maybe bug again
#1
Hi Atom, Sorry I haven't gotten back to u yet on the other 1 but i have been busy, and also it's a chore to do so. Let me explain: My puter is @$^%$%^%& whentrying to type. As u can see the space bar only works when itfeels like it and some of the keys have to behit 2 or 3 times before they feel like spitting out the letter, and if thats not bad enough once they do decide to type out the requested letter it usually spits out 2 or 3 of them. So it takes me 5 times as long as it should to type this!!! BUMMER!!!

Anyway same specs as the thread on the append bug: "Using HC 0.35 with GUI 0.2.453"
This one is about replacing letters
the password is:blTckhTt1
My wordlist contains: blackhat1
i am using the ported korelogic rule file: KoreLogicRulesReplaceLetters.rule

it looks like to me it has the required line to decrypt the password:

%1asaR
%1asaS
%1asaT <this line should do it, (I belive in english it says "rejectword unless there is at least 1 a, if there is 1 or more a's changethem ALL to uppercase T's)
%1asaU
%1asaV

so I do the run and no go. Next i checked my output file to make sure the decrypt wasn't already there, andit wasn't so i try a full run on lotsof files that i know havepasswords with replaced letters and it gets even more confusing. Turns out some letters will replace andothers won't. Sorry I cant tell u exactly which one's they are but i would be typing4 hours,lol. Ican tell u this though, some letters replace the lower case but not the upper, (I think z is one of these, replaces lower but not upper, and I think vwill do upper but not lower), but im guessing from memory so am not sure, BUT I am sure about the problem. Too wierd huh? do lower and not upper and visa versa? let me know what u find out. Thanks.
P.S. will PM u soon bout testing the new beta. Thanks Atom



Newupdate I just tried editing the rules file and removed the reject flags, (%1a, %1b and so on), It worked it dec the blTckhTt1 so i tried facebook1 and it dec the 1 i was lookin for, (facebCCk1), as wells as getting facebOOk1. So it looks like a flag problem or is this normal for HC?? thanks again
#2
awesome! nice catch again, tommie_c! it is a bug in the RULE_OP_REJECT_CONTAINS '%' rule.

the bug was the following:

it should do: reject the word unless it contains at least N instances of X
but it actually did: reject the word unless it contains exactly N instances of X

fixlog:

Code:
root@thumbstone:~/dev/projects/hashcat/hashcat-0.37# echo -n blTckhTt1 | md5sum
0fd34e9f1684b1bf309aee37acb72ded  -
root@thumbstone:~/dev/projects/hashcat/hashcat-0.37# echo 0fd34e9f1684b1bf309aee37acb72ded > hash
root@thumbstone:~/dev/projects/hashcat/hashcat-0.37# echo blackhat1 > word
root@thumbstone:~/dev/projects/hashcat/hashcat-0.37# cat > rule
%1asaT
root@thumbstone:~/dev/projects/hashcat/hashcat-0.37# ./hashcat-cli64.bin hash word -r rule
Initializing with 8 threads and 32mb segment-size...

NOTE: press enter for status-screen

Added hashes from file hash: 1 (1 salts)
Activating quick-digest mode for single-hash
Added rules from file rule: 1
0fd34e9f1684b1bf309aee37acb72ded:blTckhTt1
All hashes have been recovered
root@thumbstone:~/dev/projects/hashcat/hashcat-0.37#
#3
Cool thanks Atom, SLOWLY but surely I'm getting the feel of HC and it feels good. I'll keep trying causeof all the progs i own for decI like HC the best!! Thanks again