Pls help - simple rule does not work!
#1
hashcat version: 4.2.1
==============

1st I try this:

hashcat64.exe -m 2500 -a 0 crackme.hccapx  "C:\WORDLISTS\simple.txt"

(where "simple.txt" contains only the word "password123")

Result: hash is cracked


Now I:
1) edit the "simple.txt" file and change "password123" to "password"
2) put a simple rule "$1$2$3" in a file named "TEST.rule" and execute:


hashcat64.exe -m 2500 -a 0 crackme.hccapx  "C:\WORDLISTS\simple.txt" -r rules\TEST.rule 

Result: not cracked

If I force hashcat to display what candidate(s) it creates/uses with:

hashcat64.exe  "C:\WORDLISTS\simple.txt" -r rules\TEST.rule  --stdout

The console displays:

password123
123


 yet the hash somehow fails to crack!

Any ideas?
#2
Hi,
Just to be sure : In you second attempt, you file simple.txt does well contain the plain "password", and not "password123" ? Otherwise applying the rule will create the candidate "password123123".

Besides, when you use --stdout you usually should leave apart the hash type (-m 2500)
#3
I edited my post to reflect your points (yes, you are right regarding the "--stdout" switch)
#4
what happens when you run
Code:
hashcat64.exe -m 2500 -a3 crackme.hccapx password123
?

Try the example hccapx file: https://hashcat.net/wiki/doku.php?id=example_hashes
#5
(09-18-2018, 05:06 PM)undeath Wrote: what happens when you run
Code:
hashcat64.exe -m 2500 -a3 crackme.hccapx password123
?

Try the example hccapx file: https://hashcat.net/wiki/doku.php?id=example_hashes


Just did.
These are the steps (I assumed the password is "hashcat") I performed:

1) edited the wordlist file as:  hashc
2) edited the rules file as: $a$t

Run and result: FAILURE

But then I populated the wordlist only with "hashcat" and removed the rule
Result: failure!!

So, what gives? Isnt the password for "hashcat.hccapx" the passpharse "hashcat" as noted at the top of the page? ("Unless otherwise noted, the password for all example hashes is hashcat.")
#6
as noted otherwise, the password for the example hccapx is "hashcat!" (with trailing exclamation mark)
#7
Ok, I just checked and indeed the password is "hashcat!"

(with wordlist "000.txt" containing "hashcat!" and no rule applied)
hashcat64.exe -m 2500 -a 0 hashcat.hccapx "C:\_WORDLISTS\000.txt"

And then I:

1) edited the wordlist file as: hashc
2) edited the rules file as: $a$t$!

hashcat64.exe -m 2500 -a 0 hashcat.hccapx "C:\_WORDLISTS\000.txt" -r rules\__xTEST.rule

Run and result: FAILURE again!

Running "hashcat64.exe "C:\_WORDLISTS\000.txt" -r rules\__xTEST.rule --stdout" outputs "hashcat!" so the work is correctly constructed BUT fails to work!

So? Can you please check and verify? Am I doing something wrong?
#8
your input word must be at least eight characters (before rule manipulation), otherwise it'll be skipped
#9
Really????
Are you sure? Is this somewhere documented?
If this is the case, why? Maybe because the minimum length for WPA is 8 chars and so the code first rejects BEFORE the rule is applied?
If yes, shouldnt the rule FIRST be applied and then presented to the code to be tested?

In my opinion this is a serious problem as possibilities to retrieve passwords are lost.
If for example I know the first 6 characters and would like to apply a rule which would append at the end a range of 0-99999 how should I do it?

Furthermore, does this limitation also apply to wordlist combinations?
What if for example the password is "happyday" and wordlst #1 contains "happy" and wordlist #2 the word "day"? Does the combination of both wordlists crack or no the hash? (since each word is LESS than 8 chars?)
#10
(09-19-2018, 12:18 AM)john2014 Wrote: If this is the case, why? Maybe because the minimum length for WPA is 8 chars and so the code first rejects BEFORE the rule is applied?
exactly

(09-19-2018, 12:18 AM)john2014 Wrote: Furthermore, does this limitation also apply to wordlist combinations?

yes

(09-19-2018, 12:18 AM)john2014 Wrote: In my opinion this is a serious problem as possibilities to retrieve passwords are lost.
If for example I know the first 6 characters and would like to apply a rule which would append at the end a range of 0-99999 how should I do it?

The problem was recently discussed in this thread: https://hashcat.net/forum/thread-7774.html
philsmd also posted a workaround (first post on page2)