hashcat Forum - All Forums

Understanding the format for yescrypt

Fri, 29 May 2026 15:24:12 +0000

Hi,

I am attempting to recover a Linux user password, and in the decade since the last time I used jtr and hashcat things have changed on me. The system is using yescrypt, and I'm having difficulty reformatting the shadow line to match hashcat's format.

From the example hashes wiki page it needs to follow this format:
SCRYPT:16384:8:1:OTEyNzU0ODg=:Cc8SPjRH1hFQhuIPCdF51uNGtJ2aOY/isuoMlMUsJ8c=

The shadow hash has this this format: `$y$j9T$salt$hash`.

Following along with this SO answer the j9T should correspond to SCRYPT:182:4096:32alt:hash. Using this line with mode -m 70200 results in a token length or encoding exception.

I also came across the format hash guidance wiki page, which mentions the difference between Linux hashes and the expected format for hashcat, but has TBD for a conversion tool.

I'd appreciate any troubleshooting advice.

Realistic scenario wordlists: Building custom dictionaries for localized/hospitality

Wed, 27 May 2026 09:21:33 +0000

Hey everyone, I'm currently putting together some targeted wordlists for a specialized penetration testing assessment. The client is a hospitality group based in the DACH region, and I want to test their employee password policy strength against highly tailored, localized brute-force attacks. When generating dictionaries for specific regions, I always try to scrape local dialect words, nearby landmarks, and specific regional naming conventions. For instance, I'm using the public site data of a traditional Austrian alpine resort as a structural template for my rulesets. For a business like this, standard generic wordlists miss the mark entirely, whereas combinator attacks mixing local German terms, seasonal words (Winter, Alpen, Ski), zip codes, and localized telephone formats are much more effective.

this is what my Mac Pro 2019 did before the breaker tripped

Mon, 18 May 2026 07:41:36 +0000

Code:
The default interactive shell is now zsh.

To update your account to use zsh, please run `chsh -s /bin/zsh`.

For more details, please visit https://support.apple.com/kb/HT208050.

bash-3.2$ hashcat -b

hashcat (v7.1.2) starting in benchmark mode

Benchmarking uses hand-optimized kernel code by default.

You can use it in your cracking session by setting the -O option.

Note: Using optimized kernel code limits the maximum supported password length.

To disable the optimized kernel code in benchmark mode, use the -w option.

METAL API (Metal 373.2)

=======================

* Device #01: AMD Radeon Vega, skipped

* Device #02: AMD Radeon Vega, skipped

* Device #03: AMD Radeon Vega, skipped

* Device #04: AMD Radeon Vega, skipped

* Device #05: AMD Radeon PRO W6800X Duo, skipped

* Device #06: AMD Radeon PRO W6800X Duo, skipped

* Device #07: AMD Radeon PRO W6800X Duo, skipped

* Device #08: AMD Radeon PRO W6800X Duo, skipped

OpenCL API (OpenCL 1.2 (Apr 18 2026 19:19:32)) - Platform #1 [Apple]

====================================================================

* Device #09: Intel(R) Xeon(R) W-3245 CPU @ 3.20GHz, skipped

* Device #10: AMD Radeon Vega Compute Engine, 16368/16368 MB (4092 MB allocatable), 60MCU

* Device #11: AMD Radeon PRO W6800X Duo Compute Engine, 32752/32752 MB (8188 MB allocatable), 60MCU

* Device #12: AMD Radeon PRO W6800X Duo Compute Engine, 32752/32752 MB (8188 MB allocatable), 60MCU

* Device #13: AMD Radeon PRO W6800X Duo Compute Engine, 32752/32752 MB (8188 MB allocatable), 60MCU

* Device #14: AMD Radeon PRO W6800X Duo Compute Engine, 32752/32752 MB (8188 MB allocatable), 60MCU

* Device #15: AMD Radeon Vega Compute Engine, 16368/16368 MB (4092 MB allocatable), 60MCU

* Device #16: AMD Radeon Vega Compute Engine, 16368/16368 MB (4092 MB allocatable), 60MCU

* Device #17: AMD Radeon Vega Compute Engine, 16368/16368 MB (4092 MB allocatable), 60MCU

