Understanding Hashcat Rules with Wordlists

Hashcat is a powerful password tool that uses various techniques to test passwords, including brute-force attacks, combinator attacks, and dictionary attacks.
In this article, we will focus on how Hashcat applies rules to wordlists to enhance the password testing process.

Rules in Hashcat are essentially instructions that modify words from a given wordlist. These modifications help generate different password variations, such as changing capitalization, appending numbers, or reversing the word, thereby increasing the chances of recovering a password.

Rules are applied one at a time or in combination, allowing Hashcat to expand the number of password candidates beyond the entries in the wordlist. The flexibility and efficiency of rules make them an essential feature when performing dictionary-based attacks.

When you run Hashcat with a wordlist and rules, Hashcat processes each word in the wordlist according to the defined rules, creating variations of that word. Each modified word is then checked against the hash you're trying to crack.

For example, let's assume your wordlist contains the word password. Hashcat can use rules to modify this word in various ways:

• Reverse it: drowssap
• Capitalize the first letter: Password
• Append numbers: password123
• Append symbols: pass-word?
• Change characters: p@ssw0rd

Each of these transformations increases the likelihood of matching a complex password in real-world scenarios.

Hashcat uses a specific syntax for rules. Below are some of the most common rule operations and their notations:

• Append character: $1 appends the number 1 to the word.
• Prepend character: ^p prepends the letter p to the word.
• Toggle case: t0 toggles the case of the first character.
• Reverse: r reverses the word.
• Duplicate first character: f duplicates the first character of the word.

These rules can be combined, creating complex transformations of words. For example, the rule $1 ^p r would modify the word "password" as follows:

• Append 1: password1
• Prepend "p": ppassword1
• Reverse the word: 1drowssapp

Let’s walk through a basic example where we apply a rule to a wordlist.

Assume you have a wordlist file wordlist.txt that contains the following words:

password
admin
welcome

We want to apply a rule that toggles the case of the first letter and appends the number 123 to each word. We use the rule file rules.txt:

t0 $123

This rule will:

• t0: Toggle the case of the first character.
• $123: Append the numbers 123.

To apply this rule in Hashcat, use the following command:

hashcat -a 0 -m 0 -r rules.txt hash.txt wordlist.txt

The resulting transformations of the wordlist would be:

Password123
Admin123
Welcome123

Hashcat will now attempt to test the hash by using these modified words as potential passwords.

• Start with common rules: Hashcat provides pre-built rule files, such as rules/best64.rule and rules/d3ad0ne.rule, which are good starting points.
• Combine rules: You can create custom rule files that combine different rules to generate more variations.
• Use efficient wordlists: The effectiveness of rules depends on the quality of your wordlist. Ensure your wordlist contains common passwords or words related to the target you are trying to crack.
• We provide a selection of top-tier rule lists, curated based on our expertise, to help you choose the most effective rules tailored to your specific case and needs.