1 hashcat, advanced password recovery
3 Usage: hashcat [options]... hash|hashfile|hccapfile [dictionary|mask|directory]...
7 Options Short / Long | Type | Description | Example
8 ===============================+======+======================================================+=======================
9 -m, --hash-type | Num | Hash-type, see references below | -m 1000
10 -a, --attack-mode | Num | Attack-mode, see references below | -a 3
11 -V, --version | | Print version |
12 -h, --help | | Print help |
13 --quiet | | Suppress output |
14 --hex-charset | | Assume charset is given in hex |
15 --hex-salt | | Assume salt is given in hex |
16 --hex-wordlist | | Assume words in wordlist is given in hex |
17 --force | | Ignore warnings |
18 --status | | Enable automatic update of the status-screen |
19 --status-timer | Num | Sets seconds between status-screen update to X | --status-timer=1
20 --machine-readable | | Display the status view in a machine readable format |
21 --loopback | | Add new plains to induct directory |
22 --weak-hash-threshold | Num | Threshold X when to stop checking for weak hashes | --weak=0
23 --markov-hcstat | File | Specify hcstat file to use | --markov-hc=my.hcstat
24 --markov-disable | | Disables markov-chains, emulates classic brute-force |
25 --markov-classic | | Enables classic markov-chains, no per-position |
26 -t, --markov-threshold | Num | Threshold X when to stop accepting new markov-chains | -t 50
27 --runtime | Num | Abort session after X seconds of runtime | --runtime=10
28 --session | Str | Define specific session name | --session=mysession
29 --restore | | Restore session from --session |
30 --restore-disable | | Do not write restore file |
31 -o, --outfile | File | Define outfile for recovered hash | -o outfile.txt
32 --outfile-format | Num | Define outfile-format X for recovered hash | --outfile-format=7
33 --outfile-autohex-disable | | Disable the use of $HEX[] in output plains |
34 --outfile-check-timer | Num | Sets seconds between outfile checks to X | --outfile-check=30
35 -p, --separator | Char | Separator char for hashlists and outfile | -p :
36 --stdout | | Do not crack a hash, instead print candidates only |
37 --show | | Compare hashlist with potfile; Show cracked hashes |
38 --left | | Compare hashlist with potfile; Show uncracked hashes |
39 --username | | Enable ignoring of usernames in hashfile |
40 --remove | | Enable remove of hash once it is cracked |
41 --remove-timer | Num | Update input hash file each X seconds | --remove-timer=30
42 --potfile-disable | | Do not write potfile |
43 --potfile-path | Dir | Specific path to potfile | --potfile-path=my.pot
44 --debug-mode | Num | Defines the debug mode (hybrid only by using rules) | --debug-mode=4
45 --debug-file | File | Output file for debugging rules | --debug-file=good.log
46 --induction-dir | Dir | Specify the induction directory to use for loopback | --induction=inducts
47 --outfile-check-dir | Dir | Specify the outfile directory to monitor for plains | --outfile-check-dir=x
48 --logfile-disable | | Disable the logfile |
49 --truecrypt-keyfiles | File | Keyfiles used, separate with comma | --truecrypt-key=x.png
50 --veracrypt-keyfiles | File | Keyfiles used, separate with comma | --veracrypt-key=x.txt
51 --veracrypt-pim | Num | VeraCrypt personal iterations multiplier | --veracrypt-pim=1000
