Rules hashcat

[ksp]

First of all, what a nice tool hashcat is!
Even on my slow hardware it by far the fastest cracker I've tried.

So now when I tried it out for a couple of days I want to know more about rules. I've so far used the gui, but since I'm more of a console guy I'll switch to the command line any minute.

Let's say I want to Captialize the first tocken and append a year

e.g winter -> Winter2010

I know how to fix the append a year ($2$0$1$0) but how to capitalize the first char?

Is hashcat rules compatible with oclHashcat?

Is there any howto or guide how to build your own rules? I think that custom rules (with hashcat) can be one of the most efficient way to crack stubburn hashes.

[Rolf]

Note, hashcat's rule engine is compatible to PasswordsPro's and JtR's(excluding preprocessing).
Oh, and it also has a very nifty "generate N rules" feature.

[D3ad0ne]

hashcat and oclhashcat both uses rules very similar to JTR - http://www.openwall.com/john/doc/RULES.shtml

For hashcat to capitalize the first letter use the rule "c" without the quotes in a single line of a rule file. You are correct about the "$2$0$1$0" to append 2010 to the end of the dictionary word.

I prefer using oclhashcat to do a single simple rule such as:
- oclhashcat64.bin -m0 -n80 -j c -k \$2\$0\$1\$0 hash.list dict.dic dict.dic
The above example will use merge words from the same dict.dic capitalizing the first letter and appending 2010 to the end. Remember to use a \ to negate the $ on the command line(linux).

However if you want to just use a simple dictionary it would be:
- oclhashcat64.bin -m0 -n80 -j c -hash.list dict.dic 2010

I think a better example would be just to brute the last 4 characters with every digit to cover a wider range:
- oclhashcat64.bin -m0 -n80 -j c -hash.list dict.dic ?d?d?d?d

I compiled a list of frequent rules in order of occurrence and can be used as a rule file in hashcat, or they can be used to give use some ideas to use in oclhashcat - http://hashcat.net/misc/D3ad0ne_long.rule

[ksp]

Ahh, ok. Well then I'll just try out some JtR rules ;-)

How does "generate N rules" works? I see the option in the gui but how does it make it's rules? Are they based on cracked passwd?

I really wish there was more documentation in making rules. Maybe there is, but in that case I missed it.

Anyway, thanks for your quick reply

//KSP

[D3ad0ne]

Rules are not exactly like JTR but pretty close. To use the -g option in hashcat it just randomly generates rules. You can generate as many random rules as you want.

[ksp]

Ohh, another quick reply, thank you D3ad0ne!

Well, now I have everything I need to read about rules.
Your 10 000 rules-file is a gold-mine of rules

So the rule c$2$0$1$0 capitilaze and append 2010?

Well,I'm off for reading everything about rules
(and save money to get me a couples of Nvidia's)

//KSP

[D3ad0ne]

Yes that is how it should work