roycewilliams/hashcat-prince-infix-simulator.txt

## hashcat-prince-infix-simulator.txt
----------------------------------------------------------------------
# Crude mechanism for short masks between two wordlists
# ( [wordlist][mask][wordlist] )
#
# I use princeprocessor rather than combinator/combinator3 so that
# an arbitrary number of words can be used. Just adjust the
# min and max values to taste.
#
# Also doable with maskprocessor for some attacks:
# - https://hashcat.net/forum/thread-6239.html
# - https://hashcat.net/wiki/doku.php?id=rules_with_maskprocessor

----------------------------------------------------------------------
# Second attempt - no need to prepend a space in advance.
# If it's important to rank words by frequency for your attack,
# merge proportionally rather than sort/uniquing)

pp64 --elem-cnt-min=2 --elem-cnt-max=2 \
    <(LC_ALL=C sort -u dict1 dict2 dict3 | 's/^/ /') \
    | hasht -m 100 -a 0 hashes.txt -r prince-twoword-infix-simulator.rule

# See below for contents of prince-twoword-infix-simulator.rule. Adjust to taste.
# Don't forget that you can call -r more than once. Stack another set
# of rules to use more GPU capacity of needed.
----------------------------------------------------------------------
# First attempt:

# Prepend the word list with a single space.
$ cat google-10000-english-usa.txt | sed 's/^/ /g' > google-10000-english-usa.txt.prespace

# Visually verify. Note the prepended space and no appended space (EOL visually indicated by $)
$ head google-10000-english-usa.txt.prespace | cat -vE
 the$
 of$
 and$
 to$
 a$
 in$
 for$
 is$
 on$
 that$

# Ruleset with two actions:
# 1. Delete first character (should always be a space)
# 2. Replace all other spaces with a given character.
# Note: first rule only deletes first character, so that space is attempted.
$ cat prince-twoword-infix-simulator.rule
[
[ s !
[ s "
[ s #
[ s $
[ s %
[ s &
[ s '
[ s (
[ s )
[ s *
[ s +
[ s ,
[ s -
[ s .
[ s /
[ s :
[ s ;
[ s <
[ s =
[ s >
[ s ?
[ s @
[ s [
[ s \
[ s ]
[ s ^
[ s _
[ s `
[ s {
[ s |
[ s }
[ s ~

# Test.
$ pp64 --elem-cnt-min=2 --elem-cnt-max=2 google-10000-english-usa.txt.prespace | hashcat -m 100 -a 0 target-hashes.txt -r prince-twoword-infix-simulator.rule

hashcat (v3.30-155-g8743d75) starting...

OpenCL Platform #1: NVIDIA Corporation
======================================
* Device #1: GeForce GTX 970, 1017/4068 MB allocatable, 13MCU
* Device #2: GeForce GTX 970, 1017/4068 MB allocatable, 13MCU
* Device #3: GeForce GTX 970, 1017/4068 MB allocatable, 13MCU
* Device #4: GeForce GTX 970, 1017/4068 MB allocatable, 13MCU
* Device #5: GeForce GTX 970, 1017/4068 MB allocatable, 13MCU
* Device #6: GeForce GTX 970, 1017/4068 MB allocatable, 13MCU

Hashes: 4579032 digests; 4579032 unique digests, 1 unique salts
Bitmaps: 19 bits, 524288 entries, 0x0007ffff mask, 2097152 bytes, 5/13 rotates
Rules: 33

Applicable Optimizers:
* Zero-Byte
* Precompute-Init
* Precompute-Merkle-Demgard
* Early-Skip
* Not-Salted
* Not-Iterated

* Single-Salt
* Raw-Hash

Watchdog: Temperature abort trigger set to 90c
Watchdog: Temperature retain trigger disabled

INFO: Removed 2586055 hashes found in potfile

Starting attack in stdin mode...
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx:word1$word2
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx:word1%word3

