[solved sort of] Some Rules questions with doubling and shifting.
#1
I have studdied the rules. I think I understand them. But I want to know if a couple things are possible. 

Is it possible to shift a dictionary like on John? E.g. Crack96 > cRACK(^

Also is it possible to double a password and shift it? E.g. Crack96 > Crack96cRACK(^

I figured it out with a little help from john
Here is the code on how to double a password list and shift the second half

First you need to add these lines to johns conf file make sure it's in the rules section
Code:
[List.Rules:shift]
S

Code:
paste -d "" dictionary1.txt <(john --stdout --wordlist=dictionary1.txt --rules=shift 2>/dev/null) | hashcat -a 0 -m xxxx hashfile.txt

this makes paste combine the original document to a duplicated shifted document and hashcat takes that and cracks with it.
This is different then doubling a password and upshifting specific characters as hashcat doesnt change the shift of numbers and special characters like john
I hope this helps people.

Now I'm trying to combinate a list and then taking that and doubling it and then shifting it. 
If I figure it out I'll have a way to make 8 characters doubled and shifted on the last half. This one has me stumped for now.

I figured it out. It's too late to write the whole code but here's a basic idea of it.
Code:
Paste -d "" <(hashcat -a 1 --session=1 dictionary1.txt dictionary1.txt) <(hashcat -a 1 --session=2 dictionary1.txt dictionary1.txt | tr 'characters symbols numbers' 'shifted characters symbols numbers') | hashcat -m xxxx --session=3 hash.txt
Hashcat combinates the list. 2 separate times. Paste combines em. And tr acts as the shifting of characters. It can get tricky with some special characters but for the 72 keyspace it's easy enough. This is a way to brute Force 6 or 7 or 8 character passwords that are then shifted and repeated. It slows down considerably due to many hashcats running. But with a few tweaks it is a way to do some neat stuff.
#2
This is sort of interesting. I haven't used John's rules enough to have been familiar with the S rule!

I see that it's not implemented in hashcat. Requesting that via a hashcat GitHub issue might be interesting. If there's a deliberate reason why S isn't supported in hashcat, it can at least be documented there.
~
#3
(01-26-2018, 08:13 AM)royce Wrote: This is sort of interesting. I haven't used John's rules enough to have been familiar with the S rule!

I see that it's not implemented in hashcat. Requesting that via a hashcat GitHub issue might be interesting. If there's a deliberate reason why S isn't supported in hashcat, it can at least be documented there.

I would like to see the ability to use the S rule AND the ability to apply rules to parts of passwords. Like 
d rule to double the password and then S rule to part of a password e.g.
d S{9-16}
So S is applied to characters 9-16
I'll try submitting it on the hashcat GitHub you speak of when I get a minute.
#4
Tying in the issue for the thread:

https://github.com/hashcat/hashcat/issues/1502
~
#5
I know this is hashcat, but i found a way to do it in john rules. If i could get hashcat to do it, oh man.

the rule for john is 
>1 M S X0M0 (this rule copys the word, then shifts it, then places the unshifted word at the beginning)
>1 M S X0MZ (this rule copys the word, then shifts it, then places the unshifted word at the end)