Hashcat examples

Hashcat dictionary attack 

Since humans tend to use really bad passwords, a dictionary attack is the first and obvious place to start. The rockyou.txt word list is a popular option. Containing more than 14 million passwords sorted by frequency of use, it begins with common passwords such as “123456”, “12345”, “123456789”, “password”, “iloveyou”, “princess”, “1234567”, and “rockyou”, all the way to less common passwords such as “xCvBnM”, “ie168”, “abygurl69”, “a6_123”, and “*7¡Vamos!”.

Many other free wordlists exist on the internet, especially targeted at specific languages. Hashcat lets you specify the wordlist of your choice.

Hashcat combinator attack 

Humans often create passwords that are two words mushed together. Hashcat exploits this using a combinator attack that takes two-word lists (also known as “dictionaries”) and creates a new word list of every word combined with every other word.