Including rule used in output
#1
First off, obviously this is HIGHLY dependent on the dictionary used.
I've been trying to find a way to combine the .Rule files and optimizing them to the maximum by removing all of the rules that bear zero to no fruit - i believe that this way we can create a truly optimized rule list.

Is there ANY way to use hashcat to show which rule it is using prior to cracked results?
I don't mind if it takes days to do, im sure that this kind thing will slow down the cracking process substantially, but i have the resource to do so, and once I'm done, ill post the results here.

In my mind it may look like this:
Code:
$!
HASH:PASS
HASH:PASS
HASH:PASS
$! $! $!
$! $@
HASH:PASS
HASH:PASS
$! $@ $#
$! $@ $# $$
HASH:PASS
HASH:PASS
HASH:PASS
HASH:PASS

In this above instance (probably require some Regex-fu) I'll discover that both $! $! $! and $! $@ $# we're not productive and remove them.
Reply
#2
take a look at hashcat options:

Code:
--debug-mode              | Num  | Defines the debug mode (hybrid only by using rules)  | --debug-mode=4
--debug-file              | File | Output file for debugging rules                      | --debug-file=good.log

- [ Rule Debugging Modes ] -

  # | Format
===+========
  1 | Finding-Rule
  2 | Original-Word
  3 | Original-Word:Finding-Rule
  4 | Original-Word:Finding-Rule: Processed-Word

so in your case (your are only interested in the rule) it would be sufficent to use debug mode 1, otherwise use 4 and split the rules afterwards) with debug file, then u will need some runs with different dicts, attacktargets and rules (also generated rules), delet any potfile after each run or disable potfile (to be able to crack same pass with different rules) and then sort/count the debugfile (linux sort debugfile | uniq -c )

the output would be a file like this ( the file was already processed, so the number in front is the number how often a specific rules was able to crack a password) some basic fast runs with different dicts and attacktargets

Code:
  4257 T0
  2972 :
  2907 $1 $2 $3
  2369 si1
  1967 se3


so these 5 rules are the top 5 for this fast test runs

T0 = Toggle first char
: do nothin
append 123
replace all i with 1
replace all e with 3

but as you mentioned, these is very dependend to targets and dicts used
Reply
#3
Thank you VERY MUCH Snoopy

this is EXACTLY what i needed, i totally appriciate this and apologize for not realizing this is the solution when i read the help (for the nth time)
Reply