hashcat Forum Misc User Contributions v
Effective rules

Thread Closed 
Threaded Mode
Effective rules
TonyS Offline
Junior Member
**
Posts: 11
Threads: 2
Joined: Apr 2015
#1
04-13-2015, 06:05 PM (This post was last modified: 04-13-2015, 08:18 PM by TonyS.)
I started off with two rules. One comes with oclHashcat - the other I wrote myself. I then compiled a
huge list of MD5 hashes from the InsidePro forums to use as my target/testing hash list.

For the base dictionary, I merged/sorted/removed dupes between the rockyou dictionary
and passwords from the recent 10 million combo leak. The final dictionary can be downloaded
here for the curious.

I ran my two rules against these hashes with this dictionary and these were the results.

Code:
passwordspro.rule (~3300 rules) - 42.52%
tony.rule (~5500 rules) - 49.44%

I outputted all rules that had a match into a file called match.rule. I then sorted
this file based on occurence and made the following rules out of it. The different sizes could
be useful if time is of essence and/or the hashing algorithm is slow. You could also obviously
head the amount of rules that you want from the top_5000.rule instead.

I done some testing on the same list, and these were the results.

Code:
no rules      - 14.67% found
best 64       - 17.71% found
top_250.rule  - 36.14% found
top_500.rule  - 39.64% found
top_750.rule  - 41.91% found
top_1500.rule - 45.76% found
top_3000.rule - 48.77% found

I realize that the rule set will be kind of biased towards this specific list since it was created
using found passwords from this list. So for further testing, I compiled a list of 1 million hashes
using random passwords from a totally separate HQ cleartext (not cracked!) password leak. These
were the results.

Code:
$ shuf ***.dic | head -n1000000 > random.dic
$ ./md5gen random.dic > random.lst

Code:
no rules      - 8.23%  found
best 64       - 31.42% found
top_250.rule  - 42.97% found
top_500.rule  - 48.16% found
top_750.rule  - 50.97% found
top_1500.rule - 55.80% found
top_3000.rule - 60.59% found


The rules can be downloaded here.
Find
atom Offline
Administrator
*******
Posts: 5,185
Threads: 230
Joined: Apr 2010
#2
04-14-2015, 12:48 PM
Nice work. If you want we can put it into hashcat / oclHashcat default rules/ folder.
Website Find
Hash-IT Offline
Moderator
*****
Posts: 723
Threads: 85
Joined: Apr 2011
#3
04-14-2015, 02:05 PM
Thank you very much TonyS and very kind of you to share your work Smile
Find
TonyS Offline
Junior Member
**
Posts: 11
Threads: 2
Joined: Apr 2015
#4
04-14-2015, 03:10 PM
(04-14-2015, 12:48 PM)atom Wrote: Nice work. If you want we can put it into hashcat / oclHashcat default rules/ folder.

Thanks! And that would be great if you want to.

(04-14-2015, 02:05 PM)Hash-IT Wrote: Thank you very much TonyS and very kind of you to share your work Smile

Thank you. Smile
Find
atom Offline
Administrator
*******
Posts: 5,185
Threads: 230
Joined: Apr 2010
#5
04-14-2015, 05:40 PM
OK, please rename the files as you want to have them in the distribution. Then pack them all together and send them to me (email).
Website Find
dikiy Offline
Junior Member
**
Posts: 8
Threads: 2
Joined: Dec 2012
#6
08-25-2015, 07:45 PM
(04-13-2015, 06:05 PM)TonyS Wrote: The rules can be downloaded here.

Link is dead, could anyone reupload rules, can't wait to take a look
Find
ati6990 Offline
Member
***
Posts: 117
Threads: 6
Joined: Aug 2011
#7
08-25-2015, 08:33 PM
offline ;=(
Find
cvsi Offline
Junior Member
**
Posts: 10
Threads: 0
Joined: Aug 2015
#8
08-25-2015, 11:35 PM (This post was last modified: 08-25-2015, 11:37 PM by cvsi.)
I uploaded the original zip file to my dropbox.

TonyS Top Rules
Find
ati6990 Offline
Member
***
Posts: 117
Threads: 6
Joined: Aug 2011
#9
08-28-2015, 10:40 AM
btw great results come from combi top_3000 + best64 and top3000 + specific .... found many cool plains this waay... thank you for sharing.
Find
djhenry1981 Offline
Junior Member
**
Posts: 1
Threads: 0
Joined: Jul 2016
#10
07-14-2016, 11:55 PM
Anyone have the dictionary? link is dead
Find
Thread Closed