Offline attacks in password cracking refer to attempts to crack passwords using pre-obtained password hashes without needing to connect to a live system or network.
The dictionary attack, or “straight mode,” is a very simple attack mode. It is also known as a “Wordlist attack”.
All that is needed is to read line by line from a textfile (aka “dictionary” or “wordlist”) and try each line as a password candidate.
hashcat -a 0 -m 0 f806fc5a2a0d5ba2471600758452799c /usr/share/wordlists/rockyou.txt —show
-a 0 sets mode to dictionary attack
-m 0 sets to MD5 type
Brute-Force Attack
Tries all combinations from a given Keyspace. It is the easiest of all the attacks.
hashcat -a 3 -m 0 05A5CF06982BA7892ED2A6D38FE832D6 ?d?d?d?d
-a 3 sets mode to brute-force attack
?d?d?d?d the ?d tells hashcat to use a digit (?d?d?d?d = four digits 0000 - 9999)
?l = abcdefghijklmnopqrstuvwxyz
?u = ABCDEFGHIJKLMNOPQRSTUVWXYZ
?d = 0123456789
?h = 0123456789abcdef
?H = 0123456789ABCDEF
?s = «space»!"#$%&'()*+,-./:;<=>?@[\]^_`{|}~
?a = ?l?u?d?s
?b = 0x00 - 0xff
Rule-Based attacks
Also known as hybrid attacks.
Attacker know something about the password policy. for example, manipulating or 'mangling' a password such as 'password': p@ssword, Pa$$word, Passw0rd, and so on.