Table of Contents

Combinator Attack

In the combinator attack built into hashcat (-a 1), two dictionaries are “combined” - each word of a dictionary is appended to each word in another dictionary.

You need to specify exactly 2 dictionaries in your command line: e.g. 

./hashcat -m 0 -a 1 hash.txt dict1.txt dict2.txt

Hashcat sometimes refers to the first dictionary specified on the command line as the “left” file, and the second dictionary as the “right” file.

Simple Example

If dict1.txt contains: 

pass
12345
omg
Test

… and dict2.txt contains: 

alice
bob
cat
dog

… then with the command line above, hashcat will create the following password candidates: 

passalice
passbob
passcat
passdog
12345alice
12345bob
12345cat
12345dog
omgalice
omgbob
omgcat
omgdog
Testalice
Testbob
Testcat
Testdog

You can also simply use the same dictionary twice: 

./hashcat -m 0 -a 1 hash.txt dict1.txt dict1.txt

… which would produce: 

passpass
pass12345
passomg
passTest
12345pass
1234512345
12345omg
12345Test
omgpass
omg12345
omgomg
omgTest
Testpass
Test12345
Testomg
TestTest

Applying rules to dictionaries

If you wish to add rules – to either the left (first) or right (second) dictionary, or both at once – then you can use the -j and -k commands: 

  -j,  --rule-left=RULE              Single rule applied to each word on the left dictionary

  -k,  --rule-right=RULE             Single rule applied to each word on the right dictionary

(Note that you can only specify a single sequence of rules to each, not a file/list of many rules.)

For example, with these inputs:

Dictionary 1 

yellow
green
black
blue

Dictionary 2 

car
bike

… and these rules commands: 

-j '$-' -k '$!'

… the output would be: 

yellow-car!
green-car!
black-car!
blue-car!
yellow-bike!
green-bike!
black-bike!
blue-bike!

Note: the quotes around the rules are only there to escape the $ character, which would otherwise cause $- to be interpreted as a variable in some command shells. The rules that are used here are still just $- and $!. Escaping might not work exactly the same way on each operating system and with each shell interpreter (if you are unsure about what needs to be escaped and how it should be escaped, please consider looking up your OS and/or shell interpreter manual).

Base and Mod

You may see that one of your dictionaries is shown in hashcat's status as the “base” (the core basis of the attack), and the other as the “mod” (a “modifier” of the attack being applied). Hashcat dynamically decides internally which one is which for efficiency, depending on relative size of the files. This is not something that the user can influence, and has no effect on the output (just on speed).

Except where otherwise noted, content on this wiki is licensed under the following license: Public Domain