Why does emulating hybrid attack with rules skip some rules/ignore numbers?
#3
(08-08-2015, 11:00 PM)undeath Wrote: can confirm
Code:
./hashcat-cli64.bin /tmp/t -r /tmp/test -a1 /tmp/t --stdout | wc -l
500

a0 works
Code:
./hashcat-cli64.bin /tmp/t -r /tmp/test --stdout | wc -l          
1000

Sorry undeath, I don't understand your reply. Are you saying you can confirm my issue or asking me for some more information?

In case it's the latter, here's my setup. For testing purposes, my dictionary is tiny (four lines). My rules file is as described above, intending to append a three digit number (rules like $0 $0 $0 through $9 $9 $9). When I use -a1 (combinator attack), then if my math is correct, I should expect to get 16,000 password candidates because 4^2=16 possibilities, each of which has 1,000 variants, so 16 * 1000 = 16000.

Here's where the problem comes in. Even though I do see 16,000 attempts when I test with --stdout:

Code:
maymay$ hashcat -a1 --stdout -r custom.rule my-capture.hccap dictionary.txt | sort | wc -l
16000

the actual password candidates themselves have skipped some possibilities:

Code:
maymay$ hashcat -a1 --stdout -r custom.rule my-capture.hccap dictionary.txt | sort | uniq | wc -l
10000

My question is, given that I have defined no reject rules, why does hashcat ignore or fail to test every permutation of the rules defined?

Thanks again for your quick reply.


Messages In This Thread
RE: Why does emulating hybrid attack with rules skip some rules/ignore numbers? - by maymay - 08-09-2015, 12:23 AM