Each word in a dictionary generates all permutations of itself.
If our dictionary contains the words:
ABC
Hashcat generates the following password candidates:
ABC ACB BAC BCA CAB CBA
Note: the number of the resulting lines should correspond to the factorial of the number of characters within the original line, i.e. for a 3 character input we get 3! = 3 * 2 * 1 = 6 password candidates, for 4 character it is 4! = 24, for 5 it is 5! = 120 and so on.
Modern hashcat requires no dictionary optimization. If you are still using oclHashcat, the permutation attack can be optimized if you prepare your dictionaries. See the prepare command section on the Hashcat-utils page.
This attack is currently supported by: