03-31-2013, 09:16 PM
If they're really that small (there aren't that many 4 letter words), then one option you have would be to create a dictionary of the two digits, and then use the hashcat-utils "combinator" program to do a cartesian product of the first wordlist + the number wordlist. After that, you can easily do this again to get a complete on-disk dictionary, if you have the drive space, and then applying rules is trivial.
Without rules, you can give Hashcat multiple dictionaries with a combinator attack (--attack-mode=1).
Alternately, you can use the "combinator" program to pipe input to a hashcat programs stdin mode - perhaps a little slower, no predicted status, but it works too, even with rules.
AFAIK, the "combinator" program at least used to have a 15 character limit, like all the other hashcat-utils programs, though I haven't checked again in a long time, which limits its use against "correct horse battery staple" passwords.
Without rules, you can give Hashcat multiple dictionaries with a combinator attack (--attack-mode=1).
Alternately, you can use the "combinator" program to pipe input to a hashcat programs stdin mode - perhaps a little slower, no predicted status, but it works too, even with rules.
AFAIK, the "combinator" program at least used to have a 15 character limit, like all the other hashcat-utils programs, though I haven't checked again in a long time, which limits its use against "correct horse battery staple" passwords.