Posts: 83
Threads: 19
Joined: Dec 2014
I've noticed in several lists I've been working on lately, I see several email addresses used as passwords. I suspect there are more than what I've found.
I'd like to write a rule to append some common domains to my wordlists. Looking through the wiki, the closest thing I can find is the ? (Append Character) function. However, that only works for 1 character.
Is there a shortcut to append multiple characters or do I have to write a rule, for example append @me.com, like: $@$m$e$.$c$o$m
Posts: 2,936
Threads: 12
Joined: May 2012
the shortcut is to use a stream editor to generate the rule file for you.
for example if you have a list of domains called "domains.txt", you would use something like this to generate the rule file:
Code:
sed 's/./\$&/g' domains.txt > domains.rule
the other option is to do a combinator attack.
Posts: 83
Threads: 19
Joined: Dec 2014
(04-10-2015, 05:29 AM)epixoip Wrote: the shortcut is to use a stream editor to generate the rule file for you.
for example if you have a list of domains called "domains.txt", you would use something like this to generate the rule file:
Code:
sed 's/./\$&/g' domains.txt > domains.rule
the other option is to do a combinator attack.
That's what I thought. Some programming required. And yes, the combinator attack would work too. Didn't think of that one.
Thanks.
Posts: 83
Threads: 19
Joined: Dec 2014
I've been working with this and had the [maybe] bright idea to combine this with the best64 rules. It somewhat works, and has found some hashes even in it's current somewhat broken state. Some of the rules don't work, and some do. For example (with all but first warning snipped), here are *SOME* of the rules cudahashcat doesn't like:
Code:
WARNING: Cannot convert rule for use on GPU in file rules\email2.rule in line 7: $@ $c $o $n $s $o $l $i $d $a $t $e $d $. $n $e $t
<snip>: r $@ $c $o $n $s $o $l $i $d $a $t $e $d $. $n $e $t
<snip>: r $@ $h $o $t $m $a $i $l $. $c $o $. $u $k
<snip>: r $@ $e $a $r $t $h $l $i $n $k $. $n $e $t
<snip>: u $@ $c $o $n $s $o $l $i $d $a $t $e $d $. $n $e $t
1) Do I really need the spaces between each character I'm appending? The other rules I looked at had them, so I added them.
2) Any idea why the first rule fails? It's not the only one, but fixing this would eliminate about half the errors.
(P.S. If anyone wants a copy once I get it working, let me know.)
Posts: 2,936
Threads: 12
Joined: May 2012
Spaces are optional.
The rule isn't failing, it just isn't loading because it's too long to be used on GPU. It will work in hashcat-cli though.
Posts: 83
Threads: 19
Joined: Dec 2014
04-13-2015, 05:26 AM
(This post was last modified: 04-13-2015, 05:43 AM by rsberzerker.)
(04-13-2015, 05:17 AM)epixoip Wrote: Spaces are optional.
The rule isn't failing, it just isn't loading because it's too long to be used on GPU. It will work in hashcat-cli though.
What is the limit on GPU (operations or character???)? I'm trying to use rules rather than a combinator attack because I can apparently use only 1 rule, not a rule file.
Posts: 117
Threads: 0
Joined: Nov 2013
The limit is 15 functions per line. If you were to use a combinator attack you would do username domains -j '$@'.
Posts: 83
Threads: 19
Joined: Dec 2014
(04-13-2015, 05:51 AM)coolbry95 Wrote: The limit is 15 functions per line. If you were to use a combinator attack you would do username domains -j '$@'.
Thanks. That explains why I get the "errors". Several are indeed longer than 15 functions / characters. Looks like this limits me to hashcat for these.
Using -j '$@' wouldn't work for me. I don't have (yet) a list of common usernames, but even if I did, I see people adding things, especially numbers. I believe being able to use the best64 rules would vastly increase my hit rate.
Using your suggestion, I've run the rules on hashcat, and no "errors". I'm currently cracking new hashes from a list I've already run through best64, d3ad0ne, another ruleset I found, plus my standard mask file. All using the same wordlists. One is 28 characters long (longest so far), and I did this one on a CPU. So far it's not a huge number of hashes, but considering how much this list has been worked over, not too bad IMHO.
Thank you for your help. I'll post my ruleset over in user contributions.
Posts: 30
Threads: 1
Joined: May 2015
I've done something similar and found that the list of names from facebook (skullsecurity's one, not the newer one, haven't got that one yet) with a whole bunch of email domains added worked pretty nicely.
As far as I can tell if you use multi-rules, you can specify a normal rule file and then the email-domain file, and your first rule will mangle the name, and then you'll get the "@server.com" bit added, generating valid email addresses.
In fact, that name list was pretty awesome, found me loads of passes from eharmony.
Posts: 5,185
Threads: 230
Joined: Apr 2010
For that kind of attack you should use -a 1 not rules