Sometimes you come along a password and want to try other variations of that password. Or you have a password list and want to add all possible solutions into a dictionary password file . With hashcat you can create a password list bases on rules you set or existing rules which comes with the installation of kali. This post focus only on existing rules.
In Kali Linux you can find an existing set of rules here -> /usr/share/hashcat/rules/
Variations of one word
Let’s say we have found a password or a word we think might be a password. Now we want to try all different variation of that word and put them into a dictonary.
We use echo and then pipe it into hashcat and output it in an file
echo -n "TheDutchHacker" | hashcat --force --stdout -r /usr/share/hashcat/rules/toggles3.rule >> pwdlist.txt
Explanation:
| ECHO | |
| -n | do not output the trailing newline |
| HASHCAT | |
| Command | Explanation |
| –force | Ignore warnings |
| –stdout | Stoud mode ( Stream mode) |
| -r | Rule-file to use |
And we use >> to add it to the pwdlist.txt file. Make sure you use >> and not > other wise it will overwrite instead to add the extra words to the list
You can add more rules to the list with the the same word. Just repeat the command but with a different set of rules.
Multiple Words
Now let say you have a file with different words and you want to put it through a rules set. You just have to provide the list. Now this list was in the same directory. If it was not then we needed to add the full path
hashcat --force --stdout pwdlist.txt -r /usr/share/hascat/rules/best64.rule >> alteredlist.txt
Now cat this out and see the results cat alteredlist.txt
Conclusion on Create a password list with hashcat based on existing rules
So there we have. We can now build password files based on an existing rule set. If you want to know how a rule set is build up just cat the rule set to screen. If you need more info on this then take a look at the official wiki page rule_based_attack [hashcat wiki]
