04-13-2015, 06:32 AM
I've been trying my hand some of the hashes.org hashes, and notice some are email addresses. That actually makes sense. An email address will (usually) meet the length requirement, and the "@" and "." meet the special character requirement. Throw in a number and with the lowercase letters, you have characters from 3 different sets meeting that requirement, yet easy to remember. Dumb if the password is the actual email address, but you can't cure stupid.
So I went about collecting some common email domains, then turning them into rules. While I was at it, I thought combining this with the best64 rules would increase the power of my wordlists.
Unfortunately, this does have one drawback. oclhashcat rules are limited to 15 functions. Any domain name with more than 15 characters (including the "@") would be ignored by oclhashcat, and even smaller ones when combined with best64. However, hashcat (cli) works fine for all rules. oclhashcat will only work with some of these rules.
I've attached two files. The email domain list and the resulting ruleset after combining them with best64. Any suggestions for domains I should include are welcome.
So far, rockyou seems to be the best wordlist I've used with these rules. The unabridged english dictionary didn't find anything, nor did the 10,000 most common passwords. Testing is still continuing...
A special thanks to epixoip and coolbry95 for their invaluable advice that helped me get this going.
So I went about collecting some common email domains, then turning them into rules. While I was at it, I thought combining this with the best64 rules would increase the power of my wordlists.
Unfortunately, this does have one drawback. oclhashcat rules are limited to 15 functions. Any domain name with more than 15 characters (including the "@") would be ignored by oclhashcat, and even smaller ones when combined with best64. However, hashcat (cli) works fine for all rules. oclhashcat will only work with some of these rules.
I've attached two files. The email domain list and the resulting ruleset after combining them with best64. Any suggestions for domains I should include are welcome.
So far, rockyou seems to be the best wordlist I've used with these rules. The unabridged english dictionary didn't find anything, nor did the 10,000 most common passwords. Testing is still continuing...
A special thanks to epixoip and coolbry95 for their invaluable advice that helped me get this going.