Posts: 42
Threads: 3
Joined: Jan 2020
Hello
I am reluctant to call this a bug, as it may be my fault, but I am having a problem with hashcat and generating a plain password list by using rules combined with an input password list.
I have used the simplest test.rule just to demonstrate the issue. Other rules also produce unexpected results.
System = Win7 64 SP1 and all updates.
Hashcat = Version 6.2.6
Content of “test.rule”
Content of “testpass.txt”
Code:
aaaaaaaaaa
bbbbbbbbbb
cccccccccc
dddddddddd
eeeeeeeeee
ffffffffff
My command-line.
hashcat.exe -r “test.rule” “testpass.txt” –stdout >>testoutput.txt
Unexpected result within “testoutput.txt”
Code:
Aaaaaaaaaa
Aaaaaaaaaa
aaaaaaaaaaaacccccccc
aaaaaaaaaa
aaaaaaaaaa
AAAAAAAAAA
Bbbbbbbbbb
Bbbbbbbbbb
bbbbbbbbbbbbcccccccc
bbbbbbbbbb
bbbbbbbbbb
BBBBBBBBBB
Cccccccccc
Cccccccccc
ccccccccccccgggggggg
cccccccccc
cccccccccc
CCCCCCCCCC
Dddddddddd
Dddddddddd
ddddddddddddeeeeeeee
dddddddddd
dddddddddd
DDDDDDDDDD
Eeeeeeeeee
Eeeeeeeeee
eeeeeeeeeeeegggggggg
eeeeeeeeee
eeeeeeeeee
EEEEEEEEEE
Ffffffffff
Ffffffffff
ffffffffffffffffffff
ffffffffff
ffffffffff
FFFFFFFFFF
Posts: 35
Threads: 0
Joined: Dec 2022
Posts: 42
Threads: 3
Joined: Jan 2020
Thank you buka for the link I only searched this forum and should have looked elsewhere.
I have now found more posts on github.com which might also explain the issues with my other tests where I am getting non keyboard characters from password lists and rules which should not produce them.
Posts: 42
Threads: 3
Joined: Jan 2020
02-08-2023, 12:55 AM
(This post was last modified: 02-08-2023, 01:07 AM by WPA_Catcher.)
Hmm...
Using the latest beta
There still seems to be something strange about hashcat outputting plain passwords, through rules, to a text file.
I ran a single (solitary) password through a rule file and saved the output to "new_passwords.txt"
I hashed all the new words in "new_passwords.txt".
I then used the same plain text password and ran it through the same rule file to crack all the hashes I had just created.
What I do not understand is that on some occasions I am cracking less than 20%
Why am I not cracking 100% of the passwords created with the very same password and rule file I used to make the hashes?
Posts: 822
Threads: 15
Joined: Sep 2017
(02-08-2023, 12:55 AM)WPA_Catcher Wrote: Hmm...
Using the latest beta
There still seems to be something strange about hashcat outputting plain passwords, through rules, to a text file.
I ran a single (solitary) password through a rule file and saved the output to "new_passwords.txt"
I hashed all the new words in "new_passwords.txt".
I then used the same plain text password and ran it through the same rule file to crack all the hashes I had just created.
What I do not understand is that on some occasions I am cracking less than 20%
Why am I not cracking 100% of the passwords created with the very same password and rule file I used to make the hashes?
because --stdout seems to be still broken
your "new_passwords.txt" contains passwords which are not really generated by your ruleset, but outputted to file because of broken --stdout, then you hashed these "right and wrong candidates", but when attacking these hashes with your single password + ruleset, the gerated passwordcandidates are "right" so the wrong candidates are missing, as result, you dont crack 100% but only the "correct" generated passes
Posts: 42
Threads: 3
Joined: Jan 2020
(02-08-2023, 03:10 PM)Snoopy Wrote: because --stdout seems to be still broken
Thank you Snoopy that explains it. I will wait for the next beta release before testing further.
Posts: 42
Threads: 3
Joined: Jan 2020
Using the latest beta 6.2.6+266 my problems with rules and stdout remain
