Hashcat Quick Reference
=======================

BASIC USAGE
  hashcat -m MODE hash.txt wordlist.txt
  hashcat -m MODE hash.txt -a 3 ?a?a?a?a?a   (brute force)

COMMON HASH MODES (-m)
  0       MD5
  100     SHA1
  1400    SHA256
  1700    SHA512
  1800    sha512crypt ($6$)
  3200    bcrypt
  1000    NTLM
  5600    NetNTLMv2
  13100   Kerberos TGS-REP (Kerberoast)
  22000   WPA-PBKDF2-PMKID+EAPOL
  500     MD5crypt ($1$)
  7400    SHA256crypt ($5$)
  11600   7-Zip
  13400   KeePass
  16800   WPA-PMKID-PBKDF2

ATTACK MODES (-a)
  0       Dictionary (wordlist)
  1       Combination (word1+word2)
  3       Brute-force / mask
  6       Wordlist + mask
  7       Mask + wordlist

MASK CHARSETS
  ?l      Lowercase [a-z]
  ?u      Uppercase [A-Z]
  ?d      Digits [0-9]
  ?s      Special chars
  ?a      All printable
  ?b      All bytes (0x00-0xff)

RULES
  hashcat -m 0 hash.txt wordlist.txt -r rules/best64.rule
  hashcat -m 0 hash.txt wordlist.txt -r rules/rockyou-30000.rule

OPTIONS
  --show                  Show cracked passwords
  --force                 Ignore warnings
  -o output.txt           Output file
  -w 3                    Workload profile (1-4)
  --potfile-disable       Don't use potfile
  --username               Hash file has usernames
  -O                      Optimized kernels

COMMON CTF PATTERNS
  # MD5 dictionary
  hashcat -m 0 hash.txt /usr/share/wordlists/rockyou.txt

  # SHA256 with rules
  hashcat -m 1400 hash.txt wordlist.txt -r rules/best64.rule

  # Brute force 6-char alphanumeric
  hashcat -m 0 hash.txt -a 3 ?a?a?a?a?a?a

  # Known format: flag{????}
  hashcat -m 0 hash.txt -a 3 "flag{?a?a?a?a}"
