Please note, this is a STATIC archive of website hashcat.net from October 2020, cach3.com does not collect or store any user information, there is no "phishing" involved.

 

Hybrid Attack

Description

Basically, the hybrid attack is just a Combinator attack. One side is simply a dictionary, the other is the result of a Brute-Force attack. In other words, the full Brute-Force keyspace is either appended or prepended to each of the words from the dictionary. That's why it's called “hybrid”.

Alternatively you can use Mask attack or Rule-based attack to replace the Brute-Force side.

Examples

If your example.dict contains:

password
hello

The configuration:

$ ... -a 6 example.dict ?d?d?d?d

generates the following password candidates:

password0000
password0001
password0002
.
.
.
password9999
hello0000
hello0001
hello0002
.
.
.
hello9999

It also works on the opposite side!

The configuration:

$ ... -a 7 ?d?d?d?d example.dict

generates the following password candidates:

0000password
0001password
0002password
.
.
.
9999password
0000hello
0001hello
0002hello
.
.
.
9999hello

Using rules to create a Hybrid attack

We can utilize the rule engine in hashcat to emulate the Hybrid attack.

This section has moved into a dedicated wiki page: Using rules to emulate hybrid attack.

Except where otherwise noted, content on this wiki is licensed under the following license: Public Domain