+- hashcat Forum (https://hashcat.net/forum)
+-- Forum: Deprecated; Previous versions (https://hashcat.net/forum/forum-29.html)
+--- Forum: General Help (https://hashcat.net/forum/forum-8.html)
+--- Thread: Why does emulating hybrid attack with rules skip some rules/ignore numbers? (/thread-4592.html)
Why does emulating hybrid attack with rules skip some rules/ignore numbers? - maymay - 08-08-2015
Hi,
I'm learning about hashcat rules and recently noticed an issue where some of my rules are apparently being skipped (not tested). I created a simple rules file to append a three-digit number to the end of a dictionary, super simple, beginning like this:
Code:
$0 $0 $0
$0 $0 $1
$0 $0 $2
$0 $0 $3
$0 $0 $4
$0 $0 $5
$0 $0 $6
$0 $0 $7
$0 $0 $8
$0 $0 $9
$0 $1 $0
$0 $1 $1
$0 $1 $2
$0 $1 $3
$0 $1 $4
$0 $1 $5
$0 $1 $6
$0 $1 $7
$0 $1 $8
$0 $1 $9and going all the way to
Code:
$9 $9 $9Code:
?d?d?dCode:
hashcat --stdout -a 1 -r custom.rule my-capture.hccap dictionary.txtand notice that in this snippet of the output, there are several numbers missing, such as "971" (it goes from "widesky970" to "widesky972") and numerous others.
Code:
widesky970
widesky972
widesky973
widesky974
widesky976
widesky977
widesky978Why is this happening?
Also, after adding a few more rules to the beginning of my rule file (like
Code:
:Thanks for your help.
RE: Why does emulating hybrid attack with rules skip some rules/ignore numbers? - undeath - 08-08-2015
can confirm
Code:
./hashcat-cli64.bin /tmp/t -r /tmp/test -a1 /tmp/t --stdout | wc -l
500a0 works
Code:
./hashcat-cli64.bin /tmp/t -r /tmp/test --stdout | wc -l
1000RE: Why does emulating hybrid attack with rules skip some rules/ignore numbers? - maymay - 08-09-2015
(08-08-2015, 11:00 PM)undeath Wrote: can confirm
Code:./hashcat-cli64.bin /tmp/t -r /tmp/test -a1 /tmp/t --stdout | wc -l
500
a0 works
Code:./hashcat-cli64.bin /tmp/t -r /tmp/test --stdout | wc -l
1000
Sorry undeath, I don't understand your reply. Are you saying you can confirm my issue or asking me for some more information?
In case it's the latter, here's my setup. For testing purposes, my dictionary is tiny (four lines). My rules file is as described above, intending to append a three digit number (rules like $0 $0 $0 through $9 $9 $9). When I use -a1 (combinator attack), then if my math is correct, I should expect to get 16,000 password candidates because 4^2=16 possibilities, each of which has 1,000 variants, so 16 * 1000 = 16000.
Here's where the problem comes in. Even though I do see 16,000 attempts when I test with --stdout:
Code:
maymay$ hashcat -a1 --stdout -r custom.rule my-capture.hccap dictionary.txt | sort | wc -l
16000the actual password candidates themselves have skipped some possibilities:
Code:
maymay$ hashcat -a1 --stdout -r custom.rule my-capture.hccap dictionary.txt | sort | uniq | wc -l
10000My question is, given that I have defined no reject rules, why does hashcat ignore or fail to test every permutation of the rules defined?
Thanks again for your quick reply.
RE: Why does emulating hybrid attack with rules skip some rules/ignore numbers? - maymay - 08-29-2015
Bump…?
RE: Why does emulating hybrid attack with rules skip some rules/ignore numbers? - epixoip - 08-29-2015
undeath already said he could confirm it, so did you open a ticket on Trac to report the bug?
RE: Why does emulating hybrid attack with rules skip some rules/ignore numbers? - maymay - 08-29-2015
(08-29-2015, 08:06 AM)epixoip Wrote: undeath already said he could confirm it, so did you open a ticket on Trac to report the bug?
Ah, I didn't understand that that's what undeath was saying. I'll open a Trac ticket now: https://hashcat.net/trac/ticket/654
Thanks for prodding me in the right direction.
RE: Why does emulating hybrid attack with rules skip some rules/ignore numbers? - atom - 08-31-2015
fixed in latest beta