Ali Ihsan Gunes
Jul 9, 2025 • 3 min read
How to Use Hashcat to Crack Password Hashes
Hashcat is a powerful password recovery tool that helps crack encrypted passwords using various attack modes. With GPU acceleration, it delivers high performance and is widely used in cybersecurity and ethical hacking fields.
In this guide, you’ll learn how to install, prepare, and use Hashcat step-by-step.
What Is Hashcat?
Hashcat is an advanced password cracking tool capable of recovering passwords from hashed formats. It supports many hash types and can utilize CPU or GPU to boost performance.
Step 1 – Check Installation
Open your terminal and check if Hashcat is installed:
hashcat -h
This command will display Hashcat’s help menu if it’s correctly installed.
Step 2 – Prepare Required Files
To run Hashcat, you need two things:
- Hash file: A text file containing the encrypted password hash(es).
- Wordlist: A list of potential passwords to try, such as
rockyou.txt
Step 3 – Basic Syntax
hashcat -m <hash_type> <hash_file> <wordlist>
Replace the parameters as follows:
<hash_type>: The mode number representing the hash algorithm (e.g., 0 for MD5, 1400 for SHA-256).
<hash_file>: Path to your file containing the hashes.
<wordlist>: Path to your wordlist file.
Step 4 – Example Command
hashcat -a 0 -m 1400 hash_file.txt wordlist_file.txt
This example performs a dictionary attack (-a 0) on a SHA-256 hash (-m 1400), using the given hash and wordlist files.
Step 5 – Monitor the Cracking Process
Once the command runs, Hashcat will begin testing the words in your wordlist against the hash. If the password is cracked, it will be displayed or saved depending on your configuration.
Where to Find Hash Modes?
Hashcat supports hundreds of hash types. You can find the full list of supported modes here:
[hashcat wiki – example_hashes]Hashcat is a robust tool for penetration testers, ethical hackers, and system administrators. Remember to use it only in legal and ethical contexts—such as password recovery, auditing your own systems, or learning cybersecurity techniques.
With the right hash type and a good wordlist, you’ll be surprised how effective Hashcat can be. Stay ethical and stay secure!