HC 3.0 generates gibberish with rules and full syntax on WPA
#1
1. Wrong / gibberish output when full syntax is used and rules applied.
When run like so :
Code:
hashcat64.exe  -r ".\myrules.rule" ".\test.txt" --stdout
all output is fine...
Quote:password
11pass11
00pass00
12pass12
1234pass
4321pass
pass4321
pass1234
drowssap
PASSWORD
Password
passwordpassword
...
but when using full syntax :
Code:
hashcat64.exe -a 0 -m 2500 --session=all -o ".\found.txt" --outfile-format=2 -w 2  -r ".\myrules.rule" ".\Capture_File(WPA).hccap" ".\test.txt" --stdout
the result contains wrong generated words / gibberish then the proper generated words from rules :
Quote:G±P(æ1yy܃l- w
11G±P(11
00G±P(00
12G±P(12
1234G±P(
4321G±P(
G±P(4321
G±P(1234
w -lƒÜyy1æ(P±G
g±p(æ1YY܃L- W
G±p(æ1yy܃l- w
G±P(æ1yy܃l- w
...
...
password
11pass11
00pass00
12pass12
1234pass
4321pass
pass4321
pass1234
drowssap
PASSWORD
Password
passwordpassword

Rules file :
Quote:# Dict word unchanged
:
# Ninja stuff
x04^1^1$1$1
x04^0^0$0$0
x04^2^1$1$2
x04^4^3^2^1
x04^1^2^3^4
x04$4$3$2$1
x04$1$2$3$4
# Reverse
r
# Upper - unsupported by GPU .. trying t for toggle will do in all lower case and upcase first only
#U
t
c
# Dupe
d
# Change first
T0
# Dup first 4 and trunc to 8
y4'8
# Append common
$!
$.
$1
...

the test.txt contains one word only - password

Any ideas why this is happening?

2. Also i want to override the drop of initial word when using WPA/WPA2 when it is < 8 chars and drop it after the rules are applied, but <8 is not supported, is there a way to do that and how.
Thank you.
#2
That is kind of obvious since --stdout doesn't expect any other other files besides the files needed for the attack type (e.g. -a 0 expects a dictionary or directory, -a 3 expects a mask, -a 1 expects 2 word lists etc).
--stdout does not need any hash file and if you use --stdout with a hash file it will be treated like a wordlist (because that is exactly what hashcat expects).
Also note there is no such thing like "full syntax" (there is only correct syntax/incorrect syntax ... and logical/semantic mistakes like you just made: i.e. specifying a .hccap file as a word list - because there is no need for .hccap files in --stdout mode -).

2. if you really want you can just pipe the modified/amplified plains into hashcat, e.g. hashcat --stdout -r a.rule b.dict | hashcat -m 2500 -w 3 ....
(ofc, the second command doesn't use --stdout)

short version is: --stdout is used to output all password candidates, it is not used to crack and therefore you do not use hash files, hash types etc
#3
OK, i see. My mistake was assuming that --stdout will just print to scr without having an impact on other switches.
I know it's possible to pipe the result to hashcat so it can auto reject <8 chars for WPA, i tought there is another way of doing it.
Thank you very much for your excellent answer and support, greatly appreciated.