Rules rules rules!
#1
I've read as much as i dare regarding rules, and i'm not sure how i am to apply it to my usage scenario...

I think it's more than rules, it's more constructing the required command with the right files...

Say for instance, i have a password that i know HAS the following in it;

LAD
BYE

and MAY have the following in it, located at the start;

m@1d

And MAY contain these combos located anywhere

ABC
NET
KAL

- I'm having trouble understanding how to implement this into hashcats world...

Would anyone care to assist?
#2
for a start, here is the article about rules: https://hashcat.net/wiki/doku.php?id=rule_based_attack

The rules you need to accomplish what you are looking for are
  • the insert rule (i)
  • the prepend rule (^)

prepend rule is easy: reverse the word you want to prepend and then use the prepend rule for every character, ie ^d^1^@^m

the procedure for inserting a substring is very similar. You need to create an individual rule for every position you want to insert the substring like this:
i2D i2A i2L will insert "LAD" after the second character of the word.

After you've done that you need to create all needed combinations of the rules you have.
#3
(02-10-2018, 02:52 PM)undeath Wrote: for a start, here is the article about rules: https://hashcat.net/wiki/doku.php?id=rule_based_attack

The rules you need to accomplish what you are looking for are
  • the insert rule (i)
  • the prepend rule (^)

prepend rule is easy: reverse the word you want to prepend and then use the prepend rule for every character, ie ^d^1^@^m

the procedure for inserting a substring is very similar. You need to create an individual rule for every position you want to insert the substring like this:
i2D i2A i2L will insert "LAD" after the second character of the word.

After you've done that you need to create all needed combinations of the rules you have.

Thanks for your explanation - I'd read the rules based attack page, but it didn't provide much beyond listing what it can do. You've made it sound pretty simple... Albeit tedious when you don't know where things should go (shouldnt have forgotten my password.....)

How many permutations is feasible with current CPU hardware (as i own AMD GPU's which won't work for Eth)?
#4
Well, that will mostly depend on the size of your wordlist. Assuming passwords of up to 10 characters (before rules), you have

[positions of LAD]*[positions of BYE]*[possibilities for m@1d]*[positions of ABC]*[positions of NET]*[positions of CAL] = 11*11*2*12*12*12 = 418176 rules

Depending on your GPU speed for the algorithm in question and the size of your wordlist you can easily calculate how long such an attack would take.