Benchmark relevant options:

===========================

* --backend-devices-virtmulti=1

* --backend-devices-virthost=1

* --optimized-kernel-enable

---------------------

* Hash-Mode 900 (MD4)

---------------------

Speed.#10........: 39563.1 MH/s (78.93ms) @ Accel:256 Loops:1024 Thr:256 Vec:1

Speed.#11........: 49663.0 MH/s (101.34ms) @ Accel:416 Loops:1024 Thr:256 Vec:1

Speed.#12........: 48713.7 MH/s (103.05ms) @ Accel:416 Loops:1024 Thr:256 Vec:1

Speed.#13........: 53110.2 MH/s (94.78ms) @ Accel:416 Loops:1024 Thr:256 Vec:1

Speed.#14........: 53112.0 MH/s (94.70ms) @ Accel:416 Loops:1024 Thr:256 Vec:1

Speed.#15........: 39696.8 MH/s (78.55ms) @ Accel:256 Loops:1024 Thr:256 Vec:1

Speed.#16........: 39667.1 MH/s (78.72ms) @ Accel:256 Loops:1024 Thr:256 Vec:1

Speed.#17........: 39085.7 MH/s (79.61ms) @ Accel:256 Loops:1024 Thr:256 Vec:1

Speed.#*.........:  362.6 GH/s

-------------------

* Hash-Mode 0 (MD5)

-------------------

Speed.#10........: 27890.9 MH/s (0.00ms) @ Accel:256 Loops:1024 Thr:256 Vec:1

Speed.#11........: 26939.0 MH/s (0.00ms) @ Accel:512 Loops:1024 Thr:256 Vec:1

Speed.#12........: 27647.5 MH/s (0.00ms) @ Accel:512 Loops:1024 Thr:256 Vec:1

Speed.#13........: 38728.7 MH/s (0.00ms) @ Accel:512 Loops:1024 Thr:256 Vec:1

Speed.#14........: 38897.6 MH/s (0.00ms) @ Accel:512 Loops:1024 Thr:256 Vec:1

Speed.#15........: 28394.7 MH/s (0.00ms) @ Accel:256 Loops:1024 Thr:256 Vec:1

Speed.#16........: 28396.8 MH/s (0.00ms) @ Accel:256 Loops:1024 Thr:256 Vec:1

Speed.#17........: 27817.1 MH/s (0.00ms) @ Accel:256 Loops:1024 Thr:256 Vec:1

Speed.#*.........:  244.7 GH/s

----------------------

* Hash-Mode 100 (SHA1)

----------------------

Speed.#10........: 11125.6 MH/s (0.00ms) @ Accel:256 Loops:1024 Thr:256 Vec:1

Speed.#11........: 15319.2 MH/s (0.00ms) @ Accel:512 Loops:1024 Thr:256 Vec:1

Speed.#12........: 15913.5 MH/s (0.00ms) @ Accel:512 Loops:1024 Thr:256 Vec:1

Speed.#13........: 16265.1 MH/s (0.00ms) @ Accel:512 Loops:1024 Thr:256 Vec:1

Speed.#14........: 16278.9 MH/s (0.00ms) @ Accel:512 Loops:1024 Thr:256 Vec:1

Speed.#15........: 11157.2 MH/s (0.00ms) @ Accel:256 Loops:1024 Thr:256 Vec:1

Speed.#16........: 11121.3 MH/s (0.00ms) @ Accel:256 Loops:1024 Thr:256 Vec:1

Speed.#17........: 11043.8 MH/s (0.00ms) @ Accel:256 Loops:1024 Thr:256 Vec:1

Speed.#*.........:  108.2 GH/s

---------------------------

* Hash-Mode 1400 (SHA2-256)

