Reading Time: < 1 minute and

It’s a tool that let’s you bruteforce hashes. Hashcat 6.0 is the latest version and support around 208 different hash types ! You can use the CPU or the GPU to compute the hashes.

examples of hashtype NTLM, Kerberos, WPA2, MD5, SHA, Cisco, 7zip, Blowfish …

Hashcat 6 which has been lately release had a lot of work done on it and there is a nice performances increase .

On my fearly old GTX1060 stats or a newer 2080Ti stats

MD5 from 10136MH/s => 12567MH/s = 20% increase between version 5.1 and 6.0

WPA2 189KH/s => 219KH/s = 13% increase between version 5.1 and 6.0

Which dictionnaries to use

Kali comes with rockyou.txt (data-breach in 2009) which led to the 1st creation of a wordlist of people’s password (for more information I invite people to listen to the episode of Darknet Diaries on this topic ( )

Here is a few other ones which I have found to completing nicely to the standard rockyou

Cracking rules

And off course you can crack with rules (you can use the given best64.rule). This enables for example to do combination between a wordlist and a combination.

hashcat -m 13100 spn.txt rockyou.txt -r rules/best64.rule

Example, in best64 you have the simple number adding $0

so if you take the example of rockyou 4th word = ‘password’, then the combination would be ‘password0’