Computing Power to the People

The Official Qarnot Blog

< Back

Hashcat on Qarnot – documentation

by Rémi Bouzel - October 28, 2021 - Documentation


Hashcat is an opensource password cracking software which relies on GPU power. Password cracking makes it possible to identify passwords from their hashes. Its purpose might be to help a user to recover a forgotten password, to gain unauthorized access to a system, or to act as a preventive measure, for instance by checking if passwords used within a company are strong enough.


The test case uses Hashcat 6.2.4:

Release year Version
2021 6.2.4

If you are interested in another version, please send us an email at



  • Please ensure that you have created a Qarnot account here and retrieve your Qarnot authentication token on the same page
  • Install Qarnot’s Python SDK here

Note: in addition to the Python SDK, Qarnot provides C# and Node.js SDKs and a Command Line Interface.


Test case

Let’s suppose the scenario where we obtained the following list of hashed passwords and we would now like to crack them:

The goal of this test case will be to find out what passwords are hidden behind these hashes. For this, we will compare it to a words list.
You can download both inputs (target hashes and words list) here. You need to unzip it to be able to launch the computation on Qarnot.

Launching the case

Once everything is set up, use the following script to launch the password cracking computation on Qarnot.

Make sure you have copied your authentication token in the script (instead of <<<MY_SECRET_TOKEN>>>) to be able to launch the task on Qarnot.

Finally, make sure that the input files are in the same folder named dataset-hashcat/. Your working directory should look like this:

  • dataset-hashcat/:
    • target_hashes.txt: list of hashed passwords to crack
    • wordslist.txt: list of passwords to test
  • Python script to run the computation on Qarnot

To launch this script, you just need to open a terminal in your working directory and execute python3 & .



At any given time, you can monitor the status of your task on the Console:

Once the computation is done, the result will be downloaded locally in hashcat-results/cracked.txt with the following content, unveiling the hashes and the password hidden behind:
If you wish to find the other passwords, you can run this payload with bigger words lists available on the internet.

Wrapping up

That’s it! If you have any questions, please contact and we will help you with pleasure!


Leave a Reply

Your email address will not be published. Required fields are marked *