Overwrite Rule using Lowercase Letters?
#1
I am trying to find a way to crack a 12-digit lower case alphanumeric password (that might take less than 10 years). I was thinking that I could build 12-digit numeric word-lists and use the overwrite rule to add letters to numeric word-lists. The majority of the password consists of numbers. A numbered word-list would also take up less hard-drive space.

Is this possible and can anyone point me in the right direction for more information on creating rules?

## rule: Overwrite characters in a wordlist with lowercase letters
## limits: password equal 12 chars in length
## letters used one time each and not repeated
## letters not placed next to each other (separated by at least one number)
## no more than 2-5 letters used at a time per 12-digit password

## example: 642394959797 ---> 6423949h9s97

#change each char to the letter "a" one by one
o0a
o1a
o2a
o3a
o4a
o5a
o6a
o7a
o8a
o9a
oAa
oBa

#change each char to the letter "b" one by one
o0b
o1b
o2b...

Rule based attack information on the Wiki:
https://hashcat.net/wiki/doku.php?id=rule_based_attack

PS I tried to bruit-force with a custom character-set. It was impractical as far as the amount of time it would take to crack.  

hashcat64.exe -a 3 -m 2500 -1 ?d?l "C:\Users\Desktop\hashcat targets\test.hccap" ?1?1?1?1?1?1?1?1?1?1?1?1
#2
I'd suggest using PACK and set min digits to 10 or whatever count of numbers are known
#3
(10-17-2016, 09:39 AM)atom Wrote: I'd suggest using PACK and set min digits to 10 or whatever count of numbers are known

Hi atom! Thank you for the suggestion. I found out that PACK from http://thesprawl.org (multiple programs) is already installed in Kalil! I ran the 2 passwords that I have through the below processes.

It looks like if I would like to use the rules I now need to place them into a *.rule file. Correct? It also looks like I will need to create a custom wordlist of 12-digit alphanumeric passwords to run the rules on, is that also Correct? So the dream of applying rules to the smaller numeric only wordlist is not really a possibility?

I ran:

:/#statsgen Passwords.txt
results
[*]Advanced Masks:
[+]  ?d?d?d?d?d?d?d?l?d?l?d?d: 50% (1)
[+]  ?d?l?d?l?d?l?d?d?d?l?d?d: 50% (1)

:/#policygen --minlength=12 --maxlength=12 --minupper=0 --mindigit=8 --minlower=2 --minupper=0 --minspecial=0
results
[*]Total Masks:  16777216 Time: >1 year
[*]Policy Masks: 17941 Time: >1 year

:/#rulegen --verbose --password ENTERPASSWORD
results
[*]^2 so5 o3j ss4 sk3 se5 $c $7 $5
[*]^2 si5 i3j i44 i63 ss5 i84 so7 DB
[*]^2 i25 +3 i44 i63 ss5 i84 so7 DB
.... total 19 rules for password 1

:/#rulegen --verbose --password ENTERPASSWORD2
results
[*]^9 ^4 ^9 ^3 ^2 ^4 ^6 sa9 $9 $7
[*]^9 ^4 ^9 ^3 ^2 ^4 ^6 se9 $9 $7
[*]^9 ^4 ^9 ^3 ^2 ^4 ^6 si9 $9 $7
... total 5 rules for password 2