hashcat Forum Deprecated; Previous versions Old oclHashcat Support v
Can hybrid attack work with rules?

Threaded Mode
Can hybrid attack work with rules?
SopalajoArrierez Offline
Junior Member
**
Posts: 45
Threads: 14
Joined: Jan 2013
#1
01-23-2015, 04:25 AM
OCLHashCat v1.32 yields no error for this command-line (hybrid attack):

Code:
oclhashcat64 -m 1000 Hashes.txt -a 6 Dictio.txt ?d -j d

So, can I assume that "-j" option (rule for left dictionary) works with this attack?

Thanks you.
Find
atom Offline
Administrator
*******
Posts: 5,185
Threads: 230
Joined: Apr 2010
#2
01-23-2015, 12:12 PM
Single rules (-j) are supposed to work in this case, just -r is not.
Website Find
SopalajoArrierez Offline
Junior Member
**
Posts: 45
Threads: 14
Joined: Jan 2013
#3
01-24-2015, 05:58 AM (This post was last modified: 01-24-2015, 06:01 AM by SopalajoArrierez.)
Well... then, I think I have found a bug in OCLHashCat.
Case command-line:

Code:
# Creation of the password test file with key example "rafa3rafa3:
temp=$(iconv -f ASCII -t UTF-16LE <(printf "rafa3rafa3") | openssl dgst -md4)
temp=$(echo $temp | awk 'NF>1{print $NF}')
temp="Administrador:500:aad3b435b51404eeaad3b435b51404ee:"$temp":::"
echo $temp > TestPassword.txt

oclhashcat64 -m 1000 TestPassword.txt -a 6 "c:\Dictionaries\cain.txt" ?d -j d

oclHashcat v1.32 starting...

Device #1: Bonaire, 1024MB, 1050Mhz, 12MCU
Device #2: Tahiti, 3072MB, 1000Mhz, 32MCU
Device #3: Tahiti, 3072MB, 900Mhz, 28MCU

Hashes: 1 hashes; 1 unique digests, 1 unique salts
Bitmaps: 8 bits, 256 entries, 0x000000ff mask, 1024 bytes
Applicable Optimizers:
* Zero-Byte
* Precompute-Init
* Precompute-Merkle-Demgard
* Meet-In-The-Middle
* Early-Skip
* Not-Salted
* Not-Iterated
* Single-Hash
* Single-Salt
* Scalar-Mode
* Raw-Hash
Watchdog: Temperature abort trigger set to 90c
Watchdog: Temperature retain trigger set to 80c
Device #1: Kernel d:\Programas\HashCat\OCLHashCat/kernels/4098/m01000_a1.Bonaire
_1573.4_1573.4 (VM).kernel (190372 bytes)
Device #1: Kernel d:\Programas\HashCat\OCLHashCat/kernels/4098/markov_le_v2.Bona
ire_1573.4_1573.4 (VM).kernel (39912 bytes)
Device #2: Kernel d:\Programas\HashCat\OCLHashCat/kernels/4098/m01000_a1.Tahiti_
1573.4_1573.4 (VM).kernel (190384 bytes)
Device #2: Kernel d:\Programas\HashCat\OCLHashCat/kernels/4098/markov_le_v2.Tahi
ti_1573.4_1573.4 (VM).kernel (39952 bytes)
Device #3: Kernel d:\Programas\HashCat\OCLHashCat/kernels/4098/m01000_a1.Tahiti_
1573.4_1573.4 (VM).kernel (190384 bytes)
Device #3: Kernel d:\Programas\HashCat\OCLHashCat/kernels/4098/markov_le_v2.Tahi
ti_1573.4_1573.4 (VM).kernel (39952 bytes)

Generating dictionary stats for j:\Repositorio de Diccionarios para Ataques\Dicc
ionarios Base\Precompilados\cain.txt: 3149586 bytes (100.00%), 306706 words, 306


Generated dictionary stats for j:\Repositorio de Diccionarios para Ataques\Dicci
onarios Base\Precompilados\cain.txt: 3149586 bytes, 306706 words, 3067060 keyspa
ce


INFO: approaching final keyspace, workload adjusted


Session.Name...: oclHashcat
Status.........: Exhausted
Input.Left.....: File (j:\Repositorio de Diccionarios para Ataques\Diccionarios
Base\Precompilados\cain.txt)
Input.Right....: Mask (?d) [1]
Hash.Target....: 58a4b878e3ba2e06093acfae1d872391
Hash.Type......: NTLM
Time.Started...: 0 secs
Time.Estimated.: 0 secs
Speed.GPU.#1...:   225.2 MH/s
Speed.GPU.#2...:   593.2 MH/s
Speed.GPU.#3...:   466.1 MH/s
Speed.GPU.#*...:  1284.5 MH/s
Recovered......: 0/1 (0.00%) Digests, 0/1 (0.00%) Salts
Progress.......: 3067060/3067060 (100.00%)
Skipped........: 0/3067060 (0.00%)
Rejected.......: 35570/3067060 (1.16%)
HWMon.GPU.#1...:  0% Util, 35c Temp, 22% Fan
HWMon.GPU.#2...:  3% Util, 39c Temp, 21% Fan
HWMon.GPU.#3...: 35% Util, 38c Temp, 30% Fan

WARNING: Failed to restore default fan speed for gpu number: 2:
Started: Sat Jan 24 04:53:54 2015
Stopped: Sat Jan 24 04:53:56 2015

I think the rule is being ignored.
Same results for "-k" intead of "-j".
Should I open a bug ticket?

