: Practice Wi-Fi Security Without Hardware Avoiding Dirty RAGs: Retrieval-Augmented Generation with Ollama and LangChain Gone Phishing: Installing GoPhish and Creating a Campaign 5 Things We Are Going to Continue to Ignore in 2025 John Strand’s 5 Phase Plan For Starting in Computer Security Questions From a Beginner Threat Hunter GRC for Security Managers: From Checklists to Influence AI Large Language Models and Supervised Fine Tuning Attack Tactics 9: Shadow Creds for PrivEsc w/ Kent & Jordan One Active Directory Account Can Be Your Best Early Warning Introduction to Zeek Log Analysis Indecent Exposure: Your Secrets are Showing Creating Burp Extensions: A Beginner’s Guide Pitting AI Against AI: Using PyRIT to Assess Large Language Models (LLMs) The Top Ten List of Why You Got Hacked This Year (2023/2024) ICS Hard Knocks: Mitigations to Scenarios Found in ICS/OT Backdoors & Breaches Intro to Data Analytics Using SQL Finding Access Control Vulnerabilities with Autorize The Detection Engineering Process Cyber Risk Lessons We Can Learn From Hurricane Preparedness Intro to Desktop Application Testing Methodology What Is Penetration Testing? Adversary in the Middle (AitM): Post-Exploitation Pentesting, Threat Hunting, and SOC: An Overview QEMU, MSYS2, and Emacs: Open-Source Solutions to Run Virtual Machines on Windows
Hashcat Cheatsheet
BHIS · 2025-08-06 · via Black Hills Information Security, Inc.

, , , , ,

Created by Justin Wang || Revised by Kent Ickler

This blog is part of Offensive Tooling Cheatsheets: An Infosec Survival Guide Resource. You can learn more and find all of the cheatsheets HERE: https://www.blackhillsinfosec.com/offensive-tooling-cheatsheets/

Hashcat Cheatsheet: PRINT-FRIENDLY PDF

Find the tool here: https://github.com/hashcat/hashcat


Hashcat is a powerful tool for recovering lost passwords, and, thanks to GPU acceleration, it’s one of the fastest. It works by rapidly trying different password guesses to determine the original password from its scrambled (hashed) version. Hashcat uses various clever techniques, like dictionary attacks (testing common passwords), leetspeak tricks (e.g., replacing “e” with “3”), pattern-based guessing, and combining different words or phrases. This helps expose weak passwords and poor security habits, which many people rely on when configuring and registering accounts online. Because of its effectiveness, Hashcat is widely used in cybersecurity training, ethical hacking, and penetration testing to improve password security and help organizations strengthen their defenses.

hashcat -m # <file storing your hash> <path to wordlist> -a <attack>

Commonly Used Modes (-m)

0MD5
900MD4
1700SHA2-512
10MD5 ($pass.$salt)
20MD5 ($salt.$pass)
110SHA1:salt
120SHA1:pass
2600md5(md5($pass))
4500sha1(sha1($pass))
400phpass
8900scrypt
2500WPA/WPA2
2501WPA/WPA2 PMK
4800iSCSI CHAP authentication, MD5(CHAP)
5500NetNTLMv1 / NetNTLMv1+ESS
5600NetNTLMv2
7500Kerberos 5, etype 23, AS-REQ Pre-Auth
7300IPMI 2 RAKP HMAC-SHA1
7350IPMI2 RAKP HMAC-MD5
13100Kerberos 5, etype 23, TGS-REP
18200Kerberos 5, etype 23, AS-REP
19600Kerberos 5, etype 17, TGS-REP
19700Kerberos 5, etype 18, TGS-REP
19800Kerberos 5, etype 17, Pre-Auth
19900Kerberos 5, etype 18, Pre-Auth
27000NetNTLMv1 / NetNTLMv1+ESS (NT)
27100NetNTLMv2 (NT)
27300SNMPv3 HMAC-SHA512-384
28900Kerberos 5, etype 18, DB
1000NTLM
1100Domain Cached Credentials (DCC), MS Cache
1800sha512crypt $6$, SHA512 (Unix)
3000LM
5700Cisco-IOS type 4 (SHA256)
7400sha256crypt $5$, SHA256 (Unix)
8100Citrix NetScaler (SHA1)
12800MS-AzureSync PBKDF2-HMAC-SHA256
131MSSQL (2000)
132MSSQL (2005)
200MySQL323
300MySQL4.1/MySQL5
1731MSSQL (2012, 2014)
1600Apache $apr1$ MD5, md5apr1, MD5 (APR)
8300DNSSEC (NSEC3)
15000FileZilla Server > 0.9.55
22100Bitlocker
22400AES Crypt (SHA256)
29521LUKS v1 SHA-256 + AES
9500MS Office 2010
9600MSOffice 2013
5200Password Safe v3
6800LastPass + LastPass sniffed
13400KeePass 1 (AES/Twofish) and KeePass 2 (AES)
29700KeePass 1 (AES/Twofish) and KeePass 2 (AES) – keyfile only mode
116007Zip
13600WinZip

Attack Modes (-a)

0 = Straight Dictionary Attack
Example: hashcat -m 500 -a 0 hash.txt dict.txt
1 = Combination Attack
Example: hashcat -m 500 -a 1 hash.txt dict1.txt dict2.txt
3 = Brute Force Attack
Example: hashcat -m 500 -a 3 hash.txt ?l?d?u
6 = Hybrid Wordlist + Mask
Example: hashcat -m 500 -a 6 hash.txt wordlist.txt ?d?s
7 = Mask + Wordlist
Example: hashcat -m 500 -a 7 hash.txt ?d?s wordlist.txt

Useful Command Arguments

"--runtime=X"Abort session after X seconds of runtime.
"--session=X"Define session name to be string X.
"--restore"Restore Session from –session.
"-o" Define output file for recovered hash.
"--show"Show the cracked hashes.
"--left"Show the uncracked hashes.
"--username" Enable ignoring of usernames in hashfile.
"--remove" Enable removal of hashes once they are cracked.
"-b"Run benchmark of selected hash modes.

Mask Character Sets (?)

?labcdefghijklmnopqrstuvwxyz
?uABCDEFGHIJKLMNOPQRSTUVWXYZ
?d123456789
?h0123456789abcdef
?H0123456789ABCDEF
?s!”#$%&'()*+,-./:;<=>?@[\]^_`{|}~
?a ?l?u?d?s
?b 0x00 – 0xff

Example:

hashcat -m500 -a 3 ?l?l?a?a?a?a?d?d

Brute force cracking using the masks to check for passwords that has 2 lowercase letters, 4 characters of all possibilities and 2 numbers.

For a more expansive cheat sheet, check this out:

https://www.blackhillsinfosec.com/wp-content/uploads/2020/09/HashcatCheatSheet.v2018.1b.pdf



Explore the Infosec Survival Guide and more… for FREE!

Get instant access to all issues of the Infosec Survival Guide, as well as content like our self-published infosec zine, PROMPT#, and exclusive Darknet Diaries comics—all available at no cost.

You can check out all current and upcoming issues here: https://www.blackhillsinfosec.com/prompt-zine/