Posts: 6
Threads: 2
Joined: Nov 2017
I am very new to Hashcat so Im not surprised if this is a dumb question but...
How would I go about making an attack that would do something like
XwordXwordXwordX...
Repeated on an on.
I would want the Xs to be replaced by ?a
And I would want the words to be replaced by words from a wordlist that would also have rules put through them like capitalize all, leet speak, and or anything?
Thanks
Posts: 2,267
Threads: 16
Joined: Feb 2013
one approach could be to create multiple rules (see
https://hashcat.net/wiki/?id=rule_based_attack) each one of those rules prepends one single/different character (and does the other manipilation to the word that you intend to do) and duplicate the word x times.
Examples:
Code:
^a p2
^b p2
^c p2
...
^z p2
^A p2
^B p2
^C p2
...
^Z p2
^0 p2
...
It's no problem to use several different rules to generate all your password candidates and to cover all the keyspace.
Since you seem to need to use rules anyways (because you want to do some capitalization etc), this would be the most straightforward approach.
You could even use (if needed) the multi-rule feature of hashcat (see
https://hashcat.net/wiki/?id=rule_based_...ulti-rules) that allows you to do the first manipulation of the word (e.g. capitalization) in one rule file and add a second "-r" parameter that does the prepend and duplicate/multiplicate rules, e.g.:
-r first_manipulation.rule -r prepend_duplicate.rule
BTW: you could also use maskprocessor to generate the prepend rules, e.g.
mp64 "?a p2" > prepend_duplicate.rule
Posts: 6
Threads: 2
Joined: Nov 2017
11-16-2017, 07:40 PM
(This post was last modified: 11-16-2017, 07:40 PM by Technologyman00.)
(11-16-2017, 10:09 AM)philsmd Wrote: one approach could be to create multiple rules (see https://hashcat.net/wiki/?id=rule_based_attack) each one of those rules prepends one single/different character (and does the other manipilation to the word that you intend to do) and duplicate the word x times.
Examples:
Code:
^a p2
^b p2
^c p2
...
^z p2
^A p2
^B p2
^C p2
...
^Z p2
^0 p2
...
It's no problem to use several different rules to generate all your password candidates and to cover all the keyspace.
Since you seem to need to use rules anyways (because you want to do some capitalization etc), this would be the most straightforward approach.
You could even use (if needed) the multi-rule feature of hashcat (see https://hashcat.net/wiki/?id=rule_based_...ulti-rules) that allows you to do the first manipulation of the word (e.g. capitalization) in one rule file and add a second "-r" parameter that does the prepend and duplicate/multiplicate rules, e.g.:
-r first_manipulation.rule -r prepend_duplicate.rule
BTW: you could also use maskprocessor to generate the prepend rules, e.g.
mp64 "?a p2" > prepend_duplicate.rule
I Realized that I weirdly worded my question
What would I do if I want the Xs and Words to be different and not the same?
Posts: 2,267
Threads: 16
Joined: Feb 2013
11-17-2017, 01:52 PM
(This post was last modified: 11-17-2017, 01:53 PM by philsmd.)
I think that would quickly result in way too many combinations/password candidates.
It of course depends on how small your wordlist is.
If the wordlist is very small you could for instance just generate ?a[word] with the --stdout option of hashcat
Code:
hashcat --stdout -a 7 -o dict_with_1_char_appended.txt ?a dict.txt
and later on use combinator or combinator3 and e.g. pipe it into hashcat (or if very small even generate a new dict out of it).
If the source dictionary is very large, it might soon get infeasible to try each and every word combined with each other and furthermore append a random byte before each word.
