PW Attack Techniques:

• Dictionary Attacks – Use wordlists or rainbow tables as input into cracking algorithms.
• BruteForce Attack – Systematically check all possible password options (hit or miss) by applying any known rules (i.e., password length, case, special characters, etc).
• Hybrid -Combination Dictionary, Bruteforce and rules.
• Other – Additional techniques include phishing, social engineering, malware, and guessing

Hashcat Attack mode parameters

• Dictionary (-a 0) – Reads from a text file and uses each line as a password candidate
• Combination (-a 1) – Like the Dictionary Attack except it uses two dictionaries. Each word of a dictionary is appended to each word in a dictionary.
• Mask (-a 3) –  Try all combinations in a given keyspace. It is effectively a Brute Force on user specified character sets.
• Hybrid (-a 6 and -a 7) – A combination of a dictionary attack and a mask attack.

Wordlist Examples (Dictionaries):

• http://cyberwarzone.com/cyberwarfare/pas…word-lists
• http://hashcrack.blogspot.de/p/wordlist-…ds_29.html
• http://www.skullsecurity.org/wiki/index.php/Passwords
• http://packetstormsecurity.org/Crackers/wordlists/
• http://www.isdpodcast.com/resources/62k-…-passwords
• http://g0tmi1k.blogspot.com/2011/06/dict…lists.html
• http://www.md5this.com/tools/wordlists.html
• http://www.md5decrypter.co.uk/downloads.aspx