LabEx
Log InJoin Free

Create a Custom Rule in Hashcat

Kali LinuxBeginner
Practice Now

Introduction

Hashcat is a powerful and versatile password recovery tool. One of its most effective features is the rule-based attack, which allows you to perform manipulations on a wordlist to create a vast number of password candidates. Instead of using pre-made rule files, you can create your own custom rules tailored to a specific target.

In this lab, you will learn the fundamentals of Hashcat's rule syntax and create your own custom rule file from scratch. You will write rules to capitalize the first letter of a word and append a year, then use this custom rule file in a sample password cracking attack.

Learn Basic Rule Syntax like Append '$' and Prepend '^'

In this step, you will learn about the basic syntax for Hashcat rules. Rules are simple, single-character commands that tell Hashcat how to manipulate a word from your wordlist. Two of the most fundamental rules are for prepending and appending characters.

  • ^x: Prepend the character x to the beginning of the word.
  • $x: Append the character x to the end of the word.

To see how these rules work without running a full attack, we can use the --stdout option. This will print the output of the rule manipulations directly to the terminal.

First, let's test the append rule. We'll create a temporary rule file that appends the number 1 to each word.

echo '$1' > temp_rule.txt

Now, run Hashcat with this rule against our wordlist.txt. The --force flag is used to make Hashcat run even if it detects an unsupported environment, like a VM.

hashcat --force --stdout wordlist.txt -r temp_rule.txt

You should see the word from your list with 1 appended to it:

password1

Next, let's test the prepend rule. We'll create a rule to prepend the character A.

echo '^A' > temp_rule.txt

Run Hashcat again with this new rule:

hashcat --force --stdout wordlist.txt -r temp_rule.txt

The output will now show the character A at the beginning of the word:

Apassword

Feel free to experiment with other characters to solidify your understanding. Once you're done, you can remove the temporary file.

rm temp_rule.txt

Create a New Custom Rule File

In this step, you will create a new, empty file that will hold all the custom rules for our attack. It's standard practice to give rule files a .rule extension for clarity.

We will create a file named labex.rule in your current working directory, ~/project. You can create an empty file easily using the touch command.

Execute the following command in your terminal:

touch labex.rule

To confirm that the file has been created successfully, you can list the contents of the directory using the ls command.

ls

You should see labex.rule listed in the output, along with the hashes.txt and wordlist.txt files.

hashes.txt  labex.rule  wordlist.txt

Now you have a dedicated file ready for your custom rules.

Add a Rule to Capitalize the First Letter 'c'

In this step, you will add your first rule to the labex.rule file. A very common password pattern is to capitalize the first letter of a word. Hashcat has a specific rule for this:

  • c: Capitalize the first letter of the word and make all other letters lowercase.

We will add this rule to our labex.rule file. The echo command combined with a single redirect > is a quick way to write content to a file, overwriting anything that was previously there.

echo 'c' > labex.rule

Now, let's test our new rule file to see its effect. We'll use the --stdout option again to preview the output.

hashcat --force --stdout wordlist.txt -r labex.rule

The output should be the word password with the first letter capitalized, as specified by the c rule.

Password

You have successfully created and tested your first custom rule.

Add a Rule to Append a Year ' $2 $0 $2 $4'

In this step, you will enhance your rule to be more complex. You can combine multiple rule commands on a single line to create more specific password candidates. We will modify our rule to not only capitalize the first letter but also append a year, for example, 2024.

To append a specific character, you use the $ command followed by the character. For example, $2 appends the digit 2. To build the string 2024, we need to append 2, then 0, then 2, then 4.

The combined rule will look like this: c $2 $0 $2 $4. This tells Hashcat to first perform the capitalization (c), and then append the specified characters in order.

Let's update the labex.rule file with this new, more powerful rule.

echo 'c $2 $0 $2 $4' > labex.rule

Now, test the updated rule file to see the result of the combined commands.

hashcat --force --stdout wordlist.txt -r labex.rule

The output should now be the capitalized word followed by the year 2024.

Password2024

This demonstrates how you can chain rules together to create complex and targeted password patterns.

Test the Custom Rule File on a Sample Attack

In this step, you will use your completed custom rule file, labex.rule, to perform a real password cracking attack. We will target the sample MD5 hash provided in the hashes.txt file.

The command for the attack will specify the hash type, the attack mode, the hash file, the wordlist, and finally, our custom rule file.

  • -m 0: Specifies the hash type is MD5.
  • -a 0: Specifies the attack mode is a "Straight" or dictionary attack.
  • hashes.txt: The file containing the hash(es) to crack.
  • wordlist.txt: The dictionary file to use as a base.
  • -r labex.rule: Specifies the custom rule file to apply to the wordlist.

Run the following command to start the attack:

hashcat --force -m 0 -a 0 hashes.txt wordlist.txt -r labex.rule

Hashcat will start, apply the rule c $2 $0 $2 $4 to the word password, generate Password2024, hash it, and compare it to the hash in hashes.txt. It will find a match and report the cracked password.

After the attack is complete (it should be very fast), you can view the cracked passwords using the --show option.

hashcat --force -m 0 --show hashes.txt

The output will display the hash followed by its cracked plaintext password.

a915550249347678553a332349443648:Password2024

Congratulations, you have successfully created a custom rule and used it to crack a password!

Summary

In this lab, you have learned the essential skills for creating custom rules in Hashcat. You started by understanding the basic syntax for prepending (^) and appending ($) characters. You then created your own rule file, labex.rule, and populated it with progressively more complex rules.

You successfully wrote a rule to capitalize the first letter of a word (c) and then enhanced it by chaining commands to append a year ($2 $0 $2 $4). Finally, you applied this custom rule in a practical attack scenario, successfully cracking an MD5 hash.

This knowledge is a stepping stone to mastering Hashcat's powerful rule engine, enabling you to create highly targeted and efficient password cracking strategies.

Related Kali Linux Courses
Kali Linux for Beginners

Kali Linux for Beginners

cybersecuritykalilinux
Kali Server Exploitation in Action

Kali Server Exploitation in Action

cybersecuritykalilinux