The description states:  "Five86-2 is another purposely built vulnerable lab with the intent of gaining experience in the world of penetration testing."

This is a friggin' puzzle box.  Fun, but definitely a puzzle box.  I enjoyed it thoroughly because I learned a new trick.  More on that later.

First, we kick off with Nmap:

Like most people, when I receive an email with a link, I do a quick check to see if the url is legit.  I'll carefully read it, then I will mouse over it to make sure that the text and the url match.  I've seen that trick a few times and I've also seen a trick where there was what appeared to be an attached Word document but instead it was an image for a URL.  That was definitely clever.  I haven't seen that one too many times but I can see a user repeatedly clicking on it -- wondering why Word wasn't opening.

But let's say we get a link to an image.  I probably get at least one of these per day where a friend sends me to some meme or something of interest.  http:// blah blah blah / funnymeme.gif

Hashcat is one of those tools where I feel like I'm just scratching at the surface with respect to all of its capabilities.  Normally, I'm attempting to crack hashes with a wordlist to prove the strength of a password.  Or I'm playing some CTF where I need to retrieve a password.  In each case, I'm not brute forcing a password, I'm providing a wordlist which makes the process light years faster.  That being said, there are times when I've wanted to use a brute force attack but have shied away when confronted with reading the manual.  RTFM!