Hashcat rules handling (native *.rule files) added to JtR
#1
JtR (bleeding-jumbo), can now handle the native hashcat .rules files.  There is also a document added to the john package, listing the syntax needed to be added to make it work (mostly to work around escape character requirements for some rules in john, due to the pre-processor).

The addition of these rules has shown a few differences between the tools.  The differences are on 'edge' conditions.  The notable rules are i x and O.

hashcat logic is to leave word alone, unless the letter (or full range of letters) are within the word.

john logic is to do 'best case' mangling, where if any of the range is in the word, then that is done, and for the 'i', if the insert is past end of word, it is treated as a $

The way I have implemented rules in 'hashcat logic' mode, I get the same results from john as from hashcat.  But it may be nice to have both tools producing the same candidate stream from the same input words and rule set.
Reply
#2
One additional rule was added (to john).  That is eC  (and e?C for a class in john).  hashcat has the E command for title-casing.  The e is an extension of that, where any character (or class of characters in john), can be used as the separator for words.

so JOHN.DOE with e. rule would be John.Doe   Pretty useful since many companies have gone to a firstname.lastname user id scheme.
Reply
#3
Upon further checking, there is also an 'edge' condition difference in the 'X' command, when the range goes past the end of the memorized word (but starts within the memorized word).
Reply