Bruteforce RAR3 with repeated password

[RARcheologist]

I am trying to bruteforce a RAR3 file with a repeating password

Let's say the password is abc$1abc$1

I want to bruteforce the abc$1 part and duplicate it.

For a simple password like abc$1, this works:

hashcat.exe -m 12500 -a3 hash ?l?l?s?d

But what if I want to bruteforce using only duplicates of ?l?l?s?d, like aaa!1aaa!1 or zzz=0zzz=0, how do I do it?

I tried creating a duplicate.rule with just a d in it, but it won't allow me to use rules in brute force mode.

Any help is appreciated!

[undeath]

The easiest solution would be using stdin.

hashcat --stdout -a3 ?l?l?l?s?d | hashcat -m 12500 hash -j d

[RARcheologist]

Cheers, that works!

[RARcheologist]

How would I do triples like abc$1abc$1abc$1?

[undeath]

See https://hashcat.net/wiki/doku.php?id=rule_based_attack for all available rules

[RARcheologist]

See https://hashcat.net/wiki/doku.php?id=rule_based_attack for all available rules

I see, so just use p2 instead of d then.

Hopefully my last question:

When using hashcat nested this way, where do I put the session command?


hashcat --session session1 --stdout -a3 ?l?l?l?s?d | hashcat -m 12500 hash -j d

or

hashcat --stdout -a3 ?l?l?l?s?d | hashcat --session session1 -m 12500 hash -j d

or do I need a session in either, and then do I restore both sessions with

hashcat --session session1 --restore

or

hashcat --session session1 --restore | hashcat --session session2 --restore


Thanks a lot!

[undeath]

You cannot use sessions for resuming when using stdin. In your case it might be more practical to save the generated wordlist on your drive.