hashcat Forum
Append numbers up to a length? - Printable Version

+- hashcat Forum (https://hashcat.net/forum)
+-- Forum: Support (https://hashcat.net/forum/forum-3.html)
+--- Forum: hashcat (https://hashcat.net/forum/forum-45.html)
+--- Thread: Append numbers up to a length? (/thread-5884.html)



Append numbers up to a length? - plapaw - 09-16-2016

I'm normally running hashcat on WPA and naturally passwords containing less than 8 chars are simply rejected. Is there any built-in way to, for instance, append characters only to the to-be-rejected passwords to make them candidates?

For example, if the dictionary contained the word "dog", I'd like hashcat to try, say, "dog12345" to reach the minimum length.

I looked into rules and masks, and as far as I can see, they wouldn't be the right tools for this.


RE: Append numbers up to a length? - d2 - 09-16-2016

(09-16-2016, 01:43 PM)plapaw Wrote: [...] I looked into rules and masks, and as far as I can see, they wouldn't be the right tools for this.

Why not?


RE: Append numbers up to a length? - plapaw - 09-16-2016

Well, how?


RE: Append numbers up to a length? - d2 - 09-16-2016

Take a look into hashcat folder: rules/hybrid and check out append_d.rule file. You can easily extend these rules, just read on: https://hashcat.net/wiki/doku.php?id=rule_based_attack.

Another way to achieve your goal would be to use mask attack with --increment mode and mask like that: ?d?d?d?d?d

EDIT: and if you worry too much about rejected passwords, make use of hashcat-utils, especially splitlen program https://hashcat.net/wiki/doku.php?id=hashcat_utils#splitlen and prepare correct rules / masks for each password lengths.


RE: Append numbers up to a length? - plapaw - 09-16-2016

I think you misunderstood the requirement. I don't want to append to ALL passwords in a dictionary. I want to add the right amount of characters (5 in the case of "dog") only to the passwords that need this treatment to not be rejected.

append_d is a straightforward append to ALL passwords in the dictionary. A hybrid-mask attack is just as useless in this case.

I know I can manually prepare the dictionary in various ways, including splitlen and then specific rules for each len-specific dictionary. However, I was wondering if there's a built-in way to achieve this without doing it manually.


RE: Append numbers up to a length? - plapaw - 09-16-2016

What I need are working reject rules, so I can have something like ">7 <7 $1" to reject non-7-letter-passwords, and append 1 to any not rejected. Then continue with ">6 <6 $1 $2", etc.

According to https://hashcat.net/wiki/doku.php?id=rule_based_attack reject rules are supposed to work for "slow algorithms" such as WPA, but they don't. I get "WARNING: Cannot convert rule for use on GPU in line 2: >7 <7 $1".


RE: Append numbers up to a length? - plapaw - 09-16-2016

Oh, looks like reject rules only work with inline rules via -j / -k. So the solution shown in my previous post works fine, but can't be used from a rule file. Good enough for me though.