Skip to content

Instantly share code, notes, and snippets.

@roycewilliams

roycewilliams/hashcat-prince-infix-simulator.txt

Last active September 14, 2021 06:07
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save roycewilliams/18e3fb14b97cc05eb95a5645692bccc2 to your computer and use it in GitHub Desktop.
Save roycewilliams/18e3fb14b97cc05eb95a5645692bccc2 to your computer and use it in GitHub Desktop.
Download ZIP
hashcat-prince-infix-simulator.txt
Raw
hashcat-prince-infix-simulator.txt
----------------------------------------------------------------------
# Crude mechanism for short masks between two wordlists
# ( [wordlist][mask][wordlist] )
#
# * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
# NOTE: SUPERSEDED by combinatorX in hashcat-utils:
# https://github.com/hashcat/hashcat-utils/blob/master/src/combinatorX.c
# * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
#
# I use princeprocessor rather than combinator/combinator3 so that
# an arbitrary number of words can be used. Just adjust the
# min and max values to taste.
#
# Also doable with maskprocessor for some attacks:
# - https://hashcat.net/forum/thread-6239.html
# - https://hashcat.net/wiki/doku.php?id=rules_with_maskprocessor
----------------------------------------------------------------------
# Second attempt - no need to prepend a space in advance.
# If it's important to rank words by frequency for your attack,
# merge proportionally rather than sort/uniquing)
pp64 --elem-cnt-min=2 --elem-cnt-max=2 \
<(LC_ALL=C sort -u dict1 dict2 dict3 | 's/^/ /') \
| hasht -m 100 -a 0 hashes.txt -r prince-twoword-infix-simulator.rule
# See below for contents of prince-twoword-infix-simulator.rule. Adjust to taste.
# Don't forget that you can call -r more than once. Stack another set
# of rules to use more GPU capacity of needed.
----------------------------------------------------------------------
# First attempt:
# Prepend the word list with a single space.
$ cat google-10000-english-usa.txt | sed 's/^/ /g' > google-10000-english-usa.txt.prespace
# Visually verify. Note the prepended space and no appended space (EOL visually indicated by $)
$ head google-10000-english-usa.txt.prespace | cat -vE
the$
of$
and$
to$
a$
in$
for$
is$
on$
that$
# Ruleset with two actions:
# 1. Delete first character (should always be a space)
# 2. Replace all other spaces with a given character.
# Note: first rule only deletes first character, so that space is attempted.
$ cat prince-twoword-infix-simulator.rule
[
[ s !
[ s "
[ s #
[ s $
[ s %
[ s &
[ s '
[ s (
[ s )
[ s *
[ s +
[ s ,
[ s -
[ s .
[ s /
[ s :
[ s ;
[ s <
[ s =
[ s >
[ s ?
[ s @
[ s [
[ s \
[ s ]
[ s ^
[ s _
[ s `
[ s {
[ s |
[ s }
[ s ~
# Test.
$ pp64 --elem-cnt-min=2 --elem-cnt-max=2 google-10000-english-usa.txt.prespace | hashcat -m 100 -a 0 target-hashes.txt -r prince-twoword-infix-simulator.rule
hashcat (v3.30-155-g8743d75) starting...
OpenCL Platform #1: NVIDIA Corporation
======================================
* Device #1: GeForce GTX 970, 1017/4068 MB allocatable, 13MCU
* Device #2: GeForce GTX 970, 1017/4068 MB allocatable, 13MCU
* Device #3: GeForce GTX 970, 1017/4068 MB allocatable, 13MCU
* Device #4: GeForce GTX 970, 1017/4068 MB allocatable, 13MCU
* Device #5: GeForce GTX 970, 1017/4068 MB allocatable, 13MCU
* Device #6: GeForce GTX 970, 1017/4068 MB allocatable, 13MCU
Hashes: 4579032 digests; 4579032 unique digests, 1 unique salts
Bitmaps: 19 bits, 524288 entries, 0x0007ffff mask, 2097152 bytes, 5/13 rotates
Rules: 33
Applicable Optimizers:
* Zero-Byte
* Precompute-Init
* Precompute-Merkle-Demgard
* Early-Skip
* Not-Salted
* Not-Iterated
* Single-Salt
* Raw-Hash
Watchdog: Temperature abort trigger set to 90c
Watchdog: Temperature retain trigger disabled
INFO: Removed 2586055 hashes found in potfile
Starting attack in stdin mode...
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx:word1$word2
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx:word1%word3
Session..........: hashtest
Status...........: Exhausted
Hash.Type........: SHA1
Hash.Target......: target-hashes.txt
Time.Started.....: Thu Feb 16 10:46:53 2017 (6 secs)
Time.Estimated...: Thu Feb 16 10:46:59 2017 (0 secs)
Input.Base.......: Pipe
Input.Mod........: Rules (prince-twoword-infix-simulator.rule)
Speed.Dev.#1.....: 99941.2 kH/s (10.82ms)
Speed.Dev.#2.....: 100.0 MH/s (10.80ms)
Speed.Dev.#3.....: 79966.2 kH/s (7.13ms)
Speed.Dev.#4.....: 99024.6 kH/s (8.95ms)
Speed.Dev.#5.....: 84605.7 kH/s (8.91ms)
Speed.Dev.#6.....: 98232.7 kH/s (8.94ms)
Speed.Dev.#*.....: 561.8 MH/s
Recovered........: 2586088/4579032 (56.48%) Digests, 0/1 (0.00%) Salts
Recovered/Time...: CUR:N/A,N/A,N/A AVG:327,19632,471174 (Min,Hour,Day)
Progress.........: 2155164495
Rejected.........: 0
Restore.Point....: 0
Candidates.#1....: pension~campus -> indoor~transmit
Candidates.#2....: concerned~weeks -> roberts~campus
Candidates.#3....: podcast~heavily -> outlets~outlets
Candidates.#4....: qatar~orchestra -> suggested~weeks
Candidates.#5....: broker~transmit -> brokers~heavily
Candidates.#6....: stuff~rebecca -> pissing~stops
HWMon.Dev.#1.....: Temp: 63c Fan: 6% Util: 0% Core:1354Mhz Mem:3004Mhz Lanes:8
HWMon.Dev.#2.....: Temp: 63c Fan: 6% Util: 0% Core:1354Mhz Mem:3004Mhz Lanes:4
HWMon.Dev.#3.....: Temp: 63c Fan: 5% Util: 0% Core:1354Mhz Mem:3004Mhz Lanes:16
HWMon.Dev.#4.....: Temp: 61c Fan: 4% Util: 0% Core:1366Mhz Mem:3004Mhz Lanes:4
HWMon.Dev.#5.....: Temp: 66c Fan: 5% Util: 99% Core:1379Mhz Mem:3004Mhz Lanes:1
HWMon.Dev.#6.....: Temp: 62c Fan: 5% Util: 0% Core:1366Mhz Mem:3004Mhz Lanes:1
Started: Thu Feb 16 10:46:26 2017
Stopped: Thu Feb 16 10:47:00 2017
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment