Maximize Password Cracking Ability with OneRuleToRuleThemAll

About six months ago I discovered a few GREAT wordlists that have drastically increased my password cracking ability. See my post here. I have taken this new password cracking ability and maximized 10x with hashcat rules. Hashcat rules change the words in a wordlist to fit common password conventions such as changing an "a" to an "@" or an "E" to a "3." There are countless published rules out there but OneRuleToRuleThemAll incorporates 4 of the most effective.

GitHub - NotSoSecure/password_cracking_rules: One rule to crack all passwords. or atleast we hope so.

One rule to crack all passwords. or atleast we hope so. - GitHub - NotSoSecure/password_cracking_rules: One rule to crack all passwords. or atleast we hope so.

GitHubNotSoSecure

With a beast of a wordlist like BreachCompilation AND OneRuleToRuleThemAll, you are inching towards Thanos-level power. That is, as long as you are willing to dedicate some computer power and time to cracking! I am currently 24 hours in with 44% of words still to go with an NVIDIA GeFORCE GTX 1660 Super GPU on a few passwords I am testing.

The syntax of the hashcat command to run with OneRule is as follows:

hashcat.exe -m $HASHCODE -a 0 hashes.txt Path\To\Wordlists\wordlist.zip -r location\of\ruleset.rule

Good luck and happy cracking!!

References:

One Rule to Rule Them All

Password cracking is a staple part of pentesting and with a few exceptions, dictionary/rule based attacks are the predominant method in getting those ever-elusive plain text values. Cracking rigs have afforded pentesters and blackhats alike the ability to throw a few graphics cards at some hashes an…

NotSoSecurePosted: Thu, 01/06/2017 - 12:52

https://github.com/NotSoSecure/password_cracking_rules