Session..........: hashtest
Status...........: Exhausted
Hash.Type........: SHA1
Hash.Target......: target-hashes.txt
Time.Started.....: Thu Feb 16 10:46:53 2017 (6 secs)
Time.Estimated...: Thu Feb 16 10:46:59 2017 (0 secs)
Input.Base.......: Pipe
Input.Mod........: Rules (prince-twoword-infix-simulator.rule)
Speed.Dev.#1.....: 99941.2 kH/s (10.82ms)
Speed.Dev.#2.....:   100.0 MH/s (10.80ms)
Speed.Dev.#3.....: 79966.2 kH/s (7.13ms)
Speed.Dev.#4.....: 99024.6 kH/s (8.95ms)
Speed.Dev.#5.....: 84605.7 kH/s (8.91ms)
Speed.Dev.#6.....: 98232.7 kH/s (8.94ms)
Speed.Dev.#*.....:   561.8 MH/s
Recovered........: 2586088/4579032 (56.48%) Digests, 0/1 (0.00%) Salts
Recovered/Time...: CUR:N/A,N/A,N/A AVG:327,19632,471174 (Min,Hour,Day)
Progress.........: 2155164495
Rejected.........: 0
Restore.Point....: 0
Candidates.#1....: pension~campus -> indoor~transmit
Candidates.#2....: concerned~weeks -> roberts~campus
Candidates.#3....: podcast~heavily -> outlets~outlets
Candidates.#4....: qatar~orchestra -> suggested~weeks
Candidates.#5....: broker~transmit -> brokers~heavily
Candidates.#6....: stuff~rebecca -> pissing~stops
HWMon.Dev.#1.....: Temp: 63c Fan:  6% Util:  0% Core:1354Mhz Mem:3004Mhz Lanes:8
HWMon.Dev.#2.....: Temp: 63c Fan:  6% Util:  0% Core:1354Mhz Mem:3004Mhz Lanes:4
HWMon.Dev.#3.....: Temp: 63c Fan:  5% Util:  0% Core:1354Mhz Mem:3004Mhz Lanes:16
HWMon.Dev.#4.....: Temp: 61c Fan:  4% Util:  0% Core:1366Mhz Mem:3004Mhz Lanes:4
HWMon.Dev.#5.....: Temp: 66c Fan:  5% Util: 99% Core:1379Mhz Mem:3004Mhz Lanes:1
HWMon.Dev.#6.....: Temp: 62c Fan:  5% Util:  0% Core:1366Mhz Mem:3004Mhz Lanes:1

Started: Thu Feb 16 10:46:26 2017
Stopped: Thu Feb 16 10:47:00 2017
	----------------------------------------------------------------------
	# Crude mechanism for short masks between two wordlists
	# ( [wordlist][mask][wordlist] )
	#
	# I use princeprocessor rather than combinator/combinator3 so that
	# an arbitrary number of words can be used. Just adjust the
	# min and max values to taste.
	#
	# Also doable with maskprocessor for some attacks:
	# - https://hashcat.net/forum/thread-6239.html
	# - https://hashcat.net/wiki/doku.php?id=rules_with_maskprocessor

	----------------------------------------------------------------------
	# Second attempt - no need to prepend a space in advance.
	# If it's important to rank words by frequency for your attack,
	# merge proportionally rather than sort/uniquing)

	pp64 --elem-cnt-min=2 --elem-cnt-max=2 \
	<(LC_ALL=C sort -u dict1 dict2 dict3 \| 's/^/ /') \
	\| hasht -m 100 -a 0 hashes.txt -r prince-twoword-infix-simulator.rule

	# See below for contents of prince-twoword-infix-simulator.rule. Adjust to taste.
	# Don't forget that you can call -r more than once. Stack another set
	# of rules to use more GPU capacity of needed.
	----------------------------------------------------------------------
	# First attempt:

	# Prepend the word list with a single space.
	$ cat google-10000-english-usa.txt \| sed 's/^/ /g' > google-10000-english-usa.txt.prespace

	# Visually verify. Note the prepended space and no appended space (EOL visually indicated by $)
	$ head google-10000-english-usa.txt.prespace \| cat -vE
	the$
	of$
	and$
	to$
	a$
	in$
	for$
	is$
	on$
	that$

	# Ruleset with two actions:
	# 1. Delete first character (should always be a space)
	# 2. Replace all other spaces with a given character.
	# Note: first rule only deletes first character, so that space is attempted.
	$ cat prince-twoword-infix-simulator.rule
	[
	[ s !
	[ s "
	[ s #
	[ s $
	[ s %
	[ s &
	[ s '
	[ s (
	[ s )
	[ s *
	[ s +
	[ s ,
	[ s -
	[ s .
	[ s /
	[ s :
	[ s ;
	[ s <
	[ s =
	[ s >
	[ s ?
	[ s @
	[ s [
	[ s \
	[ s ]
	[ s ^
	[ s _
	[ s `
	[ s {
	[ s \|
	[ s }
	[ s ~

	# Test.
	$ pp64 --elem-cnt-min=2 --elem-cnt-max=2 google-10000-english-usa.txt.prespace \| hashcat -m 100 -a 0 target-hashes.txt -r prince-twoword-infix-simulator.rule

	hashcat (v3.30-155-g8743d75) starting...

