Posts: 55
Threads: 8
Joined: Apr 2013
It it possible to use rules with the combinator attack? From what I can tell it allows the input, but it doesn't actually compute any rules based on the dictionaries.
With two (the same) dictionaries and rules applied.
Progress.......: 29/49 (59.18%) <- I would expect this number to be much higher.
With one dictionary and rules applied.
Progress.......: 21987/21987 (100.00%)
I am using the same rules and dictionaries in both examples. I realize it could add a lot of time by applying rules to a combinator attack, but am wondering if it is possible.
Posts: 100
Threads: 2
Joined: Mar 2012
Posts: 621
Threads: 57
Joined: May 2010
06-21-2013, 05:33 PM
(This post was last modified: 06-21-2013, 05:34 PM by mastercracker.)
Your post lack a little bit of details but if I get it right, you want to make all the combinations of 2 lists and then apply rules to them. Using -a 1 won't work. The workaround is to "rulify" your second list. For example, if the second list contains the following words:
how
rule
combination
then you create the file 2.rule containing this:
$h$o$w
$r$u$l$e
$c$o$m$b$i$n$a$t$i$o$n
Then you use -a 0 with your first wordlist then -r 2.rule then -r other.rule
Posts: 55
Threads: 8
Joined: Apr 2013
(06-21-2013, 05:33 PM)mastercracker Wrote: Your post lack a little bit of details but if I get it right, you want to make all the combinations of 2 lists and then apply rules to them. Using -a 1 won't work. The workaround is to "rulify" your second list. For example, if the second list contains the following words:
how
rule
combination
then you create the file 2.rule containing this:
$h$o$w
$r$u$l$e
$c$o$m$b$i$n$a$t$i$o$n
Then you use -a 0 with your first wordlist then -r 2.rule then -r other.rule
Ok that sounds like it would work, but would be a lot of work. I was hoping to apply a generic rule supplied with hashcat to one or both of the dictionaries on a combinator attack. So for example I apply passwordspro rules, which does a bunch of transforms and additions, etc, to a word. The idea being it does that to the lists in both dictionaries as the combinations are being tried.
For example, if I had a rule that tried a list as is and also uppercases all the words I would expect combinations like this. My 1st dictionary would contain the words: password, server, and backup. My second dictionary would be the same.
I would see combinations
passwordpassword
passwordserver
passwordbackup
serverpassword
serverserver
serverbackup
backuppassword
backupserver
backupbackup
PASSWORDPASSWORD
PASSWORDSERVER
PASSWORDBACKUP
SERVERPASSWORD
SERVERSERVER
SERVERBACKUP
BACKUPPASSWORD
BACKUPSERVER
BACKUPBACKUP
It would add potentially a ton of combinations, but would work for smaller word lists.
Posts: 621
Threads: 57
Joined: May 2010
2 things. 1) Just to be clear, the first solution I proposed will work with OCLHashcat-plus, not Hashcat. 2) With -a 1, you can use -j and -k that will modify the word of the first and second wordlist, respectively. However, you can specify only 1 rule for the -j and 1 for the -k so you would have to generate command lines for each combination of rules that you want and it would be even more work.
Posts: 55
Threads: 8
Joined: Apr 2013
Yea that is what I was kinda afraid of. Good on OCLHashcat-plus that is what I am using. I just found it was weird it would take a rule, but didn't appear to apply it.
Posts: 5,185
Threads: 230
Joined: Apr 2010
We should reject -r in case in -a 1 is used and stop the command running so that users knows its not supported. Can you please open a TRAC Ticket for this?
Posts: 55
Threads: 8
Joined: Apr 2013
Posts: 179
Threads: 13
Joined: Dec 2012
atom, adding -r support for combinator attack is a good idea. It'd be really useful.
Posts: 2,936
Threads: 12
Joined: May 2012
pipe combinator.bin into plus with -r