Password cracking recovers plaintext from stolen hashes using: dictionary attacks (wordlists — rockyou.txt), rule-based (mutate words), brute force (all combinations), hybrid (dictionary + brute force).
Hashcat is fastest (GPU-accelerated). John the Ripper is slower but more versatile. Common hash types: NTLM (-m 1000), bcrypt (-m 3200, slow), SHA-256 (-m 1400). Rule-based cracking (best64 rules) cracks far more hashes than wordlists alone. rockyou.txt is the standard wordlist.