Please note, this is a STATIC archive of website hashcat.net from 08 Oct 2020, cach3.com does not collect or store any user information, there is no "phishing" involved.

hashcat Forum

Full Version: creating wordlist or not, what attack to use?
You're currently viewing a stripped down version of our content. View the full version with proper formatting.
Dear members,

I hope you can help me. I start to study more hashcat and hacking. The reason is personal security and i started to like cryptography (to protect my data 2).
I manage to make extremly good wordlist for my speaking area (my country). It have all names, surnames, nicknames, then date of birth, months, and all words (cases of words, nouns...)
Dictionary1 with all words have 266,034
Dictionary2 with all names, surnames and nicknames have 11,553
Dictionary3 with all months years have 740 words and,
Dictionary4 that is calendar (exp: 11031989) from 1950 to 2020 years have 46,896 words

I created python scrip to do all combination and scrypt to merge 2 dictionary with all combinations.
But if  I do all mutations of words (a=@...) and merge them all into one, then do combination with that single dictionary, the file will be huge. I'm sure that dict would be able to hack so many regular passwords. I think mutation is week since i don't have "c=(" or some others. But i can try to correct that.

So what would be best solution? Maybe I'm not aware of something.

I see there is toogle case attack, table lookup attack, combinator attack and rule based attack.
Does rule based attack cover all attacks (toogle case, table lookup and combinator)?
Or is it better (if it can be done) to merge all my dictionary (without mutation or combination) into one dictionary5 (266,034+11,553+740+46,896=325,223 words) then do table lookup attack to get dictionary 6. Then merge dictionary 5 and dictionary 6 = dictionary 7. Do toogle case attack with dictionary 7 to get dictionary 8. Then merge dict7 and dict8 = dict 9. And with that dict 9 to do combinator attack to get dict 10. Merge dict 9 and dict 10 to get final wordlist. Now that list (I think) is gona be huge huge huge file. But if i use it with rule bassed attack it can do pretty good unlock.
Now you sea what is my confusion. Should i do this or rule based attack cover all this? Is there better solution?

P.S. One more question. Can hashcat do attack and save words? For example to get mu dictionary 5 and with table lookup just to create dictionary.
I'd recommend you start learning how those attack-modes work. You can use --stdout to see which password candidates are generated. You can also save those outputs to file using a redirection and then reuse that result as input wordlist for your next attack. That way you should be able to combine different attack-modes as you want. But there is generally no GUI one-click solution, it's real work.