	OpenCL Platform #1: NVIDIA Corporation
	======================================
	* Device #1: GeForce GTX 970, 1017/4068 MB allocatable, 13MCU
	* Device #2: GeForce GTX 970, 1017/4068 MB allocatable, 13MCU
	* Device #3: GeForce GTX 970, 1017/4068 MB allocatable, 13MCU
	* Device #4: GeForce GTX 970, 1017/4068 MB allocatable, 13MCU
	* Device #5: GeForce GTX 970, 1017/4068 MB allocatable, 13MCU
	* Device #6: GeForce GTX 970, 1017/4068 MB allocatable, 13MCU

	Hashes: 4579032 digests; 4579032 unique digests, 1 unique salts
	Bitmaps: 19 bits, 524288 entries, 0x0007ffff mask, 2097152 bytes, 5/13 rotates
	Rules: 33

	Applicable Optimizers:
	* Zero-Byte
	* Precompute-Init
	* Precompute-Merkle-Demgard
	* Early-Skip
	* Not-Salted
	* Not-Iterated

	* Single-Salt
	* Raw-Hash

	Watchdog: Temperature abort trigger set to 90c
	Watchdog: Temperature retain trigger disabled

	INFO: Removed 2586055 hashes found in potfile

	Starting attack in stdin mode...
	xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx:word1$word2
	xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx:word1%word3

	Session..........: hashtest
	Status...........: Exhausted
	Hash.Type........: SHA1
	Hash.Target......: target-hashes.txt
	Time.Started.....: Thu Feb 16 10:46:53 2017 (6 secs)
	Time.Estimated...: Thu Feb 16 10:46:59 2017 (0 secs)
	Input.Base.......: Pipe
	Input.Mod........: Rules (prince-twoword-infix-simulator.rule)
	Speed.Dev.#1.....: 99941.2 kH/s (10.82ms)
	Speed.Dev.#2.....: 100.0 MH/s (10.80ms)
	Speed.Dev.#3.....: 79966.2 kH/s (7.13ms)
	Speed.Dev.#4.....: 99024.6 kH/s (8.95ms)
	Speed.Dev.#5.....: 84605.7 kH/s (8.91ms)
	Speed.Dev.#6.....: 98232.7 kH/s (8.94ms)
	Speed.Dev.#*.....: 561.8 MH/s
	Recovered........: 2586088/4579032 (56.48%) Digests, 0/1 (0.00%) Salts
	Recovered/Time...: CUR:N/A,N/A,N/A AVG:327,19632,471174 (Min,Hour,Day)
	Progress.........: 2155164495
	Rejected.........: 0
	Restore.Point....: 0
	Candidates.#1....: pension~campus -> indoor~transmit
	Candidates.#2....: concerned~weeks -> roberts~campus
	Candidates.#3....: podcast~heavily -> outlets~outlets
	Candidates.#4....: qatar~orchestra -> suggested~weeks
	Candidates.#5....: broker~transmit -> brokers~heavily
	Candidates.#6....: stuff~rebecca -> pissing~stops
	HWMon.Dev.#1.....: Temp: 63c Fan: 6% Util: 0% Core:1354Mhz Mem:3004Mhz Lanes:8
	HWMon.Dev.#2.....: Temp: 63c Fan: 6% Util: 0% Core:1354Mhz Mem:3004Mhz Lanes:4
	HWMon.Dev.#3.....: Temp: 63c Fan: 5% Util: 0% Core:1354Mhz Mem:3004Mhz Lanes:16
	HWMon.Dev.#4.....: Temp: 61c Fan: 4% Util: 0% Core:1366Mhz Mem:3004Mhz Lanes:4
	HWMon.Dev.#5.....: Temp: 66c Fan: 5% Util: 99% Core:1379Mhz Mem:3004Mhz Lanes:1
	HWMon.Dev.#6.....: Temp: 62c Fan: 5% Util: 0% Core:1366Mhz Mem:3004Mhz Lanes:1

	Started: Thu Feb 16 10:46:26 2017
	Stopped: Thu Feb 16 10:47:00 2017