There is no doubt that cracking passwords with wordlists is faster than brute forcing. However when a user is using a weak password that does not exist in your wordlist (which can happen), it will not be possible to crack it.
This is where password rules com in
Hashcat rules are a set of instructions that can be used to modifry words for the purpose of password cracking. These rules are used to create multiple variations of a word that can be used as part of a password cracking attack
Hashcat rules work by applying transformations to a word, such as appending characters, changing the case, or inserting numbers. For example, a simple rule might be to append the numbers "123" to the end of a word. This rule would generate new passwords by adding "123" to the end of each word in a wordlist. Multiple different rules have been created to replicate common password strategies employed by users. Strategies such as using a capital first letter and a special character at the end, or using a year for a numerical value
The use of hashcat rules can significantly increase the number of passwords that are generated, and can therefore help to uncover passwords that might not be easily discovered through simple wordlists. The rules can be customized to match specific types of passwords, such as passwords that are commonly used in an organization, or passwords that are generated by a specific password policy.
To use Hashcat rules, a user must create a rules file that contains the desired transformations, and then specify the rules file when running Hashcat. Hashcat will then apply the rules to each word in the wordlist, generating a new list of passwords that can be used in a password cracking attack.
While there are a range of different rules that can be used the following shows some of the most common techniques applied to wordlists
Name / Function / Description / Example / Input Word / Output Word
Lowercase / l / Make all letters lower case / l / p@55woRD / p@55word
Capitalise / c / Capitalise the first letter, all others are lower case / c / p@55woRD / P@55word
Uppercase / u / Make all letters upper case / u p@55woRD / P@55WORD
Append / $<character> / Appends <character> to end / $1 / p@55woRD / p@55woRD1
Prepend / ^<character> / Prepend <character> at beginning / ^9 p@55woRD / 9p@55woRD
Replace / S<X><Y> / Replace X with Y / s5s / p@55woRD / p@sswoRD
Hashcat rules can be simple or incredibly complex. One of the most complete Hashcat rules is OneRuletoRuleThemAll.rule this rule will exponentially increase the number of potential passwords you are able to guess when paired with a wordlist.