---------------------------

Speed.#10........:  4452.2 MH/s (0.00ms) @ Accel:256 Loops:1024 Thr:256 Vec:1

Speed.#11........:  6261.3 MH/s (0.00ms) @ Accel:512 Loops:1024 Thr:256 Vec:1

Speed.#12........:  6321.5 MH/s (0.00ms) @ Accel:512 Loops:1024 Thr:256 Vec:1

Speed.#13........:  6685.0 MH/s (0.00ms) @ Accel:512 Loops:1024 Thr:256 Vec:1

Speed.#14........:  6702.8 MH/s (0.00ms) @ Accel:512 Loops:1024 Thr:256 Vec:1

Speed.#15........:  4471.4 MH/s (0.00ms) @ Accel:256 Loops:1024 Thr:256 Vec:1

Speed.#16........:  4455.5 MH/s (0.00ms) @ Accel:256 Loops:1024 Thr:256 Vec:1

Speed.#17........:  4431.1 MH/s (0.00ms) @ Accel:256 Loops:1024 Thr:256 Vec:1

Speed.#*.........: 43780.7 MH/s

---------------------------

* Hash-Mode 1700 (SHA2-512)

---------------------------

Will try to sort power and run again. 😭🤣😐

Mac Pro 2019 with dual Radeon W6800X duo and infinity fabric bridge, 4 x Radeon Pro Vega II 16GB in external PCIe chassis. 16 core Xeon, 384GB RAM.

Hashcat 7.1.2 - LUKS V2 Issue

Sat, 16 May 2026 23:17:46 +0000

Hi,

I'm trying to use Hashcat to do a dictionary attack on a volume that I apparently lost the password to.

Here's what I'm doing and what I'm getting:

cryptsetup luksDump for the volume:
UKS header information
Version:        2
Epoch:          3
Metadata area: 16384 [bytes]
Keyslots area: 16744448 [bytes]
UUID:           120c05ee-88ae-4ac1-babb-e9aac56c6c19
Label:          (no label)
Subsystem:      (no subsystem)
Flags:          (no flags)

Data segments:
0: crypt
       offset: 16777216 [bytes]
       length: (whole device)
       cipher: aes-xts-plain64
       sector: 4096 [bytes]

Keyslots:
0: luks2
       Key:        512 bits
       Priority:   normal
       Cipher:     aes-xts-plain64
       Cipher key: 512 bits
       PBKDF:      argon2id
       Time cost: 9
       Memory:     1048576
       Threads:    4
       Salt:       05 06 90 e4 a1 25 85 e1 d1 5e 39 51 de f0 48 4c
                   79 de f8 b9 37 2d 3f 93 a2 1c d1 ef 3f e7 58 fd
       AF stripes: 4000
       AF hash:    sha512
       Area offset:32768 [bytes]
       Area length:258048 [bytes]
       Digest ID: 0
Tokens:
Digests:
0: pbkdf2
       Hash:       sha512
       Iterations: 360583
       Salt:       8a ec b3 78 87 58 97 98 3d 7b cc 7b 76 d1 53 ba
                   30 b4 ce 7f 0d b2 56 c3 2e 87 6f ab 0e f6 d6 df
       Digest:     3f ff f9 22 2c e1 13 b2 3f 19 6d 0c 96 dd c7 ee
                   f7 c5 2b 9e c4 f6 44 80 52 7d 0a d6 60 92 7f b9
                   67 78 5f 19 80 4a 3f ee e6 48 6a 4a 66 f8 c5 dc
                   71 93 ff 21 1d d9 5b 87 2e 71 fc 84 bf fe 4d 97

I then ran luks2hashcat.py on the volume and piped it with > to luks.hash.

Then, I ran
sudo ./hashcat.bin -a 0 -m 34100 luks.hash p.txt

p.txt is my password manager export of passwords.

I receive this error:

Hashfile 'md.hash' on line 1 ($luks$...21dd732703d6aabce6dc5d8a3108a336): Signature unmatched

Hash file starts with:
$luks$2$argon2id$sha512$aes$xts-plain64$512$m=1048576,t=9,p=(then 262,143 characters)

Am I doing something wrong?

Veracrypt + PIM hashcat command

Sat, 16 May 2026 23:11:59 +0000

Greetings,

may I ask for help? I have locked couple years ago my usb disk with veracrypt ( not sure what version was in that time) but also used PIM. I think 00 or 01 or 11 or 1. I have extracted the has for the flash disk volume. But also dont remember if I used SHA 256 or 512.

