Effective rules
#1
I started off with two rules. One comes with oclHashcat - the other I wrote myself. I then compiled a
huge list of MD5 hashes from the InsidePro forums to use as my target/testing hash list.

For the base dictionary, I merged/sorted/removed dupes between the rockyou dictionary
and passwords from the recent 10 million combo leak. The final dictionary can be downloaded
here for the curious.

I ran my two rules against these hashes with this dictionary and these were the results.

Code:
passwordspro.rule (~3300 rules) - 42.52%
tony.rule (~5500 rules) - 49.44%

I outputted all rules that had a match into a file called match.rule. I then sorted
this file based on occurence and made the following rules out of it. The different sizes could
be useful if time is of essence and/or the hashing algorithm is slow. You could also obviously
head the amount of rules that you want from the top_5000.rule instead.

I done some testing on the same list, and these were the results.

Code:
no rules      - 14.67% found
best 64       - 17.71% found
top_250.rule  - 36.14% found
top_500.rule  - 39.64% found
top_750.rule  - 41.91% found
top_1500.rule - 45.76% found
top_3000.rule - 48.77% found

I realize that the rule set will be kind of biased towards this specific list since it was created
using found passwords from this list. So for further testing, I compiled a list of 1 million hashes
using random passwords from a totally separate HQ cleartext (not cracked!) password leak. These
were the results.

Code:
$ shuf ***.dic | head -n1000000 > random.dic
$ ./md5gen random.dic > random.lst

Code:
no rules      - 8.23%  found
best 64       - 31.42% found
top_250.rule  - 42.97% found
top_500.rule  - 48.16% found
top_750.rule  - 50.97% found
top_1500.rule - 55.80% found
top_3000.rule - 60.59% found


The rules can be downloaded here.
Reply
#2
Nice work. If you want we can put it into hashcat / oclHashcat default rules/ folder.
Reply
#3
Thank you very much TonyS and very kind of you to share your work Smile
Reply
#4
(04-14-2015, 12:48 PM)atom Wrote: Nice work. If you want we can put it into hashcat / oclHashcat default rules/ folder.

Thanks! And that would be great if you want to.

(04-14-2015, 02:05 PM)Hash-IT Wrote: Thank you very much TonyS and very kind of you to share your work Smile

Thank you. Smile
Reply
#5
OK, please rename the files as you want to have them in the distribution. Then pack them all together and send them to me (email).
Reply
#6
(04-13-2015, 06:05 PM)TonyS Wrote: The rules can be downloaded here.

Link is dead, could anyone reupload rules, can't wait to take a look
Reply
#7
offline ;=(
Reply
#8
I uploaded the original zip file to my dropbox.

TonyS Top Rules
Reply
#9
btw great results come from combi top_3000 + best64 and top3000 + specific .... found many cool plains this waay... thank you for sharing.
Reply
#10
Anyone have the dictionary? link is dead
Reply