08-31-2018, 09:46 PM
by stdin/pipe mode I meant this:
and undeath is of course correct, there are edge cases that are kind of allowed (and can't really be easily detected/enforced). So he basically already told you how to bypass the limitation, by just using a -j "^a^a^a^a^a^a^a^a" rule and striping it off with -r (a rule file containing a [[[[[[[[ rule, note that you can apply multiple -r rule1.rule -r rule2.rule rules files and all the rules from all the files will be combined into concatenated rules)
I see that you are trying to convince me that minimum password length checks are useless/annoying... but in general you won't want to have a password in your outfile/potfile that doesn't respect the password policy and this length filter is most of the times doing a good job that we don't output any wrong passwords that do not respect the min/max password length... of course it can be annoying in some special cases but in most of the cases it makes sense.... (the only problem is that the kernels currently have no way to just skip passwords aka there is no reject rules implemented on the GPU rule engine and therefore the filtering is done "too early" if we use rules)
Code:
hashcat --stdout -r rules/rockyou-30000.rule test3.txt | hashcat64.bin -m 2500 test.hccapx
and undeath is of course correct, there are edge cases that are kind of allowed (and can't really be easily detected/enforced). So he basically already told you how to bypass the limitation, by just using a -j "^a^a^a^a^a^a^a^a" rule and striping it off with -r (a rule file containing a [[[[[[[[ rule, note that you can apply multiple -r rule1.rule -r rule2.rule rules files and all the rules from all the files will be combined into concatenated rules)
I see that you are trying to convince me that minimum password length checks are useless/annoying... but in general you won't want to have a password in your outfile/potfile that doesn't respect the password policy and this length filter is most of the times doing a good job that we don't output any wrong passwords that do not respect the min/max password length... of course it can be annoying in some special cases but in most of the cases it makes sense.... (the only problem is that the kernels currently have no way to just skip passwords aka there is no reject rules implemented on the GPU rule engine and therefore the filtering is done "too early" if we use rules)