How to Crack Hashes using Hashcat (windows)

Downloading Hashcat and RockYou

Hashcat Download

RockYou Download

Opening Hashcat

Extract the zip file and open it, then open the folder inside

Opening Hashcat

Make a "wordlists" folder here, and put rockyou.txt inside

Make a "hashes" folder here, and make a "hash.txt" file or with whatever name you want, and put your hash inside

Hash File Location

Replace the directory field with "cmd" and click enter

CMD in Directory Bar CMD in Directory Bar

What hash-mode is your hash?

If you don't know what type of hash yours is, visit example_hashes or try a hash identifier: md5hashing.net

Once you know what hash type yours is, find its "Hash-Mode" on the same page

Finding Hash Mode

Using Hashcat

Option 1: pure brute force (mode 3, not optimal)

In the terminal you get to after typing "cmd" in the directory field, enter:

hashcat.exe -m <your hash-mode> -a 3 hashes\hash.txt

It will now try to brute force all lowercase, uppercase, digits, and special characters starting from 1-character combinations and up.

Press S to view current status. Press Q to quit brute forcing.

Brute Force Example

If you cracked your hash, move to section "I cracked my hash - where is the cracked password?"

Option 2: using wordlists (mode 0, more optimal)

In the terminal, enter:

hashcat.exe -m <your hash-mode> -a 0 hashes\hash.txt wordlists\rockyou.txt

It will now try every password in rockyou.txt wordlist.

Press S to view current status like how long it will take to run through the entire wordlist. Press Q to quit cracking.

Wordlist Attack

If you cracked your hash, move to section "I cracked my hash - where is the cracked password?"

I cracked my hash - where is the cracked password?

Cracked Output

In the hashcat folder, search for "hashcat.potfile"

Potfile Location

Open it with a text editor like Notepad. Your hash + the cracked password will be in there.

Potfile Contents

I'm trying to crack a zip or rar file, how do I get the hash out from it?

Upload the file to https://hashes.com/en/johntheripper/zip2john and save the hash in a file

Is this all I can do to crack my hash?

Not at all. If this did not crack your hash, try more extensive wordlists. You can also try:

Isn't there some online tool that can crack it for me?

Most likely not — but you can try: