hashcat v0.50 hybrid rules
#1
so I'm attempting a hybrid rule-based attack with hashcat, trying to generate candidates like 1stword2ndword123. here is my command line:

hashcat -m 2500 -a 1 -r bf.rule /home/me/hccap/some.hccap /home/me/wordlists/a.txt

bf.rule created with maskprocessor to append 3 digits: ./mp.bin -o bf.rule '$?d?d?d'

the last four words in my test wordlist are:
abuse
abused
acacia
accept

--stdout shows this works pretty well, but it's skipping the last few candidates, and I can't figure out why:

acceptabuse996
acceptabuse997
acceptabuse998
acceptabuse999
acceptabused996
acceptabused997
acceptabused998
acceptabuse999
acceptacacia996
acceptacacia997
acceptabused998
acceptabuse999
acceptaccept996
acceptacacia997
acceptabused998
acceptabuse999

it skipped
acceptabused999
acceptacacia998,999
acceptacept997,998,999

and duplicated some others, like acceptabuse999

this was done using v.50, whose changelog says the dupes have been fixed.  ??

what, if anything, am I doing wrong that would produce this behavior.....I am truly stumped, and any help MOST appreciated!

db60
#2
Quote:bf.rule created with maskprocessor to append 3 digits: ./mp.bin -o bf.rule '$?d?d?d'

Looks wrong, I think you wanted to do:

Quote:bf.rule created with maskprocessor to append 3 digits: ./mp.bin -o bf.rule '$?d $?d $?d'
#3
(11-10-2015, 09:53 AM)atom Wrote:
Quote:bf.rule created with maskprocessor to append 3 digits: ./mp.bin -o bf.rule '$?d?d?d'

Looks wrong, I think you wanted to do:

Quote:bf.rule created with maskprocessor to append 3 digits: ./mp.bin -o bf.rule '$?d $?d $?d'

I did as you suggested and tried it again with the same command line and the new bf.rule, which cats out as

$9 $9 $0
$9 $9 $1
$9 $9 $2
$9 $9 $3
$9 $9 $4
$9 $9 $5
$9 $9 $6
$9 $9 $7
$9 $9 $8
$9 $9 $9

the last four words in my test list are:

abuse
abused
acacia
accept

and it it still looks the same to me, still with some skips and dupes:

acceptabundant996
acceptabundant997
acceptabundant998
acceptabundant999
acceptabuse996
acceptabuse997
acceptabuse998
acceptabuse999
acceptabused996
acceptabused997
acceptabused998
acceptabuse999
acceptacacia996
acceptacacia997
acceptabused998
acceptabuse999
acceptaccept996
acceptacacia997
acceptabused998
acceptabuse999

what do you think?
#4
From that output it does look like something fishy is going on.
#5
it would seem so, but I'm not sure whether it's the code or just a dumb mistake on my part...what's your thought there? can I post any more info that'd help decide? db60
#6
Would need the input from the devs since that I am not sure you are supposed to be able to use rules in the -a 1 mode for Hashcat. For Oclhashcat there is -j and -k that apply a single rule for the left and right side but for Hashcat that has only 1 wordlist, I am not sure what is happening with -r.
#7
perhaps I misread this?

http://hashcat.net/wiki/doku.php?id=hybr...with_rules
#8
I've checked that case now, here's a log:

Generate rules, should be 1000 in total, worked

Quote:$ ./mp64.bin -o bf.rule '$?d $?d $?d'
$ wc -l bf.rule
1000 bf.rule

Test combinator, base wordlist has 31 words, so 31^2 should give 961, worked.

Quote:$ wc -l a.txt
31 a.txt
$ ./hashcat-cli64.bin -a 1 a.txt --stdout | wc -l
961
$ ./hashcat-cli64.bin -a 1 a.txt --stdout  | sort -u | wc -l
961

Now with rules added it should be (31^2)*1000. Seems to work for the total number of output words, but seems to have
create some dupes. I'll check that

Quote:$ ./hashcat-cli64.bin -a 1 a.txt --stdout -r bf.rule | wc -l
961000
$ ./hashcat-cli64.bin -a 1 a.txt --stdout -r bf.rule | sort -u | wc -l
914500