I have created some list of possible combination of words and numbers. Nothing else it cant be. How should look the hashcat command to use my list of passwords eg. pw.txt and PIM=11 ?

thank you

Assistance needed: 7-Zip hash recovery (Static part known)

Sat, 09 May 2026 05:36:54 +0000

Hi everyone,I need some help recovering the password for a personal family archive (7-Zip).

I’ve already done some work on my RTX 4060, but I’ve hit a wall and could use some more power.

I have attached the file with the hash to this message.

I have attached the hash file to this post.Password details:Static part (Known base): FBJKY33EBalabanov

Estimated length: 18-22 characters.

Estimated length: 18–22 characters.Potential variations: There is likely a typo in the middle or at the end. It might end with digits or special characters like !, $, or letters (e.g., v1!, v1$).Keyboard layout: There's a possibility it was typed using a Russian layout but with English characters (e.g., АИЛЛН33У instead of FBJKY33E).

Important Note During my local brute-force, I found a collision: FBJKY33EBalabanovv1!

But the archive does not open

I will be glad for any help

hash.txt (Size: 180.3 KB / Downloads: 5)

Could use help opening my old RAR

Fri, 01 May 2026 11:19:55 +0000

While retrieving my old photo albums, I stumbled on a 1.56 GB RAR where me older photos are in.
I am trying to crack the following Hash.

$RAR3$*0*403707ca55b32e2c*9c5a6830c592342a454c9156382e4b75

I did a run with a Rockyou list and a rockyou 30.000. Im a bit lost what is next.

Im from the netherlands and i must have been 16-17 while i made this rar many years ago.
Is there a good Dutch Rockyou list available or somebody with power that can help me?

Need help to open locked pdf

Fri, 01 May 2026 06:22:52 +0000

Need help to open locked pdf
Forgot Password

I'd like to open my password-protected zip file

Thu, 30 Apr 2026 02:37:11 +0000

Hello everyone.
I locked my zip password one year ago. And I am in need to open it now.
But I can't remeber password of zip file. I should open that zip file for sure.
Regarding my friend's words, hashcat would be helpful for me to crack my zip file.

I just wanna get help even from admin, experts, but from legit, verified memebers

Looking forward to your guys's help

Best

1 Year Trying to Crack My 2013 Bitcoin Wallet — Need Expert Advice

Wed, 29 Apr 2026 05:06:30 +0000

Hey everyone,

I’m looking for some guidance from those with experience in password recovery/cracking.
For nearly a year, I’ve been trying to recover access to an old Bitcoin wallet (wallet.dat from 2013). I extracted the hash and have been attempting to crack it using an RTX 3060, but haven’t had any success so far.
Recently, I discovered Vast.ai and was able to run jobs on more powerful GPUs (including an RTX 5090). I was hopeful this would make a difference, but unfortunately, I still haven’t had any luck.

So far, I’ve tried:

Variations of old passwords I may have used
Brute force with numeric ranges (0–10 digits)
Short brute-force masks (1–5 characters, all character sets)
Large wordlists (including weakpass and similar sources)

At this point, I’m considering expanding brute-force attempts to longer character lengths, but I’m concerned about cost vs. benefit.
I’d really appreciate advice on:

The most efficient GPU(s) for this type of workload
Cost-effective strategies (especially when using rented compute like Vast.ai)
Smarter approaches beyond pure brute force (mask strategies, rule-based attacks, etc.)

Any tips or insights would be greatly appreciated.

Thanks in advance!

Password Length Limitation?

Mon, 20 Apr 2026 11:49:04 +0000

Hello All,

Hashcat noob here, been trying for a couple of days to find a password for a .7z file I created and forgot the password for, so far with no success so it's time to ask for some help.

The password I believe is 25 characters in length, the first 20 of which are lower case letters, and the last 5 are numbers.
I'm sure I have the letters and their order correct but can't remember what order and exactly what the last 5 numbers are supposed to be.

I've used The-Distribution-Which-Does-Not-Handle-OpenCL-Well (Kali) and John the Ripper to get the hash, and I'm trying to figure out how to find the password from that hash by entering the letters I already know and I'm hoping hashcat can find the 5 numbers I can't remember.

