The main problem here should be very clear.
Let's assume we have a dictionary called rockyou.txt and it contains the word "bioshock" (without quotes):
but we want to mangled the dict rockyou.txt such that it produces the password candidate "B10shock" (without quotes) to match the above hash...
Now we have the problem that the rule
replaces all the o's with 0's so we get bi0sh0ck (the "shock" with the letter "o" is not there anymore).
This is indeed not possible with the "replace all" rules (that should be quite logical).
Therefore, you would need to perform things on the N'th instance, like mentioned here: https://hashcat.net/wiki/doku.php?id=rul...onal_rules
The problem with the "p" rule is that it only work with -j and -k
I think it's probably easier to just come up with a different rule that works with the GPU based rule-engine.
E.g. using rules like prefixing "B10" to "shock" with the prepend character rule "^". Or using a different attack mode altogether like using -a 7 with a prepended mask etc.
At the end, I also very easily cracked the hash with a rule file (see above), but it was definitely a different rule than just a "replace all instances of x" (sxy) rule.
That's an important thing that you need to learn when dealing with such advanced attack types (like rule based attacks etc)... they do whatever you tell them to do. If you say replace all "o" with "0" they will do that and generate (according to you) the "wrong" password, but it's not really incorrect... the rule just did it's job. Indeed, very correctly and efficiently,
Let's assume we have a dictionary called rockyou.txt and it contains the word "bioshock" (without quotes):
Code:
$ grep '^bioshock$' rockyou.txt
bioshock
but we want to mangled the dict rockyou.txt such that it produces the password candidate "B10shock" (without quotes) to match the above hash...
Now we have the problem that the rule
Code:
so0
replaces all the o's with 0's so we get bi0sh0ck (the "shock" with the letter "o" is not there anymore).
This is indeed not possible with the "replace all" rules (that should be quite logical).
Therefore, you would need to perform things on the N'th instance, like mentioned here: https://hashcat.net/wiki/doku.php?id=rul...onal_rules
The problem with the "p" rule is that it only work with -j and -k
I think it's probably easier to just come up with a different rule that works with the GPU based rule-engine.
E.g. using rules like prefixing "B10" to "shock" with the prepend character rule "^". Or using a different attack mode altogether like using -a 7 with a prepended mask etc.
At the end, I also very easily cracked the hash with a rule file (see above), but it was definitely a different rule than just a "replace all instances of x" (sxy) rule.
That's an important thing that you need to learn when dealing with such advanced attack types (like rule based attacks etc)... they do whatever you tell them to do. If you say replace all "o" with "0" they will do that and generate (according to you) the "wrong" password, but it's not really incorrect... the rule just did it's job. Indeed, very correctly and efficiently,