the ones listed below are enough for us to understand how Hashcat mutates words.
| Function | Description |
|---|---|
: |
Do nothing. |
l |
Lowercase all letters. |
u |
Uppercase all letters. |
c |
Capitalize the first letter and lowercase others. |
sXY |
Replace all instances of X with Y. |
$! |
Add the exclamation character at the end. |
Each rule is written on a new line which determines how the word should be mutated. If we write the functions shown above into a file and consider the aspects mentioned, this file can then look like this:
cat custom.rule
hashcat --force password_list -r custom.rule --stdout | sort -u > mut_password.list
cat mut_password.list
Hashcat and John come with pre-built rule lists that we can use for our password generating and cracking purposes. One of the most used rules is best64.rule, which can often lead to good results.
ls /usr/share/hashcat/rules/
We can now use another tool called CeWL to scan potential words from the company's website and save them in a separate list. We can then combine this list with the desired rules and create a customized password list that has a higher probability of guessing a correct password. We specify some parameters, like the depth to spider (-d), the minimum length of the word (-m), the storage of the found words in lowercase (--lowercase), as well as the file where we want to store the results (-w).
cewl <https://www.inlanefreight.com> -d 4 -m 6 --lowercase -w inlane.wordlist
wc -l inlane.wordlist