Cracking an MD5 Hash with Hashcat

Store a hash in a file, run a dictionary attack with Hashcat, and continue with rules if needed.

This walkthrough shows how to place a hash into a file, run a basic dictionary attack with Hashcat, and continue with additional methods if the password is not found.

Put the Hash in a File

Hashcat expects the hash to be stored in a file rather than passed as raw input. 

echo "9aa2af2267e5a9d913ffc841502a1f41" > hash.txt

Hashcat expects a file as input, not the raw hash pasted directly into the command.

Try a Dictionary Attack

If you do not already have a wordlist, install one first: 

sudo apt install wordlists

If this produces an error, you may need to download a wordlist manually from GitLab or another source.

Option 1: Clone the Repo

git clone https://github.com/danielmiessler/SecLists.git

Option 2: Use wget

wget is a command-line tool for downloading files from the web. It is more focused on file retrieval than broader data transfer tasks. 

wget https://github.com/brannondorsey/naive-hashcat/releases/download/data/rockyou.txt

Option 3: Use curl

curl is a command-line tool used to transfer data between your computer and a server, most commonly over HTTP or HTTPS. 

curl -L -o rockyou.txt https://github.com/brannondorsey/naive-hashcat/releases/download/data/rockyou.txt

Run Hashcat

To run a dictionary attack against an MD5 hash, use mode 0 and attack mode 0. 

hashcat -m 0 -a 0 hash.txt /usr/share/wordlists/rockyou.txt
  • -m 0 — MD5
  • -a 0 — dictionary attack
  • hash.txt — the target hash file
  • rockyou.txt — the password candidate list

Check the Results

hashcat --show hash.txt

Did Not Find the Answer? Keep Going

Try Rules

Hashcat rules, often called rule-based attacks, dynamically modify candidate passwords during cracking instead of relying only on a static wordlist.

Examples of rule-based transformations include:

  • passwordPassword
  • passwordpassword123
  • passwordP@ssw0rd
hashcat -m 0 -a 0 hash.txt /usr/share/wordlists/rockyou.txt -r /usr/share/hashcat/rules/best64.rule

Cheat Sheet

Common Algorithms

-m 0      # MD5
-m 1000   # NTLM
-m 1800   # sha512crypt (Linux)

Common Methods

-a 0   # Dictionary
-a 3   # Mask (structured brute force)
-a 1   # Combination
-a 6   # Dictionary + mask
-a 7   # Mask + dictionary

How Aggressive Should Hashcat Be?

-w 1   # slow (low power)
-w 2   # default
-w 3   # fast
-w 4   # max (can lag your system)