Making Custom list for cracking

Note that increasing password length increases cracking duration by exponential time, while increasing password complexity (charset) only increases cracking duration by polynomial time.

This implies that a password policy encouraging longer passwords is more robust against cracking, compared to a password policy that encourages more-complex passwords.

Using Custom rule for cracking password is also known as rule-based attack.

Just for Demo purpose, Let's make wordlist from rockyou.txt wordlist.

# Run below commad.
# We are using sed to remove the numeric value from the list.
head /usr/share/wordlists/rockyou.txt > demo.txt ; sed -i '/^1/d' demo.txt ; cat demo.txt

Making Custom rule for password cracking

Step 1: Password list ready ?

Make list of possible passwords

We will need different list of password for different different engagement. So, Make list first.

For this Learning purpose, I will be using demo.txt (Which i made using command above).

Step 2: Making rule

Make Rule list.

Use above link to check for functions to make list.

Example of list:

# This rule will append "1" at the end of the every password in the list.
echo '$1' > demo.rule

Always use single quotes (') or a backslash (\) so that special characters are echoed into the text file as intended and not interpreted by the shell.

Each rule line is applied to each entry in the password list. If you add multiple rules in separate lines, each line will apply a different modification to the password list. If you put multiple rules in a single line, all the modifications in that line will apply to each password in sequence.

# Example to Demonstrate each line concept:

#  One rule per line (demo1.rule)
kali@kali:~/passwordattacks$ cat demo1.rule     
$1 c

# You can see both rule if writen in same line is applied to Same password at the same time.
kali@kali:~/passwordattacks$ hashcat -r demo1.rule --stdout demo.txt
Password1
Iloveyou1
Princess1
Rockyou1
Abc1231

# Multiple rules in separate lines (demo2.rule)
kali@kali:~/passwordattacks$ cat demo2.rule   
$1
c

# You can see both rule if writen in different line is applied to Same password one by one.
kali@kali:~/passwordattacks$ hashcat -r demo2.rule --stdout demo.txt
password1
Password
iloveyou1
Iloveyou
princess1
Princess

# Example to Demonstrate Sequence of rule written also matters:
kali@kali:~/passwordattacks$ cat demo1.rule     
$1 c $!

kali@kali:~/passwordattacks$ hashcat -r demo1.rule --stdout demo.txt
Password1!
Iloveyou1!
Princess1!
Rockyou1!
Abc1231!

kali@kali:~/passwordattacks$ cat demo2.rule   
$! $1 c

kali@kali:~/passwordattacks$ hashcat -r demo2.rule --stdout demo.txt
Password!1
Iloveyou!1
Princess!1
Rockyou!1
Abc123!1

# From above you can see order of placing the rule function determines the order of word which

Step 3: Checking listing

Check the list of passwords with newly created rule.

hashcat -r demo.rule --stdout demo.txt

Step 4: Using rule in Hashcat or john the ripper.

Using Rule with hashcat

If you want to use rule with Hashcat. It is very simple.

# Below is example:
hashcat -m 0 crackme.txt /usr/share/wordlists/rockyou.txt -r demo3.rule --force

# '-r' is used to specify the rule.

Buit-in Rule list can be found in below location:

ls -la /usr/share/hashcat/rules/

Using Rule with John the ripper

# Initial Rule:
(echo 'c $1 $3 $7 $!' ; echo 'c $1 $3 $7 $@' ; echo 'c $1 $3 $7 $#') > demo5.rule

┌──(kali㉿kali)-[/tmp/temp_workspace]
└─$ cat demo5.rule
c $1 $3 $7 $!
c $1 $3 $7 $@
c $1 $3 $7 $#

# To use this rule with john we need to make some changes.
# we need to add a name for the rules and append them to the /etc/john/john.conf configuration file.
# Syntax:
# [List.Rules:<RuleName>]
# Example:
┌──(kali㉿kali)-[/tmp/temp_workspace]
└─$ sed -i '1i[List.Rules:sshRules]' demo5.rule

┌──(kali㉿kali)-[/tmp/temp_workspace]
└─$ cat demo5.rule
[List.Rules:sshRules]
c $1 $3 $7 $!
c $1 $3 $7 $@
c $1 $3 $7 $#

# After adding Rule name. Send this to /etc/john/john.conf file.
┌──(kali㉿kali)-[/tmp/temp_workspace]
└─$ sudo sh -c 'cat demo5.rule >> /etc/john/john.conf'
[sudo] password for kali:

┌──(kali㉿kali)-[/tmp/temp_workspace]
└─$ tail -n 4 /etc/john/john.conf

[List.Rules:sshRules]
c $1 $3 $7 $!
c $1 $3 $7 $@
c $1 $3 $7 $#

# We can see list is added. Now we can Use john to crack ssh key using made rule.
# Example:
john --wordlist=ssh.passwords --rules=sshRules ssh.hash

PreviousIdentifying Type of hash NextKeepass Database

Last updated 1 year ago