hashcat Forum

Full Version: Rules hashcat
You're currently viewing a stripped down version of our content. View the full version with proper formatting.
First of all, what a nice tool hashcat is!
Even on my slow hardware it by far the fastest cracker I've tried.

So now when I tried it out for a couple of days I want to know more about rules. I've so far used the gui, but since I'm more of a console guy I'll switch to the command line any minute.

Let's say I want to Captialize the first tocken and append a year

e.g winter -> Winter2010

I know how to fix the append a year ($2$0$1$0) but how to capitalize the first char?

Is hashcat rules compatible with oclHashcat?

Is there any howto or guide how to build your own rules? I think that custom rules (with hashcat) can be one of the most efficient way to crack stubburn hashes.
Note, hashcat's rule engine is compatible to PasswordsPro's and JtR's(excluding preprocessing).
Oh, and it also has a very nifty "generate N rules" feature.
hashcat and oclhashcat both uses rules very similar to JTR - http://www.openwall.com/john/doc/RULES.shtml

For hashcat to capitalize the first letter use the rule "c" without the quotes in a single line of a rule file. You are correct about the "$2$0$1$0" to append 2010 to the end of the dictionary word.

I prefer using oclhashcat to do a single simple rule such as:
- oclhashcat64.bin -m0 -n80 -j c -k \$2\$0\$1\$0 hash.list dict.dic dict.dic
The above example will use merge words from the same dict.dic capitalizing the first letter and appending 2010 to the end. Remember to use a \ to negate the $ on the command line(linux).

However if you want to just use a simple dictionary it would be:
- oclhashcat64.bin -m0 -n80 -j c -hash.list dict.dic 2010

I think a better example would be just to brute the last 4 characters with every digit to cover a wider range:
- oclhashcat64.bin -m0 -n80 -j c -hash.list dict.dic ?d?d?d?d

I compiled a list of frequent rules in order of occurrence and can be used as a rule file in hashcat, or they can be used to give use some ideas to use in oclhashcat - http://hashcat.net/misc/D3ad0ne_long.rule
Ahh, ok. Well then I'll just try out some JtR rules ;-)

How does "generate N rules" works? I see the option in the gui but how does it make it's rules? Are they based on cracked passwd?

I really wish there was more documentation in making rules. Maybe there is, but in that case I missed it.

Anyway, thanks for your quick reply

//KSP
Rules are not exactly like JTR but pretty close. To use the -g option in hashcat it just randomly generates rules. You can generate as many random rules as you want.
Ohh, another quick reply, thank you D3ad0ne!

Well, now I have everything I need to read about rules.
Your 10 000 rules-file is a gold-mine of rules

So the rule c$2$0$1$0 capitilaze and append 2010?

Well,I'm off for reading everything about rules
(and save money to get me a couples of Nvidia's)

//KSP
Yes that is how it should work