52 -b, --benchmark | | Run benchmark |
53 -c, --segment-size | Num | Sets size in MB to cache from the wordfile to X | -c 32
54 --bitmap-min | Num | Sets minimum bits allowed for bitmaps to X | --bitmap-min=24
55 --bitmap-max | Num | Sets maximum bits allowed for bitmaps to X | --bitmap-min=24
56 --cpu-affinity | Str | Locks to CPU devices, separate with comma | --cpu-affinity=1,2,3
57 --opencl-platforms | Str | OpenCL platforms to use, separate with comma | --opencl-platforms=2
58 -d, --opencl-devices | Str | OpenCL devices to use, separate with comma | -d 1
59 -D, --opencl-device-types | Str | OpenCL device-types to use, separate with comma | -D 1
60 --opencl-vector-width | Num | Manual override OpenCL vector-width to X | --opencl-vector=4
61 -w, --workload-profile | Num | Enable a specific workload profile, see pool below | -w 3
62 -n, --kernel-accel | Num | Manual workload tuning, set outerloop step size to X | -n 64
63 -u, --kernel-loops | Num | Manual workload tuning, set innerloop step size to X | -u 256
64 --nvidia-spin-damp | Num | Workaround NVidias CPU burning loop bug, in percent | --nvidia-spin-damp=50
65 --gpu-temp-disable | | Disable temperature and fanspeed reads and triggers |
66 --gpu-temp-abort | Num | Abort if GPU temperature reaches X degrees celsius | --gpu-temp-abort=100
67 --gpu-temp-retain | Num | Try to retain GPU temperature at X degrees celsius | --gpu-temp-retain=95
68 --powertune-enable | | Enable power tuning, restores settings when finished |
69 --scrypt-tmto | Num | Manually override TMTO value for scrypt to X | --scrypt-tmto=3
70 -s, --skip | Num | Skip X words from the start | -s 1000000
71 -l, --limit | Num | Limit X words from the start + skipped words | -l 1000000
72 --keyspace | | Show keyspace base:mod values and quit |
73 -j, --rule-left | Rule | Single rule applied to each word from left wordlist | -j 'c'
74 -k, --rule-right | Rule | Single rule applied to each word from right wordlist | -k '^-'
75 -r, --rules-file | File | Multiple rules applied to each word from wordlists | -r rules/best64.rule
76 -g, --generate-rules | Num | Generate X random rules | -g 10000
77 --generate-rules-func-min | Num | Force min X funcs per rule |
78 --generate-rules-func-max | Num | Force max X funcs per rule |
79 --generate-rules-seed | Num | Force RNG seed set to X |
80 -1, --custom-charset1 | CS | User-defined charset ?1 | -1 ?l?d?u
81 -2, --custom-charset2 | CS | User-defined charset ?2 | -2 ?l?d?s
82 -3, --custom-charset3 | CS | User-defined charset ?3 |
83 -4, --custom-charset4 | CS | User-defined charset ?4 |
84 -i, --increment | | Enable mask increment mode |
85 --increment-min | Num | Start mask incrementing at X | --increment-min=4
86 --increment-max | Num | Stop mask incrementing at X | --increment-max=8
91 ======+==================================================+======================================
94 5100 | Half MD5 | Raw Hash
96 10800 | SHA-384 | Raw Hash
97 1400 | SHA-256 | Raw Hash
98 1700 | SHA-512 | Raw Hash
99 5000 | SHA-3(Keccak) | Raw Hash
100 10100 | SipHash | Raw Hash
101 6000 | RipeMD160 | Raw Hash
102 6100 | Whirlpool | Raw Hash
103 6900 | GOST R 34.11-94 | Raw Hash
104 11700 | GOST R 34.11-2012 (Streebog) 256-bit | Raw Hash
105 11800 | GOST R 34.11-2012 (Streebog) 512-bit | Raw Hash
