Skip to content

Rule for hashcat or john. Aiming to crack how people generate their password

Notifications You must be signed in to change notification settings

clem9669/hashcat-rule

Repository files navigation


Logo

Hashcat-rules

Crack people's passwords with rules (hashcat & john)

Check out my wordlist project at: https://github.com/clem9669/wordlists

Introduction

I use hashcat (https://github.com/hashcat/hashcat/). Rule are supposed to be compatible for john and hashcat or others.

3 rules exists to adapt to hashing algorithm speed. Large for fast hash algorithms like MD5/NTLM/MySQL3. Small for slow hash algorithms like bcrypt.

This was for basic coverage of passwords for non-educated people who only add 1 letter, 1 digit, 1 punctuation, 1 digit+punctuation, 2 digits+punctuation or a year or some other famous tricks (ex: p@$$w0rd) to their password.

📣 Update: I have extended these rules to be more than just that. 📣

Running rules

I have removed casing in Large & Medium. Please run as: -r toggle-case.rule -r clem9669_big.rule

The Big rule is :

The medium is mine.

The small is only adding 1 character (start & end) with toogle cases. Its purpose is to be combined with others rules as: -r clem9669_big.rule -r clem9669_small.rule or to be used as is with low rate cracking algorithms.

Rules size

$ wc -l *.rule
      19 clem9669_case.rule
 4091517 clem9669_large.rule
  179552 clem9669_medium.rule
     386 clem9669_small.rule
    5715 emojis.rule
 4277189 total

Write your own rules

This is the only thing you need to write your rules : https://hashcat.net/wiki/doku.php?id=rule_based_attack

I recommend using clem9669_small as a reference to start understanding how to write rules.

Why another

There are already some really good rules out there but best64 is too small and bigger ones might be too big with too many random things when targeting a certain language like french.

I wanted to make my own and I feel better using mine now. My rules are not random rules in clem9669_medium.

Moreover getting your hands dirty gives you a better understanding of what you're doing.

Saving which rules matched

This becomes handy especially in combination with the rules generator but also for statistical analysis of your rule sets.

To save any rule that generated a matched password, use these switches:

--debug-mode=4 --debug-file=matched.rule

This will save the matched rule on every match, so the resulting rule file might contain many duplicate rules.

At high rates of cracking per second, this may slow down cracking a little bit. At lower rates of cracking per second, the impact is probably negligible.

Testing and ouputing rules

With hashcat we can debug our rules easily. This means we can verify that the rule we wrote actually does what we want it to do. All you need to use is the --stdout switch and omit the hashlist.

hashcat -r clem9669_large.rule --stdout password

See sample password_ruled.txt

What I have done :

Input= password Please see a output example for clem9669_large.rule in password_ruled.txt !!

Almost exhaustive list of rules:

Action performed Rule Output
Swaps first two characters k
Swaps last two characters K
Duplicate entire word d
Various substitutions s
Title case e
Add 1 at the end (printable) Script python
Add 2 digits Script python
Add 1 digit + 1 punctuation Script python
Add 2 digits + 1 punctuation Script python
Add 1 character at the end (printable) with capitalize the first letter Script python
Add 2 digits with capitalize the first letter Script python
Add 1 digit + 1 punctuation with capitalize the first letter Script python
Add 2 digits + 1 punctuation with capitalize the first letter Script python
Add 1 punctuation + 1 digit Script python
Add 1 punctuation + 2 digits Script python
Add 1 punctuation + 1 digit with capitalize the first letter Script python
Add 1 punctuation + 2 digits with capitalize the first letter Script python
Add all years from 1900 to 2099 Script python
Add all years from 1900 to 2099 with ! at the end Script python
Add all years from 1900 to 2099 with capitalize the first letter Script python
Add all years from 1900 to 2099 with ! at the end with capitalize the first letter Script python
Add all caps character at the end (printable) See rule
Add all caps character + years from 1900 to 2099 See rule
Add all caps character + years from 1900 to 2099 with ! at the end See rule
Add all caps character + 1 digit See rule
Add all caps character + 1 digit + 1 punctuation See rule
Add famous number See rule
Add famous number all caps See rule
Add high frequency overwrite See rule
Add high frequency prepend See rule
Add high frequency overwrite at start See rule
Leetify See rule
Preappend top 100 prenoms See rule
Preappend top adverbs See rule
Preappend top verbs See rule
Preappend top adjectives See rule
Preappend top 100 prenoms with capitalize the first letter See rule
Preappend top adverbs with capitalize the first letter See rule
Preappend top verbs with capitalize the first letter See rule
Preappend top adjectives with capitalize the first letter See rule
Tmesis keyword (app/sec/api/secret/db/srv/...)
Tmesis characters
Tmesis names
Connexion strings (rdp://, ssh://, ftp://,...)

AND MORE!!