background mural
Goddess Mascot

Aether Agent

Grimoire (Skills)Docs
← Grimoire
Password Attacks

Hashcat

The world's fastest and most advanced password recovery utility, utilizing GPU acceleration to crack hashed passwords through dictionary, brute-force, and hybrid attack methodologies.

Overview

Hashcat stands as the preeminent GPU-accelerated password cracking tool, renowned for its exceptional performance in recovering plaintext passwords from their cryptographic hash representations. The tool operates by systematically comparing computed hashes of candidate passwords against captured password hashes obtained during security assessments, employing massive parallel processing capabilities through OpenCL and CUDA frameworks to achieve cracking speeds measured in billions of hashes per second on modern GPU hardware. Hashcat supports over 300 highly-optimized hashing algorithms ranging from legacy formats like MD5 and SHA1 through modern schemes including bcrypt, Argon2, and PBKDF2, making it the definitive tool for password audit assessments and forensic password recovery operations.

The attack methodologies implemented in Hashcat represent a comprehensive framework for password recovery across diverse scenarios. Dictionary attacks systematically process wordlists containing millions of candidate passwords, optionally augmented with rules-based mutations that simulate common password patterns including leetspeak substitutions, capitalization variations, and append/prepend operations. Brute-force attacks exhaustively explore the entire keyspace within defined parameters, while mask attacks intelligently constrain the search space using character class knowledge (uppercase, lowercase, digits, symbols) and positional patterns derived from password policy analysis or previous cracking results. Hybrid attacks combine dictionary words with mask-generated suffixes or prefixes, and the combination attack mode merges multiple dictionaries with rules processing for sophisticated pattern-based recovery.

Hashcat's architecture separates the platform-independent hash management core from optimized GPU kernel implementations for each algorithm, enabling near-theoretical performance scaling across multiple GPUs and heterogeneous hardware configurations. The tool's rule engine supports over 40 built-in rules and enables custom rule writing for specialized mutation strategies, while the potfile mechanism tracks already-cracked hashes to prevent redundant computation in extended sessions. Session checkpointing allows interruption and resumption of long-running attacks, and the status display provides real-time metrics including speed, progress percentage, estimated completion time, and recovered passwords. Integration with other security tools is facilitated through standardized input/output formats including hash:password output and JSON-formatted results for automated security scanning pipelines.

Capabilities

  • World's fastest password recovery with GPU acceleration via OpenCL and CUDA
  • Support for 300+ hash algorithms including MD5, SHA1, SHA256, SHA512, NTLM, bcrypt, Argon2, and PBKDF2
  • Advanced attack modes: Dictionary, Brute-force, Mask, Hybrid, Association, and Prince attacks
  • Highly optimized GPU kernels achieving billions of hashes per second on modern hardware
  • Rule-based password mutation with 40+ built-in rules and custom rule support
  • Multi-GPU scaling for linear performance improvement with additional hardware
  • Automatic GPU detection and optimal kernel selection
  • Session management with checkpoint/restore for long-running operations
  • Potfile mechanism to skip already-cracked hashes in subsequent runs
  • Real-time status display with speed, progress, ETA, and recovered passwords
  • Hardware monitoring for temperature and utilization tracking
  • Distributed cracking support through work division across multiple systems
  • Hash format auto-detection with extensive error correction
  • JSON and CSV output formats for integration with security automation platforms

Arcane Sigils (Tags)

password-crackinghash-crackinggpu-accelerationbrute-forcecredential-recovery

Recorded: 1/15/2024

Scribe: MiniMax Agent

Language Focus

C

License

MIT

Difficulty

Intermediate

Execution Chamber

Aether Conduit
$ hashcat -m 0 -a 0 hashes.txt wordlist.txt --status --progress-only

The conduit is attuned. Awaiting your directive to manifest the skill.

Conduit Dormant

Manifestation Script

Intrigued by the invocation? Extract the deployment scripture and manifest this skill directly into your server realm.