Create a single rule file with maskprocessor
#1
Hello,

I would like to create a rule file with maskprocessor - creating a rule to generate passwords. I know the pwd is a single birthday. It contains only 8 digits and begin 19.
I have a test.hccap file. The password let's be:19540302.

This command working:
root@The-Distribution-Which-Does-Not-Handle-OpenCL-Well (Kali):~/hashes/test# hashcat -m 2500 -a 3 test.hccap -1 01 -2 0123 19?d?d?1?d?2?d
Initializing hashcat v2.00 with 2 threads and 32mb segment-size...

Added hashes from file test.hccap: 1 (1 salts)
Activating quick-digest mode for single-hash with salt

[s]tatus [p]ause [r]esume ypass [q]uit => s
[b]test.hccap:19540302    
            
                                             
All hashes have been recovered

Input.Mode: Mask (19?d?d?1?d?2?d) [8]
Index.....: 0/1 (segment), 80000 (words), 0 (bytes)
Recovered.: 1/1 hashes, 1/1 salts
Speed/sec.: - plains, 784 words
Progress..: 65740/80000 (82.17%)
Running...: 00:00:01:24
Estimated.: 00:00:00:18

If I generate a single rule with maskprocessor:
maskprocessor -1 01 -2 0123 19?d?d?1?d?2?d >> birthday.rule
It's create a dictionary file, but I need a rule file. So this command was bad.

This command better, I guess:
maskprocessor -1 01 -2 0123 '19$?d $?d $?1 $?d $?2 $?d' >> birthday2.rule
root@The-Distribution-Which-Does-Not-Handle-OpenCL-Well (Kali):~/hashes/test# tail birthday2.rule
19$9 $9 $1$ 9$ 3 $0
19$9 $9 $1$ 9$ 3 $1
19$9 $9 $1$ 9$ 3 $2
.
.
.

root@The-Distribution-Which-Does-Not-Handle-OpenCL-Well (Kali):~/hashes/test#wc -l birthday2.rule
80000 birthday2.rule

Which contains 80000 rows. But I need only 1 rule, which contains only 1 row to generate passwords.
How could I do that?

root@The-Distribution-Which-Does-Not-Handle-OpenCL-Well (Kali):~/hashes/test# hashcat -V
2.00

Could you help me?
Note: this would be my first rule, I just started to learn using hashcat.

Thanks,
[/b]
#2
Congratz, you actually found out the "hard way" what the differences between rule and mask attack is (the easy way would be to just read the wiki pages, in this specific case especially these 2 pages: https://hashcat.net/wiki/rule_based_attack and https://hashcat.net/wiki/mask_attack).

Of course, rules and masks are not designed to do exactly the same thing (otherwise we wouldn't need to have both). In short, mask attacks is a very clever way to avoid the huge keyspace/time needed to do a full brute-force (of course with some disadvantages and "prerequisites"/limitations) and rule based attacks is used in combination with (one) very good dictionary to manipulate those plains known to crack many hashes.

To answer your question: "But I need only 1 rule, which contains only 1 row to generate passwords." ... is not possible. This is not the goal of "rules". Rules are there to amplify an attack and manipulate other plains and NOT to generate password candidates themself (without being combined with actually good-cracking plains).

That said, it would be better that you mention your actual problem or goal such that we can give better advice (or just look for it with the help of the forum's search function). E.g., why do you say "This command is working" but at the same time you try to use maskprocessor ? If it is working, what is the real problem ?
On the other hand, it is very strange to me that you use hashcat-legacy (hashcat 2.0) but do not use the newest version of hashcat (hashcat 3.0), which supports both CPU and GPU.

If your goal is instead to play around and try to increase speed (after you downloaded hashcat 3.0 of course Wink ), you can try to pipe the candidates to hashcat (3.0) and see how much the speed changes in stdin mode (maskprocessor -1 01 -2 0123 19?d?d?1?d?2?d | hashcat -w 3 -m 2500 -a 0 test.hccap)

Tl;dr: "I would like to create a rule file with maskprocessor"... this is a stupid idea in this specific case, i.e. if you do not manipulate (for instance append / prepend strings to very good working) plains. That is what rule based attack (-r) is all about.
#3
Thank your for your quick answer and advice. I will read all the manual of hashcat,of course.

I tried to install the new haschat, but my video card is an old card and it didn't work with hashcat 3.0. Here is the thread: https://hashcat.net/forum/thread-5655.html. So until this time I can't use, only the legacy version.

Once again, thank you very much.