03-27-2011, 07:51 PM
Hashcat's Combination mode attack seems to not generate all the combinations.
With the goal of using hashcat's words Combination attack-mode=1, my first step is to convert more of the KoreLogic john rules to hashcat, and to fix up the already converted that don't do the capitalizing, and use a smaller number of special characters.
But, by using hashcat's combination mode to help generate the rules, I've found that past a certain number of words, the combination mode doesn't give all the combinations.
(Running hashcat-cli32.exe v0.36 on an XP3 Celeron system with 1 GB of RAM.)
Starting with a rule to append one special character gives, before the capitalization rules, the 33 lines of:
Then, running that through hashcat with attack-mode=1 with a rule of just "^c" to prepend the "c" to the above rules to get the capitalized rules, using --debug-mode=3 --debug-file=debug.txt to get the resultant list, I get the expected 33 additional rules. Added together, the final rule is 66 lines.
Using that 66 line append one special rule as the basis to generate a rule that appends two specials, by running that file though hashcat's combination mode with the noop.rule, the expected output would be 66 * 66 = 4,356 lines, but only 4,355 lines come out, meaning that one got left out.
Backtracking, and using just the 33 main rules, without the capitalized versions, gets the expected 33 * 33 = 1,089 lines.
To test further, sending that 1,089 line file though the combination mode, which should get 1,089*1,089 = 1,185,921 lines results in only 1,184,515 lines, which is 1,406 short.
What is going wrong?
With the goal of using hashcat's words Combination attack-mode=1, my first step is to convert more of the KoreLogic john rules to hashcat, and to fix up the already converted that don't do the capitalizing, and use a smaller number of special characters.
But, by using hashcat's combination mode to help generate the rules, I've found that past a certain number of words, the combination mode doesn't give all the combinations.
(Running hashcat-cli32.exe v0.36 on an XP3 Celeron system with 1 GB of RAM.)
Starting with a rule to append one special character gives, before the capitalization rules, the 33 lines of:
Code:
$!
$
$"
$#
$$
$%
$&
$'
$(
$)
$*
$+
$,
$-
$.
$/
$:
$;
$<
$=
$>
$?
$@
$[
$\
$]
$^
$_
$`
${
$|
$}
$~
Using that 66 line append one special rule as the basis to generate a rule that appends two specials, by running that file though hashcat's combination mode with the noop.rule, the expected output would be 66 * 66 = 4,356 lines, but only 4,355 lines come out, meaning that one got left out.
Backtracking, and using just the 33 main rules, without the capitalized versions, gets the expected 33 * 33 = 1,089 lines.
To test further, sending that 1,089 line file though the combination mode, which should get 1,089*1,089 = 1,185,921 lines results in only 1,184,515 lines, which is 1,406 short.
What is going wrong?