hashcat Forum
Rule generation vs Attack Method? - Printable Version

+- hashcat Forum (https://hashcat.net/forum)
+-- Forum: Support (https://hashcat.net/forum/forum-3.html)
+--- Forum: hashcat (https://hashcat.net/forum/forum-45.html)
+--- Thread: Rule generation vs Attack Method? (/thread-10960.html)



Rule generation vs Attack Method? - secondpass - 08-12-2022

TL;DR

Need to build a password permuting 3-4 words using/combining basic rules. So... Combinator Attack (same wordlist) + Manually Combining rules? Hybrid Attacks manually Permuting passwords? Straight Attack + Multi-Rules ?? Rule-based attack?? Toggle-attack??


input:
Code:
qwerty
p@ssw0rd
secr3t


output:
Code:
qwertyp@ssw0rd
qwertysecr3t
p@assw0rdqwerty
p@assw0rdsecr3t
secr3tqwerty
secr3tp@ssw0rd

rules:
Code:
## combine all capital and lower (Basically toggle2.rule)
T1
T2
T3
T4
T(nth...)
T1T2
T1T3
T1T4
T1T(nth...)
T1T2T3
T1T2T4
T1T2T(nth)
T(nth)(nth)
## Common replace
ss$
sa@
sA@
se3
sE3
s3e
s3E

## Add common symbol at end

$!
$@
$#
$$
$%
$&

The story:
Few months ago I bookmarked this thread: Debrief: Cracked Ethereum wallet - a beginners approach
And today I just decided to follow it, the issue is that my approach varies when setting up the password and realized it's kind of convoluted both the attack-mode + using rules.

The first things I tried was making his same strategy, use a wordlist with 'all' the passwords and generate a wordlist with rules (I still don't know how to make rules) so I was thinking on using oneRuleToRuleThemAll... but the issue is that I KNOW how my password is composed and using the biggest compendium of rules it's an overkill, specially knowing that scrypt is SLOW and must be done in CPU instead of GPU.

So, off to the docs and learn how to make rules... here at the bottom I read about Multi-Rules which maybe I can use to merge all toggle? Then I find that there's also the combination attack, which also draws my attention because I need to permute 3 words... but combination adds 3 extra entries (word1word1, word2word2 and word3word3) this times the rules... adds up many password I know are not.

Now I read about hybrid-attack which is the same as combination but with a little difference and might also work because I know that I just append common symbols and I can manually permute the passwords, it ain't that hard.

Then there is Rule-based attack which look like the way to go because I know the rules... but then I need to manually permute the words and also combine all the toggles (or use toggle2.rule + Multi-rules)

So... eventually I think I'll figure it out once I wrap my head around the options and figure out how the rules work if they're all combines or they're executed one by one or if I should first focus on generating the wordlist and then focus on the attack... Still just wanted to share my though process and story. Wish me luck and any suggestion is appreciated.


RE: Rule generation vs Attack Method? - Snoopy - 08-12-2022

see princeprocessor (pp) for combinung up to X words from a given list, use pp to feed hashcat over pipe (there is a nice overview in the second link)

https://github.com/hashcat/princeprocessor
https://reusablesec.blogspot.com/2014/12/tool-deep-dive-prince.html

rules dont "generate" passwords but modify them, next thing yes, you will gain no boost in hashrate when doing rules on cpu but this doesnt matter in an older thread i tried different attacks, combinator, dict + rules and bf with scrypt, result was always the same speed

to check your attack use --stdout before like this
pw.txt
Code:
a
b
c
1
2
3
and a rule.txt with just T0 inside (toogle first char)
Code:
pp64.exe --elem-cnt-min=3 --elem-cnt-max=3 < pw.txt | hashcat.exe --stdout -r rule.txt
this will result in output like this (shortened), these are your generated passwords, 3 elements (min,max) and with first char toggled

Code:
Ca3
1a3
2a3
3a3
Ab3
Bb3
Cb3
1b3
2b3
3b3
Ac3
Bc3
Cc3
1c3
2c3
3c3
A13
B13



RE: Rule generation vs Attack Method? - secondpass - 08-13-2022

Quote:rules dont "generate" passwords but modify them
EPIC! This is exactly what I needed, following the example of the other post cracking the eth wallet, he first actually generated a wordlist, and then used a straight (Dictionary) attack (-a 0) now that I fully understand how it works I think I'll try to also generate a small wordlist with my possible passwords and use that also with a straight attack, rules don't bend in the way I build the password generating a way broader amount of guesses.

Thanks!