106 10 | md5($pass.$salt) | Raw Hash, Salted and / or Iterated
107 20 | md5($salt.$pass) | Raw Hash, Salted and / or Iterated
108 30 | md5(unicode($pass).$salt) | Raw Hash, Salted and / or Iterated
109 40 | md5($salt.unicode($pass)) | Raw Hash, Salted and / or Iterated
110 3800 | md5($salt.$pass.$salt) | Raw Hash, Salted and / or Iterated
111 3710 | md5($salt.md5($pass)) | Raw Hash, Salted and / or Iterated
112 2600 | md5(md5($pass)) | Raw Hash, Salted and / or Iterated
113 4300 | md5(strtoupper(md5($pass))) | Raw Hash, Salted and / or Iterated
114 4400 | md5(sha1($pass)) | Raw Hash, Salted and / or Iterated
115 110 | sha1($pass.$salt) | Raw Hash, Salted and / or Iterated
116 120 | sha1($salt.$pass) | Raw Hash, Salted and / or Iterated
117 130 | sha1(unicode($pass).$salt) | Raw Hash, Salted and / or Iterated
118 140 | sha1($salt.unicode($pass)) | Raw Hash, Salted and / or Iterated
119 4500 | sha1(sha1($pass)) | Raw Hash, Salted and / or Iterated
120 4700 | sha1(md5($pass)) | Raw Hash, Salted and / or Iterated
121 4900 | sha1($salt.$pass.$salt) | Raw Hash, Salted and / or Iterated
122 1410 | sha256($pass.$salt) | Raw Hash, Salted and / or Iterated
123 1420 | sha256($salt.$pass) | Raw Hash, Salted and / or Iterated
124 1430 | sha256(unicode($pass).$salt) | Raw Hash, Salted and / or Iterated
125 1440 | sha256($salt.unicode($pass)) | Raw Hash, Salted and / or Iterated
126 1710 | sha512($pass.$salt) | Raw Hash, Salted and / or Iterated
127 1720 | sha512($salt.$pass) | Raw Hash, Salted and / or Iterated
128 1730 | sha512(unicode($pass).$salt) | Raw Hash, Salted and / or Iterated
129 1740 | sha512($salt.unicode($pass)) | Raw Hash, Salted and / or Iterated
130 50 | HMAC-MD5 (key = $pass) | Raw Hash, Authenticated
131 60 | HMAC-MD5 (key = $salt) | Raw Hash, Authenticated
132 150 | HMAC-SHA1 (key = $pass) | Raw Hash, Authenticated
133 160 | HMAC-SHA1 (key = $salt) | Raw Hash, Authenticated
134 1450 | HMAC-SHA256 (key = $pass) | Raw Hash, Authenticated
135 1460 | HMAC-SHA256 (key = $salt) | Raw Hash, Authenticated
136 1750 | HMAC-SHA512 (key = $pass) | Raw Hash, Authenticated
137 1760 | HMAC-SHA512 (key = $salt) | Raw Hash, Authenticated
138 400 | phpass | Generic KDF
139 8900 | scrypt | Generic KDF
140 11900 | PBKDF2-HMAC-MD5 | Generic KDF
141 12000 | PBKDF2-HMAC-SHA1 | Generic KDF
142 10900 | PBKDF2-HMAC-SHA256 | Generic KDF
143 12100 | PBKDF2-HMAC-SHA512 | Generic KDF
144 23 | Skype | Network protocols
145 2500 | WPA/WPA2 | Network protocols
146 4800 | iSCSI CHAP authentication, MD5(Chap) | Network protocols
147 5300 | IKE-PSK MD5 | Network protocols
148 5400 | IKE-PSK SHA1 | Network protocols
149 5500 | NetNTLMv1 | Network protocols
150 5500 | NetNTLMv1 + ESS | Network protocols
151 5600 | NetNTLMv2 | Network protocols
152 7300 | IPMI2 RAKP HMAC-SHA1 | Network protocols
153 7500 | Kerberos 5 AS-REQ Pre-Auth etype 23 | Network protocols
154 8300 | DNSSEC (NSEC3) | Network protocols
155 10200 | Cram MD5 | Network protocols
156 11100 | PostgreSQL CRAM (MD5) | Network protocols
157 11200 | MySQL CRAM (SHA1) | Network protocols
158 11400 | SIP digest authentication (MD5) | Network protocols
159 13100 | Kerberos 5 TGS-REP etype 23 | Network protocols
160 121 | SMF (Simple Machines Forum) | Forums, CMS, E-Commerce, Frameworks
