rules file support in attack mode 3
#1
Smile 
I can use command like this to bruteforce hash

Code:
hashcat64.exe  -a 3 -m 0 ed2b1f468c5f915f3f1cf75d7068xxxx ?d?d?d?d?d?d?d?d
But how can I let the hashcat know that the first four ?d?d?d?d are the  same as the last four ?d?d?d?d (For example, password like: 12341234,23452345)

Is there anyone know how  to modify the hashcat source  to support new masks like: ?d?d?d?d -r d ,which means ?d?d?d?d?d?d?d?d but the first four ?d?d?d?d are always the same as the last four ?d?d?d?d.(It is something like a Rule-based Attack,but I want the rule to support bruteforce attack,attack mode 3) Is it easy or not? And which part of the code should we focus on?
Reply
#2
You can run two instances of hashcat and pipe the output of the first as input to the second while using the prepend rules on the first and the append rules on the second.
Reply
#3
(02-13-2018, 10:39 AM)atom Wrote: You can run two instances of hashcat and pipe the output of the first as input to the second while using the prepend rules on the first and the append rules on the second.

I found a similar discussion here
https://hashcat.net/forum/thread-7038.html
Is there any better solutions? More faster?
Reply
#4
If the keyspace of the mask that you want to duplicate is very slow (as in your case just 10000 password candidates), you could just store these password candidates to a dictionary file and use the dictionary and the duplicate rule in hashcat.

e.g.
Code:
hashcat --stdout -a 3 ?d?d?d?d > dict.txt
(or use maskprocessor instead)

and
Code:
hashcat -m 0 -w 4 -r duplicate.rule hash.txt dict.txt
where the file duplicate.rule contains the duplicate rule (d)
Reply
#5
(02-15-2018, 10:30 AM)philsmd Wrote: If the keyspace of the mask that you want to duplicate is very slow (as in your case just 10000 password candidates), you could just store these password candidates to a dictionary file and use the dictionary and the duplicate rule in hashcat.

e.g.
Code:
hashcat --stdout -a 3 ?d?d?d?d > dict.txt
(or use maskprocessor instead)

and
Code:
hashcat -m 0 -w 4 -r duplicate.rule hash.txt dict.txt
where the file duplicate.rule contains the duplicate rule (d)
For small keyspace,this can work.But I want to find a way that can support very large keyspace and the speed can be even as fast as the bruteforce attack since the dictionary attack still has too many limitations on disk space and speed .
Reply
#6
if your keyspace is small or dictionary is small, then it doesn't really matter if you put it in a dictionary or use a piped option.

i've been struggling with very similar issues as you.

John can have a rule such as:
M X0MZ
to repeat the entire word.

hashcat has the rule d to duplicate it.

either one will repeat your four characters.

If you're on linux, you can make masks with hashcat or crunch.
hashcat -a 3 --stdout ?d?d?d?d
or
crunch 4 4 1234567890

then pipe these into hashcat with the rule file that has d

however 8 character passwords of all digits on even the simplest hardware only takes a few moments.

however due to these methods, there are no "fast" ways when you have to create all these crazy adjustments.

This is where you have to start thinking like your passwords. and using educated rules and guesses. as a pen tester i had to do this to 16 character passwords, and it was very very time consuming. but an 8 digit number repeated twice shouldn't take but maybe 5 mins. as digits are very easy to crack.

You're better off asking more precisely what type of passwords you are looking for and we can help you with the fastest method possible.
Reply
#7
(02-24-2018, 10:55 PM)Skwerl23 Wrote: if your keyspace is small or dictionary is small, then it doesn't really matter if you put it in a dictionary or use a piped option.

i've been struggling with very similar issues as you.

John can have a rule such as:
M X0MZ
to repeat the entire word.

hashcat has the rule d to duplicate it.

either one will repeat your four characters.

If you're on linux, you can make masks with hashcat or crunch.
hashcat -a 3 --stdout ?d?d?d?d
or
crunch 4 4 1234567890

then pipe these into hashcat with the rule file that has d

however 8 character passwords of all digits on even the simplest hardware only takes a few moments.

however due to these methods, there are no "fast" ways when you have to create all these crazy adjustments.

This is where you have to start thinking like your passwords. and using educated rules and guesses. as a pen tester i had to do this to 16 character passwords, and it was very very time consuming. but an 8 digit number repeated twice shouldn't take but maybe 5 mins. as digits are very easy to crack.

You're better off asking more precisely what type of passwords you are looking for and we can help you with the fastest method possible.

In fact,I just want to find a better solution to make hashcat support rule files on bruteforce attack.Repeat the password twice is one kind of situation .Use pipe or dictionary to support this is just too slow.Thanks anyway.
Reply