Combinator Attack with Stacked Rules
#1
Hi everyone,

I am trying to utilize a combinator attack with a “combinator-style ruleset”. Rather than running a few nested bash loops that utilizes left and right rules with a combinator attack, Atom has suggested that I use the stacked rules feature and I was wondering if someone could help me figure out how to utilize this method.

Example words.dict:

Code:
cat
dog
horse


Example rules.rule:

Code:
u
u $1
c $1
c $2


Example password construction:

Code:
u cat + u cat = CATCAT
u cat + u$1 cat = CATCAT1
u cat + c$1 cat = CATCat1
u cat + c$2 cat = CATCat2
u cat + u dog = CATDOG
u cat + u$1 dog = CATDOG1
u cat + c$1 dog = CATDog1
u cat + c$2 dog = CATDog2

c$2 horse + c$2 dog = Horse2Dog2
c$2 horse  + u horse = Horse2HORSE
c$2 horse  + u$1 horse = Horse2HORSE1
c$2 horse  + c$1 horse = Horse2Horse1
c$2 horse  + c$2 horse = Horse2Horse2

I was thinking about this command, but I’m not sure if it’s correct:
Code:
./hashcat -m 0 -a 1 hash.txt words.dict words.dict -r rules.rule -r rules.rule

How do I do this combinator with stacked rules?
Thank you in advance for you help!
#2
You can't do -a 1 with -r in combination. What I meant is more like this:

$ ./combinator.bin words.dict words.dict | ./hashcat -m 0 -a 0 -r rules.rule

This way you can't specify which rule to apply on which wordlist, but if you do -m 0 based attack that doesn't matter anyway. It wont hurt you to do some extra runs because it's so fast anyway.
#3
(07-22-2016, 10:30 AM)atom Wrote: You can't do -a 1 with -r in combination. What I meant is more like this:

$ ./combinator.bin words.dict words.dict | ./hashcat -m 0 -a 0 -r rules.rule

This way you can't specify which rule to apply on which wordlist, but if you do -m 0 based attack that doesn't matter anyway. It wont hurt you to do some extra runs because it's so fast anyway.

Thanks, atom. But with combinator.bin piping into hashcat, will that still be able to produce dog1Cat (as in example above)? It seems like the rules would not be able to add a number in between the combined words, only after they've already been combined. Is that right?
#4
You just need to create a handful of rules that insert the 1 into all positions starting from 0 to 10 or so.