hashcat Forum
Creating rule file - Printable Version

+- hashcat Forum (https://hashcat.net/forum)
+-- Forum: Support (https://hashcat.net/forum/forum-3.html)
+--- Forum: hashcat-utils, maskprocessor, statsprocessor, md5stress, wikistrip (https://hashcat.net/forum/forum-28.html)
+--- Thread: Creating rule file (/thread-5768.html)

Creating rule file - freeroute - 08-18-2016

I have a dictionary file which contain only lower case, female names (female_names.txt).
Let's say the WPA2 password "Julia1984". So I have to capitalize the first letters and append years to the female_names.txt.

I created a rule file which append years to the dictionary file: maskprocessor -1 1 -2 9 '$?1$?2$?d$?d' >> Append_years.rule
Also I created a Capital_letter.rule file, it's contain only one row: T0

The command I used: hashcat -D 1 --force -m 2500 -a 0 wpa_handshake.hccap /usr/share/wordlists/female_names.txt  -r Capital_letter.rule -r  Append_years.rule --stdout

Is it possible to write only one rule to capitalize the first letter and append year to the dictionary file (in this case there are 2 rules) ?
I ask it because I would like to know the best practise.
Thanks for your help in advance.

RE: Creating rule file - philsmd - 08-18-2016

just use this:
maskprocessor 'T0$1$9$?d$?d' > toggle_first_and_append_digits.rule

btw: if you look here: https://hashcat.net/wiki/rule_based_attack the "TN" rule stands for toggle not for uppercase!

PS: it shouldn't make any speed differences if you use 2 "-r" within the hashcat command line, especially if you use a slow hashing algorithm like wpa/wpa2

RE: Creating rule file - freeroute - 08-20-2016

Thanks for you help.
I guess hashcat rejected password that shorter than 8 characters. I know that WPA2 algorithm has password limitations. It should be min 8. char. and max. 64 char.
But in this case I use hybrid attack. I have worldlist and T0+append 4 digits.
In my wordlist there are some words that shorten that 8 chars. ( e.g. password "adrie" rejected. "adrie" + T0+append 4 digits= Adrie1984, which is 9 chars.)
My command was: hashcat -D 1 --force -m 2500 -a 0 5050_1471634242.hccap /usr/share/wordlists/Surnames.dic -r /usr/share/hashcat/rules/toggle_first_and_append_digits.rule

And the status was:
Session.Name...: hashcat
Status.........: Aborted
Rules.Type.....: File (/usr/share/hashcat/rules/toggle_first_and_append_digits.rule)
Input.Mode.....: File (/usr/share/wordlists/Surnames.dic)
Hash.Target....: xxxxxxx (c4:6e:1f:3f:5f:c8 <-> 00:23:4d:1d:ea:82)
Hash.Type......: WPA/WPA2
Time.Started...: Sat Aug 20 11:28:46 2016 (1 sec)
Time.Estimated.: Mon Aug 22 21:32:02 2016 (2 days, 10 hours)
Speed.Dev.#2...: 840 H/s (12.85ms)
Recovered......: 0/1 (0.00%) Digests, 0/1 (0.00%) Salts
Progress.......: 138184/175733200 (0.08%)
Rejected.......: 137000/138184 (99.14%)
Restore.Point..: 0/1757332 (0.00%)

Started: Sat Aug 20 11:28:46 2016
Stopped: Sat Aug 20 11:28:50 2016

Why did reject hashcat passwords that are shorter than 8 chars in this case?

RE: Creating rule file - philsmd - 08-20-2016

That's a very known "limitation". The rejection test will occur as soon as possible and in most of the cases makes perfect sense since otherwise too short plains will be transfered to the GPUs. Since hashcat also has a GPU-based rule engine it is not easy to display also the correct number of rejected plains that were filtered on GPU-site and therefore for performance reasons the rejection will be done as soon as possible.

But since it won't be done before the -j/-k manipulation you still can use this workaround: https://hashcat.net/forum/thread-5744-post-30925.html#pid30925 or you could just pipe the correct password candidates to hashcat. Both "workarounds" should work perfectly and since we are speaking about a slow hash type it won't affect performance at all.

Also try to use the search function next time, since these are really very common questions that were answered a couple of times. Furthermore you are mixing in here a lot of unrelated questions that have nothing to do with the original topic.

RE: Creating rule file - freeroute - 08-20-2016

Thank you for your help.