Please note, this is a STATIC archive of website hashcat.net from 08 Oct 2020, cach3.com does not collect or store any user information, there is no "phishing" involved.

hashcat Forum

Full Version: Smarter way to do a combinator attack with different rules for -j/-k?
You're currently viewing a stripped down version of our content. View the full version with proper formatting.
I want to try a combinator attack where I combine two dictionaries with a '@' between the words in the dictionaries and add four digits to the end of the combined words, e.g. if

dict1
Code:
cat
dog
car

dict2:
Code:
coke
sprite
fanta

I want the output to be (YYYY for some year):
Code:
cat@cokeYYYY
cat@spriteYYYY
.
.
car@fantaYYYY

I've tried using -a 1 with -j '$@' -k '@YYYY', but seems like this only works if -j/-k adds the same amount of characters (e.g. as in the example at https://hashcat.net/wiki/doku.php?id=combinator_attack) - unless I'm doing it completely wrong of course.

I could append '@' to all the words in dict1 and then combine the modified dict1 with dict2 using combinator before running the rule attack, but before I do that I wonder if there's an easier way? Doing it this way could lead to a quite large combined dictionary that'd take up quite some disk space if dict1 and dict2 both contain a decent amount of words.

Even better if it's possible to do -k '$?d $?d $?d $?d' so I could try appending all four-digit combinations to word1@word2 without having to manually specify YYYY for each attack I do. If that's asking for too much I'll just do the attack in a loop where YYYY is incremented for each iteration.
Think I managed to figure out it. Solution is to use combinator and pipe the result to hashcat instead of saving it to a file, as suggested by atom in https://hashcat.net/forum/thread-5813-post-31181.html . This way I can use the rule that tries all four-digit combinations as well, although it's probably a complete overkill and waste of time.
(02-24-2017, 01:05 PM)voideater Wrote: [ -> ]Think I managed to figure out it. Solution is to use combinator and pipe the result to hashcat instead of saving it to a file, as suggested by atom in https://hashcat.net/forum/thread-5813-post-31181.html . This way I can use the rule that tries all four-digit combinations as well, although it's probably a complete overkill and waste of time.

Hi - have a look at comboleetor.pl (newly posted as I write this.)  It does what you want, and much more.

Cheers,
Jim B.