A bit of an issue with rules.
#1
I have a wordlist that contains several 5 char words using it as a test password dictionary, all lower case.
I have a WPA .cap (from airodump) file for my AP that has been converted to .hccapx (via website)
I have a rule file that contains simply c $6 $6 $6

if I run:
/usr/local/bin/hashcat -a 0 -m 2500 /home/Andy/Desktop/11776_1581445165.hccapx /home/Andy/Desktop/000.txt -r /home/Andy/Desktop/my.rule

I get:
Session..........: hashcat                     
Status...........: Exhausted
Hash.Type........: WPA-EAPOL-PBKDF2
Hash.Target......: Ap3301 (asdfasdfasdfasdfasdf)
Time.Started.....: Tue Feb 11 13:36:11 2020 (0 secs)
Time.Estimated...: Tue Feb 11 13:36:11 2020 (0 secs)
Guess.Base.......: File (/home/Andy/Desktop/000.txt)
Guess.Mod........: Rules (/home/Andy/Desktop/my.rule)
Guess.Queue......: 1/1 (100.00%)
Speed.#1.........:        0 H/s (0.00ms) @ Accel:128 Loops:32 Thr:64 Vec:1
Recovered........: 0/1 (0.00%) Digests, 0/1 (0.00%) Salts
Progress.........: 3/3 (100.00%)
Rejected.........: 3/3 (100.00%)
Restore.Point....: 3/3 (100.00%)
Restore.Sub.#1...: Salt:0 Amplifier:0-0 Iteration:0-32
Candidates.#1....: [Copying]
Hardware.Mon.#1..: Temp: 52c Fan:  0% Util:  0% Core:1410MHz Mem:6801MHz Bus:16

Note: if I run it with --stdout it does show the rules applied and thus my password.
also if ran as -a 3 -w 2500, no rule file and the *correct* password inside the dictionary file it does indeed find it correctly.
Reply
#2
That's exactly how it should be (see Rejected.........: 3/3). If you want the rules applied before the contraint check use -S.
Reply
#3
(02-11-2020, 09:50 PM)atom Wrote: That's exactly how it should be (see Rejected.........: 3/3). If you want the rules applied before the contraint check use -S.

Thats what I was missing, thank you very much.

One question, when would rules being applied after the check be useful?  I kind of assumed that with rules would be applied before the check by default, and yeah, I'm still learning Smile
Reply
#4
(02-11-2020, 09:56 PM)wheelies Wrote: One question, when would rules being applied after the check be useful?

When speed is a priority.
Reply
#5
Thanks.  It seems there would be no need to use the -r without the -S then for the actual decoding.  I'll assume its for piping into a another program or its self I guess. Or perhaps there are rule/options that could use it that I dont know of.
Reply