Tried lots of things that I don't really understand and so far the only way I've been able to get hashcat to run on the hashfile is by either:

Code:
hashcat -a 3 -m 11600 hashcat.txt

Code:
hashcat -a 0 -m 11600 hashcat.txt

With hashcat.txt being the file the hash is in.
I did remove the filename (1.7z) from the start of the hash John the Ripper gave before trying anything with hashcat, which I think I was supposed to, so now the hash starts with $7z... instead of 1.7z:$7z...
The hash is 1074 characters.

If I try to use the Hybrid Wordlist + Mask option it always fails, if I try anything but the above commands it seems to fail.
While those above do seem to be working, I figure the process might be still running when the universe ends and the last star burns out, which is why I'm wanting to know if it's possible to somehow tell hashcat the characters I already know and just have it try to find the remaining 5 numbers I can't remember?

I tried setting the -O option so it wasn't maxing out the CPU on my old clunker and got a message about too many characters for the password, maximum of 20 I think it said.
Without the -O option I think it said there was a maximum password characters of 256.

I've been reading stuff and watching tutorials etc. but not getting anywhere.
One result I remember from searching claimed hashcat could only find passwords of a certain length or under, so instead of wasting more time and getting nowhere I thought I'd ask people who know these things.

Thanks

P.S. I see when previewing this post the forum software edits my post to include words I did not type when I mentioned that Distro?
What's the deal with that?

multi GPUs configuration/overclocking

Fri, 17 Apr 2026 17:48:02 +0000

Hi there,
I am wandering if anybody can share tips on configuration/overclocking of a multi GPU rig running nvidia GPUs in an Ubuntu Linux environment to improve performance or enhance hash-rate with hashcat?
I have it running smoothly, but I think I could speed things up a little by overclocking.
Any tips or link to tutorials will be appreciated.
Many thanks.

\m/~ (>_<) ~\m/

trying to learn hashcat

Tue, 14 Apr 2026 21:15:58 +0000

first of all.....this is learning project for me

situation is next:

- i have multivolume RAR-files (part01, part02.....part11)
- it has hash format 12500 rar3-hp
- i know the password (lower alpha and numeric). i can unrar the archive. so i am not after the password, but trying to learn the use of hashcat.
- i made wordlist of 430 different entries with lower-alpha and numbers.

hashcat can't recover my password.

command is

Code:
 >hashcat.exe -a 0 -m 12500 -w 3 -S --session=tmp62B7 --potfile-disable -p : --hwmon-temp-abort=75 -o "C:\Users\xxxx\Downloads\hashcat-7.1.2\output.txt" --outfile-format=1,2 "C:\Users\xxxx\AppData\Local\Temp\tmp62B7.tmp" "C:\Users\xxxx\Downloads\random-wordlist-generator-portable\nieuw.2.txt"

hashcat (v7.1.2) starting - session [tmp62B7]

and this the result of the running session

Code:
OpenCL API (OpenCL 3.0 ) - Platform #1 [Intel(R) Corporation]

=============================================================

* Device #01: Intel(R) UHD Graphics 730, 15122/30244 MB (2047 MB allocatable), 8MCU

Minimum password length supported by kernel: 0

Maximum password length supported by kernel: 128

Minimum salt length supported by kernel: 0

Maximum salt length supported by kernel: 256

Hashes: 1 digests; 1 unique digests, 1 unique salts

Bitmaps: 16 bits, 65536 entries, 0x0000ffff mask, 262144 bytes, 5/13 rotates

Rules: 1

Optimizers applied:

* Zero-Byte

* Single-Hash

* Single-Salt

ATTENTION! Pure (unoptimized) backend kernels selected.

Pure kernels can crack longer passwords, but drastically reduce performance.

If you want to switch to optimized kernels, append -O to your commandline.

See the above message to find out about the exact limits.

Watchdog: Hardware monitoring interface not found on your system.

Watchdog: Temperature abort trigger disabled.

