Using Hashcat


Here $TYPE is the hash type (check man hashcat), and -O requests that hashcat use an optimized kernel (faster, but limited in the password length that can be cracked).

Some values of -m:

There are a large number of “Raw Hash, Salted and/or Iterated” modes That allow raw salted hashes (i.e., those not specific to a particular password type) to be processed; for these, specify the hashes as $HASH:$SALT.

Passwords are output as HASH:PLAINTEXT tuples.

Hashcat can accept the output of hashdump from Metasploit (use -m 1000), as well as raw hashes from /etc/shadow (assuming that they’re all the same type).

A “token length exception” means that the provided hash format is of the wrong length (probably because an additional character got accidentally added).


The Hashcat combinator.bin utility combines two wordlists such that every entry of the first list is concatenated with every entry from the second list.

/usr/lib/hashcat-utils/combinator.bin \