Installing Hashcat on Ubuntu

Install Hashcat on Ubuntu, verify the setup, troubleshoot common problems, and run your first dictionary attack.

This guide explains how to install Hashcat on Ubuntu, verify that it works, and troubleshoot several common problems that came up during setup.

Overview

Hashcat is a password recovery tool that supports many hash types and attack modes. On Ubuntu, the fastest way to get started is to install it through the package manager. After installation, it is a good idea to verify the version, test the backend, and make sure wordlists and supporting files are available.

Install Hashcat

Update package lists and install Hashcat:

sudo apt update
sudo apt install hashcat

Verify the installation:

hashcat --version

Optional: Install OpenCL Information Tools

Hashcat relies on OpenCL for hardware acceleration. Installing clinfo helps confirm whether Ubuntu detects your compute devices correctly. 

sudo apt install clinfo

Then run:

clinfo

Create a Hash File

Hashcat expects hashes to be stored in a file. For example, to place a single hash into a file named hash.txt: 

echo "9aa2af2267e5a9d913ffc841502a1f41" > hash.txt

Basic Example Command

If the hash is an MD5 hash, the following command starts a dictionary attack: 

hashcat -m 0 -a 0 hash.txt rockyou.txt

In this command:

  • -m 0 tells Hashcat the hash type is MD5
  • -a 0 tells Hashcat to use a dictionary attack
  • hash.txt is the file containing the hash
  • rockyou.txt is the wordlist

Installing a Wordlist

A common starter wordlist is rockyou.txt. One attempted method was: 

sudo apt install wordlists

On some Ubuntu systems, this failed with an error stating that the package could not be located.

Troubleshooting: "Unable to locate package wordlists"

Problem:

E: Unable to locate package wordlists

Cause:

The wordlists package is not always available in the enabled repositories on Ubuntu.

Solution 1: Enable the Universe repository and try again

sudo add-apt-repository universe
sudo apt update
sudo apt install wordlists

If the installation succeeds, the file may be compressed. Decompress it with: 

gzip -d /usr/share/wordlists/rockyou.txt.gz

Solution 2: Download the file directly

If the package still is not available, download the wordlist directly using wget or curl. 

wget https://github.com/brannondorsey/naive-hashcat/releases/download/data/rockyou.txt

Or:

curl -L -o rockyou.txt https://github.com/brannondorsey/naive-hashcat/releases/download/data/rockyou.txt

Troubleshooting: Trying to use git clone on a direct file URL

Problem:

git clone https://github.com/brannondorsey/naive-hashcat/releases/download/data/rockyou.txt
Cloning into 'rockyou.txt'...
remote: Not Found
fatal: repository 'https://github.com/brannondorsey/naive-hashcat/releases/download/data/rockyou.txt/' not found

Cause:

git clone only works with Git repositories. The URL above is a direct file download, not a repository.

Solution:

Use wget or curl instead of git clone.

wget https://github.com/brannondorsey/naive-hashcat/releases/download/data/rockyou.txt

Checking That the Wordlist Downloaded Correctly

ls -lh rockyou.txt

This confirms that the file exists and gives you its size.

Understanding Common Hashcat Flags

-m Hash Mode

The -m flag tells Hashcat what type of hash you are attacking. A few common examples are:

  • -m 0 = MD5
  • -m 1000 = NTLM
  • -m 3000 = LM

-a Attack Mode

The -a flag tells Hashcat how to generate password guesses.

  • -a 0 = dictionary attack
  • -a 3 = mask attack
  • -a 1 = combination attack

Troubleshooting: Hash Already Cracked

Problem:

INFO: All hashes found as potfile and/or empty entries! Use --show to display them.

Cause:

Hashcat stores previously cracked hashes in a potfile. If the hash was already cracked before, Hashcat will not try to crack it again.

Solution 1: Show the saved result

hashcat --show -m 0 hash.txt

Solution 2: Ignore the potfile for a fresh test

hashcat --potfile-disable -m 0 -a 0 hash.txt rockyou.txt

Troubleshooting: No Passwords Recovered

Problem:

Status...........: Exhausted
Recovered........: 0/3 (0.00%)

Cause:

Hashcat tested every candidate in the wordlist and did not find a match. This does not mean the software failed. It means the password was not present in the wordlist in the form tested.

Solution:

Add a rule file to mutate the words in the list and increase coverage. 

hashcat -m 1000 -a 0 hash1.txt rockyou.txt -r /usr/share/hashcat/rules/best64.rule -O

If needed, try a larger rule set: 

hashcat -m 1000 -a 0 hash1.txt rockyou.txt -r /usr/share/hashcat/rules/dive.rule -O

Troubleshooting: CPU Backend Instead of GPU

Problem:

Platform #1 [The pocl project]
* Device #1: cpu-haswell-Intel(R) Core(TM) Ultra 9 185H

Meaning:

Hashcat is using the CPU through PoCL instead of a dedicated GPU backend. This is acceptable for learning and small tests, but it is much slower than proper GPU acceleration.

What to do:

  • Confirm OpenCL support with clinfo
  • Install the correct GPU drivers for your hardware
  • Reboot and test again

Troubleshooting: Pure Kernel Warning

Problem:

ATTENTION! Pure (unoptimized) backend kernels selected.

Meaning:

Hashcat selected a slower kernel that supports longer passwords. This is normal, but slower.

Solution:

Add -O to use optimized kernels for better speed, as long as the reduced maximum password length is acceptable. 

hashcat -m 1000 -a 0 hash1.txt rockyou.txt -r /usr/share/hashcat/rules/best64.rule -O

Rule Files Are Not Dictionaries

Another point that caused confusion was the difference between dictionaries and rules.

Dictionary: a list of candidate passwords

password
admin
welcome
letmein

Rule file: a set of transformations applied to those words

For example, a rule file can transform password into Password1, password123, or similar variants.

Examples of rule files include:

  • best64.rule
  • dive.rule

Recommended Starting Workflow

  1. Install Hashcat with apt
  2. Verify the version with hashcat --version
  3. Install or download a wordlist such as rockyou.txt
  4. Place the target hash into a file
  5. Choose the correct hash mode using -m
  6. Start with a dictionary attack using -a 0
  7. Add rules if the plain wordlist fails
  8. Use --show to display cracked results

Example Commands Summary

Install Hashcat

sudo apt update
sudo apt install hashcat

Verify Version

hashcat --version

Download rockyou.txt

wget https://github.com/brannondorsey/naive-hashcat/releases/download/data/rockyou.txt

Crack an MD5 Hash with a Dictionary

hashcat -m 0 -a 0 hash.txt rockyou.txt

Show Cracked Hashes

hashcat --show -m 0 hash.txt

Run NTLM with Rules and Optimized Kernels

hashcat -m 1000 -a 0 hash1.txt rockyou.txt -r /usr/share/hashcat/rules/best64.rule -O

Conclusion

Installing Hashcat on Ubuntu is usually straightforward, but wordlist access, repository configuration, download methods, and backend performance can all create confusion. The main issues encountered here were solved by using the correct package repositories, downloading files with the right tools, understanding how Hashcat stores past results, and using rules and optimized kernels when a basic dictionary attack was not enough.