hashcat Forum
Basic rule isn't working - Printable Version

+- hashcat Forum (https://hashcat.net/forum)
+-- Forum: Support (https://hashcat.net/forum/forum-3.html)
+--- Forum: hashcat (https://hashcat.net/forum/forum-45.html)
+--- Thread: Basic rule isn't working (/thread-9897.html)

Basic rule isn't working - walterlacka - 02-25-2021

Code:
C:\hashcat-6.1.1>hashcat.exe --stdout d:\ftp\wordlist2017\google-1000-english-test.txt -r c:\hashcat-6.1.1\rules\test.rule
t@stypizza99
Xfiles99

One of those 2 passwords is accurate for the following, but Hashcat fails to crack it - and it's not 1 of them that already exists in the potfile:
Code:
C:\hashcat-6.1.1>hashcat.exe -m22000 d:\ftp\hashes2021\test.22000 d:\ftp\wordlist2017\google-1000-english-test.txt -r c:\hashcat-6.1.1\rules\test.rule
hashcat (v6.1.1) starting...

CUDA API (CUDA 11.2)
====================
* Device #1: GeForce GTX 1080 Ti, 10227/11264 MB, 28MCU
* Device #2: GeForce GTX 1080, 7213/8192 MB, 20MCU

OpenCL API (OpenCL 1.2 CUDA 11.2.135) - Platform #1 [NVIDIA Corporation]
========================================================================
* Device #3: GeForce GTX 1080 Ti, skipped
* Device #4: GeForce GTX 1080, skipped

Minimum password length supported by kernel: 8
Maximum password length supported by kernel: 63

Hashes: 100 digests; 51 unique digests, 15 unique salts
Bitmaps: 16 bits, 65536 entries, 0x0000ffff mask, 262144 bytes, 5/13 rotates
Rules: 1

Applicable optimizers applied:
* Zero-Byte
* Slow-Hash-SIMD-LOOP

Watchdog: Temperature abort trigger set to 90c

INFO: Removed 4 hashes found in potfile.

Host memory required for this attack: 971 MB

Dictionary cache hit:
* Filename..: d:\ftp\wordlist2017\google-1000-english-test.txt
* Passwords.: 2
* Bytes.....: 20
* Keyspace..: 2

The wordlist or mask that you are using is too small.
This means that hashcat cannot use the full parallel power of your device(s).
Unless you supply more work, your cracking speed will drop.
For tips on supplying more work, see: https://hashcat.net/faq/morework

Approaching final keyspace - workload adjusted.


Session..........: hashcat
Status...........: Exhausted
Hash.Name........: WPA-PBKDF2-PMKID+EAPOL
Hash.Target......: d:\ftp\hashes2021\test.22000
Time.Started.....: Wed Feb 24 20:49:53 2021 (0 secs)
Time.Estimated...: Wed Feb 24 20:49:53 2021 (0 secs)
Guess.Base.......: File (d:\ftp\wordlist2017\google-1000-english-test.txt)
Guess.Mod........: Rules (c:\hashcat-6.1.1\rules\test.rule)
Guess.Queue......: 1/1 (100.00%)
Speed.#1.........:        0 H/s (0.00ms) @ Accel:8 Loops:128 Thr:1024 Vec:1
Speed.#2.........:      37 H/s (0.70ms) @ Accel:8 Loops:128 Thr:1024 Vec:1
Speed.#*.........:      37 H/s
Recovered........: 4/51 (7.84%) Digests, 2/15 (13.33%) Salts
Progress.........: 30/30 (100.00%)
Rejected.........: 15/30 (50.00%)
Restore.Point....: 0/2 (0.00%)
Restore.Sub.#1...: Salt:0 Amplifier:0-0 Iteration:0-128
Restore.Sub.#2...: Salt:14 Amplifier:0-1 Iteration:0-1
Candidates.#1....: [Copying]
Candidates.#2....: t@stypizza99 -> t@stypizza99
Hardware.Mon.#1..: Temp: 29c Fan:100% Util:  0% Core:1911MHz Mem:5005MHz Bus:8
Hardware.Mon.#2..: Temp: 28c Fan:100% Util: 60% Core:1911MHz Mem:4513MHz Bus:16

Started: Wed Feb 24 20:49:49 2021
Stopped: Wed Feb 24 20:49:54 2021

Here's what's in the rule file:
Code:
$9

Here's what's in the wordlist:
Code:
t@stypizza9
Xfiles9

If i change the rule file to just : (instead of $9) and put the actual password in the wordlist, it cracks.

RE: Basic rule isn't working - Snoopy - 02-25-2021

Here's what's in the rule file:

Code:
$9
Here's what's in the wordlist:

Code:
t@stypizza9
Xfiles9
If i change the rule file to just : (instead of $9) and put the actual password in the wordlist, it cracks.

okay so i assume one of these 
Code:
t@stypizza99
Xfiles99
should be the password you ar looking for?

first check wordfile for maybe an extra whitspace char

second
your rules seems to be working as expected:
Candidates.#2....: t@stypizza99 -> t@stypizza99

can you try it with?
https://hashcat.net/beta/

RE: Basic rule isn't working - Banaanhangwagen - 02-25-2021

This is already asked and answered in different threads on this forum.

WPA2 has a minimum password length of eight characters and Hashcat early-rejects words from your wordlist below that threshold before applying rules.

You can use -S in order to avoid this, in exchange for some speed loss.

RE: Basic rule isn't working - walterlacka - 02-25-2021

Ugh!!!  Forgot about the early reject.  Will test with -S option shortly.

RE: Basic rule isn't working - walterlacka - 02-25-2021

That fixed it. Thanks for the reminder about the early reject.