Note: Cain dictionary downloaded from here:
http://downloads.skullsecurity.org/passw...in.txt.bz2
Find
epixoip Offline
Legend
******
Posts: 2,936
Threads: 12
Joined: May 2012
#4
01-24-2015, 07:36 AM
I don't think that attack does what you think it does. Your plaintext input is "rafa3rafa3". If cain.txt contains the word "rafa", then "-a 6 cain.txt ?d -j d" will generate the candidate "rafarafa3" but not "rafa3rafa3".
Find
SopalajoArrierez Offline
Junior Member
**
Posts: 45
Threads: 14
Joined: Jan 2013
#5
01-24-2015, 07:44 AM (This post was last modified: 01-24-2015, 07:44 AM by SopalajoArrierez.)
(01-24-2015, 07:36 AM)epixoip Wrote: If cain.txt contains the word "rafa", then "-a 6 cain.txt ?d -j d" will generate the candidate "rafarafa3" but not "rafa3rafa3".
I understand: rules are applied before, and idctionary combination is applied later. Thanks you.
Then the only way to generate "rafa3rafa3" would be the previous generation of a dictionary "cain.txt" combined with "?d" (1 decimal digit), so it will contain the word "rafa3" and do:
Code:
oclhashcat64 -m 1000 TestPassword.txt cain-mask-1xd.txt -j d
Or there is a better way without needing to create a new dictionary?
Find
philsmd Offline
I'm phil
******
Posts: 2,267
Threads: 16
Joined: Feb 2013
#6
01-24-2015, 08:43 AM
to avoid to generate a large dict also something like this would work in your particular case:
file: my_append_num_and_duplicate.rule
Code:
$0 d
$1 d
$2 d
$3 d
$4 d
$5 d
$6 d
$7 d
$8 d
$9 d

Code:
oclhashcat64 -m 1000 -r my_append_num_and_duplicate.rule TestPassword.txt cain.txt
Find
SopalajoArrierez Offline
Junior Member
**
Posts: 45
Threads: 14
Joined: Jan 2013
#7
01-24-2015, 09:02 AM
(01-24-2015, 08:43 AM)philsmd Wrote: to avoid to generate a large dict also something like this would work in your particular case:
Code:
oclhashcat64 -m 1000 -r my_append_num_and_duplicate.rule TestPassword.txt cain.txt
A good idea, indeed.
Would it be the same as this other one?
Code:
oclhashcat64 -m 1000 -r my_append_num.rule TestPassword.txt cain.txt -j d

Considering the file is now:
Code:
$0
$1
$2
$3
$4
$5
$6
$7
$8
$9
Find
SopalajoArrierez Offline
Junior Member
**
Posts: 45
Threads: 14
Joined: Jan 2013
#8
01-24-2015, 09:16 AM
Mmm.. I think I could answer myself. Acording to my tests, it seems that the order between -r, -j and -k would be:
-j goes first.
-r goes second.
-k doesn't go: it is ignored.
Am I right?
Find
philsmd Offline
I'm phil
******
Posts: 2,267
Threads: 16
Joined: Feb 2013
#9
01-24-2015, 09:27 AM (This post was last modified: 01-24-2015, 09:31 AM by philsmd.)
-k is applied only on the second dictionary. So it makes sense for instance with "-a 1 dict1.txt dict2.txt".

So technically it isn't ignored, it just not applied since there is no second dictionary (or better said, the right-hand side) in your particular case.

Btw. I am not quite sure why you insist to use -j d . If you want to "split" the rules, there is also another interesting feature called multi-rules: see https://hashcat.net/wiki/doku.php?id=rul...ulti-rules .
Basically, you can do -r append_num.rule -r duplicate.rule
Find
SopalajoArrierez Offline
Junior Member
**
Posts: 45
Threads: 14
Joined: Jan 2013
#10
01-24-2015, 09:59 AM
(01-24-2015, 09:27 AM)philsmd Wrote: If you want to "split" the rules, there is also another interesting feature called multi-rules: see https://hashcat.net/wiki/doku.php?id=rul...ulti-rules .
Basically, you can do -r append_num.rule -r duplicate.rule
Fine! That is the one I was searching for.
When reading the docs, I thought multirules where sequential (attack the hash by using append_num.rule, then attack the hash by using duplicate.rul, not combined).
It makes more sense now.
Thanks you all for explaining.
Find