Hashcat is showing as exhausted for rule based mode
#1
Information 
Hi all, 

I am trying to crack a hash using hashcat in dictionary mode rule based. 

My rule is simple: 
$2 $0 $2 $0

and I am using the rockyou list. 

So, my command is:

hashcat -a 0 -m 100 '46244749d1e8fb99c37ad4f14fccb601ed4ae283' /usr/share/seclists/Passwords/Leaked-Databases/rockyou.txt -r rule

I have been able to test the rule with hashcat and I receive the appended output as expected. However, when running the above command, I get this:

Dictionary cache hit:
* Filename..: /usr/share/seclists/Passwords/Leaked-Databases/rockyou.txt
* Passwords.: 14344384
* Bytes.....: 139921497
* Keyspace..: 14344384

Approaching final keyspace - workload adjusted.

Session..........: hashcat
Status...........: Exhausted
Hash.Name........: SHA1
Hash.Target......: 46244749d1e8fb99c37ad4f14fccb601ed4ae283
Time.Started.....: Thu Apr 29 22:21:07 2021 (6 secs)
Time.Estimated...: Thu Apr 29 22:21:13 2021 (0 secs)
Guess.Base.......: File (/usr/share/seclists/Passwords/Leaked-Databases/rockyou.txt)
Guess.Mod........: Rules (rule)
Guess.Queue......: 1/1 (100.00%)
Speed.#1.........:  2693.6 kH/s (0.30ms) @ Accel:1024 Loops:1 Thr:1 Vec:8
Recovered........: 0/1 (0.00%) Digests
Progress.........: 14344384/14344384 (100.00%)
Rejected.........: 0/14344384 (0.00%)
Restore.Point....: 14344384/14344384 (100.00%)
Restore.Sub.#1...: Salt:0 Amplifier:0-1 Iteration:0-1
Candidates.#1....: $HEX[206b6d383130383832303230] -> $HEX[042a0337c2a156616d6f73210332303230]

Started: Thu Apr 29 22:21:06 2021
Stopped: Thu Apr 29 22:21:14 2021



Not sure what I'm doing wrong. Can you please advise? thanks
Reply
#2
It ran the rule in the attack but did not crack the hash, this is working perfectly fine.
Reply
#3
(04-29-2021, 11:21 PM)Chick3nman Wrote: It ran the rule in the attack but did not crack the hash, this is working perfectly fine.

It ran through the rockyou list in just 8 seconds? I'm running hashcat on a really poor machine with no GPU, so I think I must be doing something wrong..
Reply
#4
It did, 14 million total passwords is basically nothing. It did so at measured rate of 2.6 million per second. 14/2.6 is 5-6 seconds, so with some startup and slow down time, 8 seconds is perfectly reasonable.
Reply
#5
According to Hashcat, you're running at 2,693,600 hashes per second. With a wordlist that has 14,344,384 lines, that makes for 5.32 seconds, which is perfectly in line with the reported 6 seconds. Chick3nman's right and this is why SHA1 is so insecure, it's ridiculously fast. Try more rules or if you're certain it ends in 2020, try a bigger wordlist like the ones on weakpass.com
Reply