Host memory allocated for this attack: 2775 MB (53141 MB free)

Dictionary cache built:

* Filename..: C:\Users\xxxx\Downloads\random-wordlist-generator-portable\nieuw.2.txt

* Passwords.: 430

* Bytes.....: 5986

* Keyspace..: 430

* Runtime...: 0 secs

Approaching final keyspace - workload adjusted.

Session..........: tmp62B7

Status...........: Exhausted

Hash.Mode........: 12500 (RAR3-hp)

Hash.Target......: $RAR3$*0*9f54??????*4ba4e??????????

Time.Started.....: Tue Apr 14 22:49:43 2026 (5 secs)

Time.Estimated...: Tue Apr 14 22:49:48 2026 (0 secs)

Kernel.Feature...: Pure Kernel (password length 0-128 bytes)

Guess.Base.......: File (C:\Users\xxxx\Downloads\random-wordlist-generator-portable\nieuw.2.txt)

Guess.Queue......: 1/1 (100.00%)

Speed.#01........:      110 H/s (116.88ms) @ Accel:1 Loops:16384 Thr:36 Vec:1

Recovered........: 0/1 (0.00%) Digests (total), 0/1 (0.00%) Digests (new)

Progress.........: 430/430 (100.00%)

Rejected.........: 0/430 (0.00%)

Restore.Point....: 430/430 (100.00%)

Restore.Sub.#01..: Salt:0 Amplifier:0-1 Iteration:245760-262144

Candidate.Engine.: Host Generator + PCIe

Candidates.#01...: test8227768 -> test9993139

Started: Tue Apr 14 22:49:37 2026

Stopped: Tue Apr 14 22:49:49 2026

WinRAR info says "RAR 4.x Volume, data and names encrypted".

what am i doing wrong?
why can't hashcat find the password which is in the wordlist?

Need help recovering DiskCryptor password - first time user

Tue, 14 Apr 2026 15:19:58 +0000

Hi everyone,

I am a first-time user and I need some help recovering access to an encrypted partition on my Windows 11 computer.

Here is my situation:
- I encrypted a partition using DiskCryptor 1.3 Beta
- The partition is [internal/external, size if known]
- I have forgotten the password and cannot access the partition
- I do NOT have a backup of the header (if true)
- I am not experienced with hashcat or password recovery tools
- This is my own computer and my own data

I have already downloaded:
- Hashcat 7.1.2
- John the Ripper 1.9.0 Jumbo (Windows 64-bit)

Any help would be greatly appreciated. I just want to recover access to my own files.

Thank you in advance

Legacy Server Benchmarking: Optimizing Hashcat on Hexa Core Xeons (ProLiant BL460C)

Mon, 13 Apr 2026 13:28:05 +0000

Hey everyone, I’ve been a long-time reader of the hardware benchmarks here, but I finally have a specific project that prompted me to start a thread. I recently came into possession of some retired enterprise gear: a couple of HP ProLiant BL460C blades. These are older units, each running dual Hexa Core 2.4GHz Xeon processors. Now, I know the general consensus in the community is that GPUs are the undisputed kings for Hashcat, but I’m interested in seeing what these can do for specific algorithms where CPU-based cracking isn't completely irrelevant—perhaps for some of the more memory-hard or CPU-intensive KDFs.
The specific point I’m stuck on is the OpenCL implementation for these older Xeons. I’ve seen some conflicting info on whether the Intel CPU Runtime provides meaningful scaling when you're dealing with older architectures like this. In my limited testing, I’ve found that even though I have 12 physical cores (24 threads) available across the blade, the relatively low 2.4GHz clock speed seems to be a real bottleneck for anything beyond very basic wordlist attacks.
Personally, I just love the industrial feel of these blade servers. There’s something incredibly nostalgic about repurposing 10-year-old "top-tier" hardware, even if the fans sound like they’re trying to achieve liftoff when the workload kicks in. My little homelab setup is great for learning, but I’m wondering if I’m just fighting a losing battle against modern hardware efficiency.
Does anyone here have experience running Hashcat on older blade infrastructure, or perhaps tips on optimizing the Intel OpenCL runtime for these specific Xeon families to get the most out of the available threads? Or is the performance-to-power ratio so skewed that I’m better off just using them as a space heater for the winter?