161 400 | phpBB3 | Forums, CMS, E-Commerce, Frameworks
162 2611 | vBulletin < v3.8.5 | Forums, CMS, E-Commerce, Frameworks
163 2711 | vBulletin > v3.8.5 | Forums, CMS, E-Commerce, Frameworks
164 2811 | MyBB | Forums, CMS, E-Commerce, Frameworks
165 2811 | IPB (Invison Power Board) | Forums, CMS, E-Commerce, Frameworks
166 8400 | WBB3 (Woltlab Burning Board) | Forums, CMS, E-Commerce, Frameworks
167 11 | Joomla < 2.5.18 | Forums, CMS, E-Commerce, Frameworks
168 400 | Joomla > 2.5.18 | Forums, CMS, E-Commerce, Frameworks
169 400 | Wordpress | Forums, CMS, E-Commerce, Frameworks
170 2612 | PHPS | Forums, CMS, E-Commerce, Frameworks
171 7900 | Drupal7 | Forums, CMS, E-Commerce, Frameworks
172 21 | osCommerce | Forums, CMS, E-Commerce, Frameworks
173 21 | xt:Commerce | Forums, CMS, E-Commerce, Frameworks
174 11000 | PrestaShop | Forums, CMS, E-Commerce, Frameworks
175 124 | Django (SHA-1) | Forums, CMS, E-Commerce, Frameworks
176 10000 | Django (PBKDF2-SHA256) | Forums, CMS, E-Commerce, Frameworks
177 3711 | Mediawiki B type | Forums, CMS, E-Commerce, Frameworks
178 7600 | Redmine | Forums, CMS, E-Commerce, Frameworks
179 12 | PostgreSQL | Database Server
180 131 | MSSQL(2000) | Database Server
181 132 | MSSQL(2005) | Database Server
182 1731 | MSSQL(2012) | Database Server
183 1731 | MSSQL(2014) | Database Server
184 200 | MySQL323 | Database Server
185 300 | MySQL4.1/MySQL5 | Database Server
186 3100 | Oracle H: Type (Oracle 7+) | Database Server
187 112 | Oracle S: Type (Oracle 11+) | Database Server
188 12300 | Oracle T: Type (Oracle 12+) | Database Server
189 8000 | Sybase ASE | Database Server
190 141 | EPiServer 6.x < v4 | HTTP, SMTP, LDAP Server
191 1441 | EPiServer 6.x > v4 | HTTP, SMTP, LDAP Server
192 1600 | Apache $apr1$ | HTTP, SMTP, LDAP Server
193 12600 | ColdFusion 10+ | HTTP, SMTP, LDAP Server
194 1421 | hMailServer | HTTP, SMTP, LDAP Server
195 101 | nsldap, SHA-1(Base64), Netscape LDAP SHA | HTTP, SMTP, LDAP Server
196 111 | nsldaps, SSHA-1(Base64), Netscape LDAP SSHA | HTTP, SMTP, LDAP Server
197 1711 | SSHA-512(Base64), LDAP {SSHA512} | HTTP, SMTP, LDAP Server
198 11500 | CRC32 | Checksums
199 3000 | LM | Operating-Systems
200 1000 | NTLM | Operating-Systems
201 1100 | Domain Cached Credentials (DCC), MS Cache | Operating-Systems
202 2100 | Domain Cached Credentials 2 (DCC2), MS Cache 2 | Operating-Systems
203 12800 | MS-AzureSync PBKDF2-HMAC-SHA256 | Operating-Systems
204 1500 | descrypt, DES(Unix), Traditional DES | Operating-Systems
205 12400 | BSDiCrypt, Extended DES | Operating-Systems
206 500 | md5crypt $1$, MD5(Unix) | Operating-Systems
207 3200 | bcrypt $2*$, Blowfish(Unix) | Operating-Systems
208 7400 | sha256crypt $5$, SHA256(Unix) | Operating-Systems
209 1800 | sha512crypt $6$, SHA512(Unix) | Operating-Systems
210 122 | OSX v10.4, OSX v10.5, OSX v10.6 | Operating-Systems
211 1722 | OSX v10.7 | Operating-Systems
212 7100 | OSX v10.8, OSX v10.9, OSX v10.10 | Operating-Systems
213 6300 | AIX {smd5} | Operating-Systems
214 6700 | AIX {ssha1} | Operating-Systems
215 6400 | AIX {ssha256} | Operating-Systems
216 6500 | AIX {ssha512} | Operating-Systems
217 2400 | Cisco-PIX | Operating-Systems
218 2410 | Cisco-ASA | Operating-Systems
219 500 | Cisco-IOS $1$ | Operating-Systems
220 5700 | Cisco-IOS $4$ | Operating-Systems
221 9200 | Cisco-IOS $8$ | Operating-Systems
