+- hashcat Forum (https://hashcat.net/forum)
+-- Forum: Support (https://hashcat.net/forum/forum-3.html)
+--- Forum: hashcat (https://hashcat.net/forum/forum-45.html)
+--- Thread: Rule-based Attack (/thread-7608.html)
Rule-based Attack - peppespe - 06-25-2018
I'd like to carry out a rule-based attack where the password should have:
- capitalise first character
- append from one to four digits to the end
- append a special character and from one to four digits to the end.
As regular expression I could use this pattern:
Code:
[[:upper:]][[:alpha:]]*+[[:punct:]]*+[[:digit:]]*that grab words such as:
Code:
Palermo01
Palermo.01To perform this search by Hashcat I tried to create a file called “myrules” that contains the following rules:
Code:
#Capitalise first character
c
#Append a digit to the end
$?d
#Append a special character and a digit to the end
$?s?d
#Add two digits to the end
$?d?d
#Append a special character and two digits to the end
$?s?d?d
#Append three digits to the end
$?d?d?d
#Append a special character and three digits to the end
$?s?d?d?d
#Append four digits to the end
$?d?d?d?d
#Append a special character and four digits to the end
$?s?d?d?d?dBut according hashcat these rules are not correct:
Code:
hashcat -m 0 Palermo-01_md5.txt rockyou.txt -r myrules --debug-mode=1 --debug-file=matched.rule
<snip>
Skipping invalid or unsupported rule in file myrules on line 8: $?d?d
Skipping invalid or unsupported rule in file myrules on line 10: $?s?d?d
Skipping invalid or unsupported rule in file myrules on line 12: $?d?d?d
Skipping invalid or unsupported rule in file myrules on line 14: $?s?d?d?d
Skipping invalid or unsupported rule in file myrules on line 16: $?d?d?d?d
Skipping invalid or unsupported rule in file myrules on line 18: $?s?d?d?d?d
<snip>RE: Rule-based Attack - undeath - 06-25-2018
You are mixing masks and rules here. That's not possible.
RE: Rule-based Attack - lehrling - 06-26-2018
Each rule creates a new candidate. You need one rule that applies all of the modifications simultaneously.
RE: Rule-based Attack - peppespe - 06-26-2018
(06-25-2018, 07:03 PM)undeath Wrote: You are mixing masks and rules here. That's not possible.
I created a simple dictionary with one word in it (mydictionary.txt) and these 2 rule files:
- my_Upper-First-Prefix.rule, that contain the rule , which capitalizes the first letter and lower-cases the rest;Code:
c
- my_suffix_rules.rule, that was made by maskprocessor , which append a special character and four digits.Code:
mp64.exe -1 .,-_ -2 0123456789 "$?1$?2$?2$?2" -o my_suffix_rules.rule
Code:
hashcat64.exe -r my_Upper-First-Prefix.rule my_suffix_rules.rule --stdout mydictionary.txt
clBuildProgram(): CL_BUILD_PROGRAM_FAILUREwhat am I doing wrong?
RE: Rule-based Attack - undeath - 06-26-2018
First, you need -r for every rule file you specify. However, the error you got seems like a opencl problem. is hashcat generally working?
RE: Rule-based Attack - peppespe - 06-27-2018
(06-26-2018, 07:53 PM)undeath Wrote: First, you need -r for every rule file you specify. However, the error you got seems like a opencl problem. is hashcat generally working?
I got the same error message also with two -r
Code:
>hashcat64.exe -r my_Upper-First-Prefix.rule -r my_suffix_rules.rule --stdout mydictionary.txt
clBuildProgram(): CL_BUILD_PROGRAM_FAILUREAs a rule hashcat work, even if my laptop use mainly the CPU.
Code:
>hashcat64.exe -b
hashcat (v4.1.0) starting in benchmark mode...
Benchmarking uses hand-optimized kernel code by default.
You can use it in your cracking session by setting the -O option.
Note: Using optimized kernel code limits the maximum supported password length.
To disable the optimized kernel code in benchmark mode, use the -w option.
* Device #2: Not a native Intel OpenCL runtime. Expect massive speed loss.
You can use --force to override, but do not report related errors.
* Device #3: Intel's OpenCL runtime (GPU only) is currently broken.
We are waiting for updated OpenCL drivers from Intel.
You can use --force to override, but do not report related errors.
ADL_Overdrive_Caps(): -8RE: Rule-based Attack - plaverty9 - 06-27-2018
To your original question:
"I'd like to carry out a rule-based attack where the password should have:
- capitalise first character
- append from one to four digits to the end
- append a special character and from one to four digits to the end."
Try something along the lines of:
hashcat -m<value> <hash> -a3 -1 ?d?s ?u?a?a?a?a?1?1?1?1 --increment
where you use as many ?a as you think are necessary, or if you know something about those characters, you can tighten that up with a smaller character set.
RE: Rule-based Attack - undeath - 06-27-2018
mask attack/brute force should be your last resort, especially when you suspect the password is actually using a real word. Also that mask with --increment is going to try lots of invalid candidates.
RE: Rule-based Attack - peppespe - 06-27-2018
(06-27-2018, 05:10 PM)plaverty9 Wrote: To your original question:
"I'd like to carry out a rule-based attack where the password should have:
- capitalise first character
- append from one to four digits to the end
- append a special character and from one to four digits to the end."
Try something along the lines of:
hashcat -m<value> <hash> -a3 -1 ?d?s ?u?a?a?a?a?1?1?1?1 --increment
where you use as many ?a as you think are necessary, or if you know something about those characters, you can tighten that up with a smaller character set.
I'd like to perform a rule-based attack because I know that my target uses generally common words (e.g. italian words, that in some occasions have the first character capitalised) followed by specific suffixes (e.g. a special character and from 2 to 4 digits). For this reason I think that a brute force attak, even if based on masks, it's not the best solution.
RE: Rule-based Attack - undeath - 06-27-2018
regarding your opencl problem, I have no idea what exactly is wrong but I highly suspect something with your driver is kaput.