How to Crack Hashes using Hashcat (windows)
Downloading Hashcat and RockYou
Opening Hashcat
Extract the zip file and open it, then open the folder inside

Make a "wordlists" folder here, and put rockyou.txt inside
Make a "hashes" folder here, and make a "hash.txt" file or with whatever name you want, and put your hash inside

Replace the directory field with "cmd" and click enter


What hash-mode is your hash?
If you don't know what type of hash yours is, visit example_hashes or try a hash identifier: md5hashing.net
Once you know what hash type yours is, find its "Hash-Mode" on the same page

Using Hashcat
Option 1: pure brute force (mode 3, not optimal)
In the terminal you get to after typing "cmd" in the directory field, enter:
hashcat.exe -m <your hash-mode> -a 3 hashes\hash.txt
It will now try to brute force all lowercase, uppercase, digits, and special characters starting from 1-character combinations and up.
Press S to view current status. Press Q to quit brute forcing.

If you cracked your hash, move to section "I cracked my hash - where is the cracked password?"
Option 2: using wordlists (mode 0, more optimal)
In the terminal, enter:
hashcat.exe -m <your hash-mode> -a 0 hashes\hash.txt wordlists\rockyou.txt
It will now try every password in rockyou.txt wordlist.
Press S to view current status like how long it will take to run through the entire wordlist. Press Q to quit cracking.

If you cracked your hash, move to section "I cracked my hash - where is the cracked password?"
I cracked my hash - where is the cracked password?

In the hashcat folder, search for "hashcat.potfile"

Open it with a text editor like Notepad. Your hash + the cracked password will be in there.

I'm trying to crack a zip or rar file, how do I get the hash out from it?
Upload the file to https://hashes.com/en/johntheripper/zip2john and save the hash in a file
Is this all I can do to crack my hash?
Not at all. If this did not crack your hash, try more extensive wordlists. You can also try:
Isn't there some online tool that can crack it for me?
Most likely not — but you can try: