4 John and Hashcat Rules

As we have seen, John and hashcat can be used to perform various types of cracking attacks against credentials. However, brute-force style or mask attacks can be overly time-consuming, and wordlist-based (or dictionary) attacks may result in fewer cracked credentials when they are not present in the wordlist.

To try and move in between these two extremes, we can use rules, which are a way of taking a source list of candidates for cracking (such as a wordlist) and modifying those candidates to increase the likelihood of successful cracking. These modifications can be simple, such as capitalizing the first character of a candidate or adding a number to the end of a candidate. On the other hand, we can also engage in significant ...

Get Ethical Password Cracking now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Ethical Password Cracking by James Leyte-Vidal

4

John and Hashcat Rules

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly