Most of the time, passwords are entirely lower case, which makes for weak passwords. Some people strengthen their passwords by “toggling” a few of the characters in their password to upper case. (But don't flip them all; try to find some balance between password length and number of upper-case characters.)
We can exploit this behavior leading to an extreme optimized version of the original Toggle-case attack by generating all password candidates that have two to five characters flipped to upper-case. real strong passwords have this balance and will not exceed this rule. So we don't need to check them.
Thanks to legion from team hashcat who found this first.
Case can be toggled with specialized rules. Since hashcat-legacy and hashcat support rules files, they can do toggle-attacks, too.
For rules files that use this technique, see rules/toggle[12345].rule in the hashcat distribution. They include all possible toggle-case switches of the plaintext positions 1 to 15 of either 1, 2, 3, 4 or five 5 characters at once.
To get a feel for what toggle rules look like, here is the content of toggle2.rule.
As you can see, these rules have been optimized to eliminate redundant rules. For example, a rule like “T1T1” does not make sense, because the net result is no change in case. Rules like “T2T4” followed by “T4T2” would be also redundant.
T0 T1 T2 T3 T4 T5 T6 T7 T8 T9 TA TB TC TD TE T0T1 T0T2 T0T3 T0T4 T0T5 T0T6 T0T7 T0T8 T0T9 T0TA T0TB T0TC T0TD T0TE T1T2 T1T3 T1T4 T1T5 T1T6 T1T7 T1T8 T1T9 T1TA T1TB T1TC T1TD T1TE T2T3 T2T4 T2T5 T2T6 T2T7 T2T8 T2T9 T2TA T2TB T2TC T2TD T2TE T3T4 T3T5 T3T6 T3T7 T3T8 T3T9 T3TA T3TB T3TC T3TD T3TE T4T5 T4T6 T4T7 T4T8 T4T9 T4TA T4TB T4TC T4TD T4TE T5T6 T5T7 T5T8 T5T9 T5TA T5TB T5TC T5TD T5TE T6T7 T6T8 T6T9 T6TA T6TB T6TC T6TD T6TE T7T8 T7T9 T7TA T7TB T7TC T7TD T7TE T8T9 T8TA T8TB T8TC T8TD T8TE T9TA T9TB T9TC T9TD T9TE TATB TATC TATD TATE TBTC TBTD TBTE TCTD TCTE TDTE