Append numbers up to a length?
#1
I'm normally running hashcat on WPA and naturally passwords containing less than 8 chars are simply rejected. Is there any built-in way to, for instance, append characters only to the to-be-rejected passwords to make them candidates?

For example, if the dictionary contained the word "dog", I'd like hashcat to try, say, "dog12345" to reach the minimum length.

I looked into rules and masks, and as far as I can see, they wouldn't be the right tools for this.
#2
(09-16-2016, 01:43 PM)plapaw Wrote: [...] I looked into rules and masks, and as far as I can see, they wouldn't be the right tools for this.

Why not?
#3
Well, how?
#4
Take a look into hashcat folder: rules/hybrid and check out append_d.rule file. You can easily extend these rules, just read on: https://hashcat.net/wiki/doku.php?id=rule_based_attack.

Another way to achieve your goal would be to use mask attack with --increment mode and mask like that: ?d?d?d?d?d

EDIT: and if you worry too much about rejected passwords, make use of hashcat-utils, especially splitlen program https://hashcat.net/wiki/doku.php?id=has...s#splitlen and prepare correct rules / masks for each password lengths.
#5
I think you misunderstood the requirement. I don't want to append to ALL passwords in a dictionary. I want to add the right amount of characters (5 in the case of "dog") only to the passwords that need this treatment to not be rejected.

append_d is a straightforward append to ALL passwords in the dictionary. A hybrid-mask attack is just as useless in this case.

I know I can manually prepare the dictionary in various ways, including splitlen and then specific rules for each len-specific dictionary. However, I was wondering if there's a built-in way to achieve this without doing it manually.
#6
What I need are working reject rules, so I can have something like ">7 <7 $1" to reject non-7-letter-passwords, and append 1 to any not rejected. Then continue with ">6 <6 $1 $2", etc.

According to https://hashcat.net/wiki/doku.php?id=rule_based_attack reject rules are supposed to work for "slow algorithms" such as WPA, but they don't. I get "WARNING: Cannot convert rule for use on GPU in line 2: >7 <7 $1".
#7
Oh, looks like reject rules only work with inline rules via -j / -k. So the solution shown in my previous post works fine, but can't be used from a rule file. Good enough for me though.