Unable to crack a simple fake password with dictionary and dive.rule
#1
I'm learning how to use hashcat, I more or less understand how brute force attacks works, but I'm still struggling with the dictionary and rules attacks. 


So I created a md5 hash e7624f83b5aa81ca40b1a4d40b2288ae from the fake password "JohnSmith" ( without the quotes ) for testing.

Then I created a dictionary personal.dict with the words:

Code:
John
Smith

Then I tried to "crack" the hash with that dictionary and the dive.rule but hashcat finished without finding the password. I know I must be doing something wrong, but I can't find what.

Code:
hashcat -w 3 -m 0 -a 0 -r ./rules/dive.rule e7624f83b5aa81ca40b1a4d40b2288ae  ./dict/personal.dict



Code:
Session..........: hashcat                               
Status...........: Exhausted
Hash.Mode........: 0 (MD5)
Hash.Target......: e7624f83b5aa81ca40b1a4d40b2288ae
Time.Started.....: Thu Jan 13 19:49:23 2022 (0 secs)
Time.Estimated...: Thu Jan 13 19:49:23 2022 (0 secs)
Kernel.Feature...: Pure Kernel
Guess.Base.......: File (./dict/personal.dict)
Guess.Mod........: Rules (rules/dive.rule)
Guess.Queue......: 1/1 (100.00%)
Speed.#1.........:  907.9 kH/s (0.47ms) @ Accel:256 Loops:256 Thr:64 Vec:1
Recovered........: 0/1 (0.00%) Digests
Progress.........: 198172/198172 (100.00%)
Rejected.........: 0/198172 (0.00%)
Restore.Point....: 2/2 (100.00%)
Restore.Sub.#1...: Salt:0 Amplifier:99072-99086 Iteration:0-256
Candidate.Engine.: Device Generator
Candidates.#1....: John.g -> Sm8ithSm8ith
Hardware.Mon.#1..: Temp: 42c Util: 47% Core:1740MHz Mem:5000MHz Bus:4


Update:
I just tried with best64.rule and combinator.rule and it doesn't find anything.  

For what I understand any of those rule sets should include one rule that put two words of the dictionary one after the other, shouldn't they?.
Reply
#2
In order to combine words of a dictionary with each other, you need to use -a 1.

More explanation and examples are found here: https://hashcat.net/wiki/doku.php?id=combinator_attack
Reply