222 9300 | Cisco-IOS $9$ | Operating-Systems
223 22 | Juniper Netscreen/SSG (ScreenOS) | Operating-Systems
224 501 | Juniper IVE | Operating-Systems
225 5800 | Android PIN | Operating-Systems
226 13800 | Windows 8+ phone PIN/Password | Operating-Systems
227 8100 | Citrix Netscaler | Operating-Systems
228 8500 | RACF | Operating-Systems
229 7200 | GRUB 2 | Operating-Systems
230 9900 | Radmin2 | Operating-Systems
231 125 | ArubaOS | Operating-Systems
232 7700 | SAP CODVN B (BCODE) | Enterprise Application Software (EAS)
233 7800 | SAP CODVN F/G (PASSCODE) | Enterprise Application Software (EAS)
234 10300 | SAP CODVN H (PWDSALTEDHASH) iSSHA-1 | Enterprise Application Software (EAS)
235 8600 | Lotus Notes/Domino 5 | Enterprise Application Software (EAS)
236 8700 | Lotus Notes/Domino 6 | Enterprise Application Software (EAS)
237 9100 | Lotus Notes/Domino 8 | Enterprise Application Software (EAS)
238 133 | PeopleSoft | Enterprise Application Software (EAS)
239 13500 | PeopleSoft Token | Enterprise Application Software (EAS)
240 11600 | 7-Zip | Archives
241 12500 | RAR3-hp | Archives
242 13000 | RAR5 | Archives
243 13200 | AxCrypt | Archives
244 13300 | AxCrypt in memory SHA1 | Archives
245 13600 | WinZip | Archives
246 62XY | TrueCrypt | Full-Disk encryptions (FDE)
247 X | 1 = PBKDF2-HMAC-RipeMD160 | Full-Disk encryptions (FDE)
248 X | 2 = PBKDF2-HMAC-SHA512 | Full-Disk encryptions (FDE)
249 X | 3 = PBKDF2-HMAC-Whirlpool | Full-Disk encryptions (FDE)
250 X | 4 = PBKDF2-HMAC-RipeMD160 + boot-mode | Full-Disk encryptions (FDE)
251 Y | 1 = XTS 512 bit pure AES | Full-Disk encryptions (FDE)
252 Y | 1 = XTS 512 bit pure Serpent | Full-Disk encryptions (FDE)
253 Y | 1 = XTS 512 bit pure Twofish | Full-Disk encryptions (FDE)
254 Y | 2 = XTS 1024 bit pure AES | Full-Disk encryptions (FDE)
255 Y | 2 = XTS 1024 bit pure Serpent | Full-Disk encryptions (FDE)
256 Y | 2 = XTS 1024 bit pure Twofish | Full-Disk encryptions (FDE)
257 Y | 2 = XTS 1024 bit cascaded AES-Twofish | Full-Disk encryptions (FDE)
258 Y | 2 = XTS 1024 bit cascaded Serpent-AES | Full-Disk encryptions (FDE)
259 Y | 2 = XTS 1024 bit cascaded Twofish-Serpent | Full-Disk encryptions (FDE)
260 Y | 3 = XTS 1536 bit all | Full-Disk encryptions (FDE)
261 8800 | Android FDE < v4.3 | Full-Disk encryptions (FDE)
262 12900 | Android FDE (Samsung DEK) | Full-Disk encryptions (FDE)
263 12200 | eCryptfs | Full-Disk encryptions (FDE)
264 137XY | VeraCrypt | Full-Disk encryptions (FDE)
265 X | 1 = PBKDF2-HMAC-RipeMD160 | Full-Disk encryptions (FDE)
266 X | 2 = PBKDF2-HMAC-SHA512 | Full-Disk encryptions (FDE)
267 X | 3 = PBKDF2-HMAC-Whirlpool | Full-Disk encryptions (FDE)
268 X | 4 = PBKDF2-HMAC-RipeMD160 + boot-mode | Full-Disk encryptions (FDE)
269 X | 5 = PBKDF2-HMAC-SHA256 | Full-Disk encryptions (FDE)
270 X | 6 = PBKDF2-HMAC-SHA256 + boot-mode | Full-Disk encryptions (FDE)
271 Y | 1 = XTS 512 bit pure AES | Full-Disk encryptions (FDE)
272 Y | 1 = XTS 512 bit pure Serpent | Full-Disk encryptions (FDE)
273 Y | 1 = XTS 512 bit pure Twofish | Full-Disk encryptions (FDE)
274 Y | 2 = XTS 1024 bit pure AES | Full-Disk encryptions (FDE)
275 Y | 2 = XTS 1024 bit pure Serpent | Full-Disk encryptions (FDE)
276 Y | 2 = XTS 1024 bit pure Twofish | Full-Disk encryptions (FDE)
277 Y | 2 = XTS 1024 bit cascaded AES-Twofish | Full-Disk encryptions (FDE)
