Hashcat examples

Rule based attack

Use a wordlist and best64 rules to try and crack a wordpress hash. Using rockyou.txt as an example.

-m Specifies the hash type

hashcat -m 400 wordpress.hash -r rules/best64.rule wordlist/rockyou.txt

wordpress.hash is a text file that contains the password hash. You can list multiple hashes in the file

Example contents of file

bob@localhost:~$ cat wordpress.hash 

Brute force

Attempt every 8 numeric combination for a WPA2 key.

hashcat -m 2500 -a3 capture.hccapx ?d?d?d?d?d?d?d?d

Hashcat built in Charsets

You can swap out the ?d from the above command with any of the built in character sets below.

  ? | Charset
  l | abcdefghijklmnopqrstuvwxyz
  d | 0123456789
  h | 0123456789abcdef
  H | 0123456789ABCDEF
  s |  !"#$%&'()*+,-./:;<=>?@[\]^_`{|}~
  a | ?l?u?d?s
  b | 0x00 - 0xff

More information
Rule based attacks are recommended

Crack LUKS volume with Hashcat

Install hashcat

apt install hashcat

Find LUKS Volume

bob@localhost:~/$ dmesg
[ 1057.776074] sd 0:0:0:0: [sda] Write Protect is off
[ 1057.776074] sd 0:0:0:0: [sda] Mode Sense: 43 00 00 00
[ 1057.776593] sd 0:0:0:0: [sda] Write cache: enabled, read cache: enabled, doesn't support DPO or FUA
[ 1057.780234]  sda: sda1
[ 1057.783346] sd 0:0:0:0: [sda] Attached SCSI removable disk

From the above we see that the drive we just pluGged into the system is “sda” so our path and partition is “/dev/sda1”

Run hashcat

The following command will run hashcat against “/dev/sda1”, change if the encrypted partition is different. Mode is to brute force every 8 numeric character combination. Refer to the following link to learn more about mask attacks.

Note: You should be able to dump the header and work off of that as well.

sudo hashcat -a 3 -m 14600 /dev/sda1 ?d?d?d?d?d?d?d?d

Install Hashcat Utils

Hashcat - Kali Linux

Hashcat on Kali Linux

Download the Hashcat utils

wget https://github.com/hashcat/hashcat-utils/archive/master.zip

Run the following commands to unzip and make the binaries

unzip master.zip
cd hashcat-utils-master/src

You can now convert an aircrack file by invoking the cap2hccapx binary

./cap2hccapx.bin /path/to/aircrack.cap /path/for/output

How to convert an Aircrack capture file to a Hashcat hccapx

Using Aircrack

aircrack-ng input.cap -J hashcat_output

Unfortunately the above command doesn’t seem to work anymore.

If you try to run Hashcat with the outputted file you’ll get an error.

hashcat_output.hccap: Old hccap format detected! You need to update: https://hashcat.net/q/hccapx

Using Hashcat utils

Refer to this guide for installing the Hashcat utils.

Basic syntax is

./cap2hccapx.bin input.cap output.hccapx


~/Downloads/hashcat-utils-master/src/cap2hccapx.bin aircrack-01.cap aircrack.hccapx

Install Hashcat on Fedora

Install nVidia drivers.  Guide here.

Download binary files from the hashcat website


or use wget

wget https://hashcat.net/files/hashcat-

Extract with p7zip

7z x hashcat-

cd into the hashcat directory

cd hashcat-4.1.0

Run hashcat

./hashcat64.bin -t 32 -a 7 example0.hash ?a?a?a?a example.dict

Example script:

sudo dnf install p7zip
wget https://hashcat.net/files/hashcat-
7z x hashcat-
cd hashcat-4.1.0
./hashcat64.bin -t 32 -a 7 example0.hash ?a?a?a?a example.dict

If you get the following error, try re-extracting the 7z file with the “x” option, not “e”.  “x : eXtract files with full paths” and ” e : Extract files from archive (without using directory names)”

inc_cipher_aes256.cl: No such file or directory