Bruteforce + rules
royce, I'm guessing too but from my point of view there shouldn't be any big differences between taking words from a dictionary/file or generating them internally and then apply the rules to them. So if the part of applying rules is done and works... chaining stuff together at Unix-style is to complicate the use of the tool without reasons. In my opinion that would improve the tool. I don't know if you think so...

epixoip, do you mean last royce's example?
Man, I thought I tried that and it didn't work. But I checked and it was failing for other syntax reasons.


$ cat double.rule

$ mp64 '$?a$?a' >append-aa.rule

$ head append-aa.rule
$ $
$ $!
$ $"
$ $#
$ $$
$ $%
$ $&
$ $'
$ $(
$ $)

$ echo 'hashcat'| hashcat --stdout -r append-aa.rule -r double.rule | head
hashcat  hashcat
hashcat !hashcat !
hashcat "hashcat "
hashcat #hashcat #
hashcat $hashcat $
hashcat %hashcat %
hashcat &hashcat &
hashcat 'hashcat '
hashcat (hashcat (
hashcat )hashcat )

$ mp64 '?a?a?a?a?a?a' | hashcat --stdout -r append-aa.rule -r double.rule | head

      !       !
      "       "
      #       #
      $       $
      %       %
      &       &
      '       '
      (       (
      )       )

Muuuch cleaner - thanks, epixoip.
Thank to both very much indeed. I have just tried it and works better than simply generate all of them with maskprocessor (in addition I was trying it on a notebook without a GPU, so the improving is better in relative terms).

$ mp64 ?a?a?a?a?a | hashcat hash.file -m0 -a0 -w3 -O -r double.rule
Speed.Dev.#1.....:  2371.9 kH/s (0.70ms)
Speed.Dev.#2.....:  3181.1 kH/s (5.72ms)

$ mp64.bin '?a?a?a' | hashcat hash.file -m0 -a0 -w3 -O -r append-aa.rule -r double.rule
Speed.Dev.#1.....: 15189.4 kH/s (34.03ms)
Speed.Dev.#2.....:   464.1 MH/s (86.00ms)

$ hashcat hash.file -m0 -a3 -w3 -O
Speed.Dev.#1.....: 108.7 MH/s (32.15ms)
Speed.Dev.#2.....: 10374.7 MH/s (64.40ms)

But it is still slow compared to a bruteforce attack (approx. 22 times slow). I mean the processing speed. Obviously in general it'll be quicker** than the bruteforce because the amount of possible words is being reduced exponentially.

** bf would take 95¹⁶H/(10374.7MH/s*60s/m*60m/h*24h/d*365d/y) = 1.34·10¹⁴ years and this hybrid attack only would take 95⁸H/(464.1MH/s*60s/m*60m/h*24h/d) = 165.4 days

Then the point is that if it was possible to use bruteforce attacks with rules directly, the speed could improve 22 times (more or less) reducing the total time to approx. 7 days (with my devices, of course).
You might try increasing the number of masks, to see if that improves performance.

But generally speaking, I suspect that full bruteforce has some attack-specific optimizations that make it pretty fast.
I think so because if you make a proof using a dictionary file you get a speed similar to that hybrid attack. So it could be another interesting reason to consider allowing the use of rules directly in bruteforce attacks (even though using that option it could become a little slower than without it) and thus improving the tool.

That is interesting for user as well as contests and competitions