multiple dictionaries in hashcat
#11
(01-08-2012, 03:09 PM)Kgx Pnqvhm Wrote: I'm just a home hobbyist who dabbles with this,

I am surprised to read that, you are one of the more interesting posters on this forum. I was very interested in your ideas about word lists a while back, we have a similar view on them.

(01-08-2012, 03:09 PM)Kgx Pnqvhm Wrote: I look at all the various cracking software out there, to collect ideas, from their web sites and manuals, to see how to do the same with the hashcats,

This is very helpful and I appreciate your efforts. Please check the wiki here and if you think hashcat is missing anything else useful then please post it !

Have you any thoughts on password mutilations / rules ? Atom has provided a pretty comprehensive list of rules available to us and I have made a rule suggestion but I am very interested to know if you have any other ideas.
#12
For me, hash cracking is an entertainment, like a chess game.
The fun is the art and science of making wordlists and rules.

The KoreLogic rules, along with Rick Redman's slide show explaining the ideas behind them, are a good starting point. I track how many mangles each produces, as a gauge to how long they take to run, so the quick rules can be run first, and the longer rules can be run later.
#13
So what have you found so far? Would you mind sharing your current best practice?
#14
(01-09-2012, 02:20 AM)Kgx Pnqvhm Wrote: For me, hash cracking is an entertainment, like a chess game.
The fun is the art and science of making wordlists and rules.

The KoreLogic rules, along with Rick Redman's slide show explaining the ideas behind them, are a good starting point. I track how many mangles each produces, as a gauge to how long they take to run, so the quick rules can be run first, and the longer rules can be run later.
Interesting stuff !

I have managed to make my lists very small now by removing the “elaborations” and using only base words. Now that hashcat’s rules are so comprehensive I am able to cover more ground with much less !

At first I made lists of mutilations by cutting the first and last characters from many password lists. I went 1,2 and 3 deep at either end. When I removed the duplicates from these test rules I noticed that there are very few mutilations made to passwords. I am sure you are aware of the most common, 123, 007, 666 etc.

I am at the moment trying to make up to 15 toggle rules (without much luck so far) so I can modify more precisely. When or if I manage to make them I will of course share them here.

Another area you may be interested in is my next project, keyboard patterns. When people pad with qwerty or zxcvb etc. These are good prefix / suffix padding’s around base words.

Nicknames are my next target, I want to try to collect as many user / nick names as possible as I believe some of them make good password candidates themselves.

If the table lookup attack can ever be made to work with hashcatplus then we have a massively powerful “leet” tool which will be fantastic when used with these base words.

Nice to know we have you scouting the internet looking for ideas for hashcat !

#15
What I was going to try next, since the hashcats will only support two dictionaries, is try to recast some KoreLogic type rules into the left and right side model like in the older oclhashcat. E.g., for an "append four digits" rule, have the left side be the dictionary word and the right side be the mask ?d?d?d?d, to be an equivalent rule. Then since each side can have both a rule and a dictionary, that would mean two dictionaries and two rules, yielding four areas to work with. (I never used the olchhascat, so need to see how to do al this in the 'plus version.) A max total of 15 characters would be enough to find a lot of usual passwords.

What put me off in the past was seeing somewhere that the input dictionary length is only 7 characters, so a regular hashcat rule for an input word of 9 characters, that truncates the last 3 characters, then appends 4 digits, wouldn't work.

(Where is the wiki page that shows the left/right dictionary input limit per algorithm?)

And I also just noticed that oclHashcat-lite doesn't have a program limit of 15, but a per-algorithm limt of up to 55, for a lot of them.

Edit, reading more about 'plus replacing oclhc, I now see where atom wrote:
"There is no more thing called right- and left-side of the mask. The new oclHashcat-plus automatically calculates the most efficient split. This will hopefully make it easier especially for the new users."

So is there a length limit for the dictionary per algorithm, or is it the 15 per the program?

And that a rule given on the command line can't be applied to a dictionary in a hybring attack (those modes 6 and 7)?
#16
(01-10-2012, 09:47 PM)Kgx Pnqvhm Wrote: So is there a length limit for the dictionary per algorithm, or is it the 15 per the program?

The maximum length supported by all algorithms is 15. The only algorithms specific difference on where the password plain is generated. Is it on CPU, the result is skipped. Is it on GPU, it is truncated.

(01-10-2012, 09:47 PM)Kgx Pnqvhm Wrote: And that a rule given on the command line can't be applied to a dictionary in a hybring attack (those modes 6 and 7)?

No