278 Y | 2 = XTS 1024 bit cascaded Serpent-AES | Full-Disk encryptions (FDE)
279 Y | 2 = XTS 1024 bit cascaded Twofish-Serpent | Full-Disk encryptions (FDE)
280 Y | 3 = XTS 1536 bit all | Full-Disk encryptions (FDE)
281 9700 | MS Office <= 2003 $0|$1, MD5 + RC4 | Documents
282 9710 | MS Office <= 2003 $0|$1, MD5 + RC4, collider #1 | Documents
283 9720 | MS Office <= 2003 $0|$1, MD5 + RC4, collider #2 | Documents
284 9800 | MS Office <= 2003 $3|$4, SHA1 + RC4 | Documents
285 9810 | MS Office <= 2003 $3|$4, SHA1 + RC4, collider #1 | Documents
286 9820 | MS Office <= 2003 $3|$4, SHA1 + RC4, collider #2 | Documents
287 9400 | MS Office 2007 | Documents
288 9500 | MS Office 2010 | Documents
289 9600 | MS Office 2013 | Documents
290 10400 | PDF 1.1 - 1.3 (Acrobat 2 - 4) | Documents
291 10410 | PDF 1.1 - 1.3 (Acrobat 2 - 4), collider #1 | Documents
292 10420 | PDF 1.1 - 1.3 (Acrobat 2 - 4), collider #2 | Documents
293 10500 | PDF 1.4 - 1.6 (Acrobat 5 - 8) | Documents
294 10600 | PDF 1.7 Level 3 (Acrobat 9) | Documents
295 10700 | PDF 1.7 Level 8 (Acrobat 10 - 11) | Documents
296 9000 | Password Safe v2 | Password Managers
297 5200 | Password Safe v3 | Password Managers
298 6800 | Lastpass + Lastpass sniffed | Password Managers
299 6600 | 1Password, agilekeychain | Password Managers
300 8200 | 1Password, cloudkeychain | Password Managers
301 11300 | Bitcoin/Litecoin wallet.dat | Password Managers
302 12700 | Blockchain, My Wallet | Password Managers
303 13400 | Keepass 1 (AES/Twofish) and Keepass 2 (AES) | Password Managers
305 - [ Outfile Formats ] -
311 3 | hash[:salt]:plain
313 5 | hash[:salt]:hex_plain
315 7 | hash[:salt]:plain:hex_plain
317 9 | hash[:salt]:crack_pos
319 11 | hash[:salt]:plain:crack_pos
320 12 | hex_plain:crack_pos
321 13 | hash[:salt]:hex_plain:crack_pos
322 14 | plain:hex_plain:crack_pos
323 15 | hash[:salt]:plain:hex_plain:crack_pos
325 - [ Rule Debugging Modes ] -
331 3 | Original-Word:Finding-Rule
332 4 | Original-Word:Finding-Rule:Processed-Word
341 6 | Hybrid Wordlist + Mask
342 7 | Hybrid Mask + Wordlist
344 - [ Built-in Charsets ] -
348 l | abcdefghijklmnopqrstuvwxyz
349 u | ABCDEFGHIJKLMNOPQRSTUVWXYZ
351 s | !"#$%&'()*+,-./:;<=>?@[\]^_`{|}~
355 - [ OpenCL Device Types ] -
361 3 | FPGA, DSP, Co-Processor
363 - [ Workload Profiles ] -
365 # | Performance | Runtime | Power Consumption | Desktop Impact
366 ===+=============+=========+===================+=================
367 1 | Low | 2 ms | Low | Minimal
368 2 | Default | 12 ms | Economic | Noticeable
369 3 | High | 96 ms | High | Unresponsive
370 4 | Nightmare | 480 ms | Insane | Headless
372 - [ Basic Examples ] -
375 Mode | Type | Example command
376 ==================+=======+==================================================================
377 Wordlist | $P$ | hashcat -a 0 -m 400 example400.hash example.dict
378 Wordlist + Rules | MD5 | hashcat -a 0 -m 0 example0.hash example.dict -r rules/best64.rule
379 Brute-Force | MD5 | hashcat -a 3 -m 0 example0.hash ?a?a?a?a?a?a
380 Combinator | MD5 | hashcat -a 1 -m 0 example0.hash example.dict example.dict
382 If you still have no idea what just happened try following pages:
384 * https://hashcat.net/wiki/#howtos_videos_papers_articles_etc_in_the_wild
385 * https://hashcat.net/wiki/#frequently_asked_questions