Skip to main content
Site Logo Blog | Rane Villanueva
Advanced Password Attacks

Advance Password Attacks

2 min 254 words
offensive hashcat password

Hashcat rules

Hashcat rules are from the word itself, “rules”, that defines transformations of inputs, in this case, passwords or wordlists. In other words, it mutates the passwords.

For example, using a rule, password will become the following (depending on what rules are used):

Password
P4ssw0rd
Password1
drowssap

There are mainly two (2) ways to use hashcat rules:

  1. Password Cracking
  2. Wordlist Generation

Using rules will only work with the following attack modes:

  • 0 | Straight
  • 6 | Hybrid Wordlist + Mask
  • 7 | Hybrid Mask + Wordlist

For more information, visit Rule-based Attack.

There are built-in rules in hashcat that are available on Kali Linux, which are located on /usr/share/hashcat/rules/. There are also resources available on the internet, like OneRuleToRuleThemStill.

Password Cracking

First thing is to select what rule to use, for example, we will use OneRuleToRuleThemStill. Second is the wordlist. I recommend creating a custom wordlist when using rules or using CeWL.

Creating the rule

In our case, we will download OneRuleToRuleThemStill:

wget https://raw.githubusercontent.com/stealthsploit/OneRuleToRuleThemStill/refs/heads/main/OneRuleToRuleThemStill.rule

Creating the wordlist

wordlist.txt

tonystark

By this time, we would have the two things that we need:

$ ls    
OneRuleToRuleThemStill.rule  wordlist.txt

Cracking

For this example, we will crack the MD5 hash 9d2d3c02bec02cd8741d4c53570baa22

hashcat -m0 '9d2d3c02bec02cd8741d4c53570baa22' wordlist.txt -r OneRuleToRuleThemStill.rule

The command will lead us to the result of 9d2d3c02bec02cd8741d4c53570baa22:t0nyst4rk.

Wordlist Creation

Instead of directly cracking the password, we can use Hashcat Rules to generate a wordlist. This wordlist will be useful when testing authentication mechanisms like SSH login, Web Login, etc.

Similar to the example above, we will use the same wordlist and rule.

hashcat --force wordlist.txt  -r OneRuleToRuleThemStill.rule --stdout | sort -u > mutated_passwords.txt

This will create the mutated_password.txt file that contains the following:

$$tonystark
$onystark
$onystArk
$ONYSTARK
$tonystark
$Tonystark
$tonystark$
0000onystark
0000tonystark
000tonystark
...