Consider the following scenario: you have to crack a md5 hash which belong to a password which has a lenght of 16 characters with the following format:
$password = $word . $word;
# password is the duplicated word (word concatenate with itself)
# e.g. if word='guy12345' then password='guy12345guy12345'
As you can imagine, it is very difficult to crack a 16-char password, but a 8-char password can be broken in a few days.
I know there is a rule for duplicate a word, but I don't know how to use it in a bruteforce attack, because the word is not in a dictionary (it is composite for lowcase, uppercase, numbers and special characters). If I try it, hashcat says rules cannot be used in attack mode 3...
An alternative could be use maskprocessor to generate a dictionary with '?a?a?a...?a' and then use a pipe to pass it like input to hashcat running with that rule. Well, I tryed it, but it is increeeeeeedibly slow.
So, is there any option to use rules with bruteforce attacks? If there isn't, will you develop it? It would be really useful...
$password = $word . $word;
# password is the duplicated word (word concatenate with itself)
# e.g. if word='guy12345' then password='guy12345guy12345'
As you can imagine, it is very difficult to crack a 16-char password, but a 8-char password can be broken in a few days.
I know there is a rule for duplicate a word, but I don't know how to use it in a bruteforce attack, because the word is not in a dictionary (it is composite for lowcase, uppercase, numbers and special characters). If I try it, hashcat says rules cannot be used in attack mode 3...
An alternative could be use maskprocessor to generate a dictionary with '?a?a?a...?a' and then use a pipe to pass it like input to hashcat running with that rule. Well, I tryed it, but it is increeeeeeedibly slow.
So, is there any option to use rules with bruteforce attacks? If there isn't, will you develop it? It would be really useful...