Rules and Mask Files
Rule based attacks
Mentioned briefly before, rule-based attacks can be very useful. Hashcat has a list of built-in rules that you can use to crack passwords. You can find them in the Hashcat “rules” subdirectory. For example, there are “leetspeak” rule sets that automatically takes each dictionary word and tries different leet-speak versions of the word, replacing letters with numbers. You can even use a programming type language to create your own rulesets.
Rule based attacks are use in single attack mode. They are enabled by using the “-r” switch and the name of the ruleset you want:
The Best64, InsidePro, Dive, Rockyou-30000 & d3ad0ne rules are some of the more popular ones and are very effective. My best advice for rules is to start with the smaller rule files (look at their file size) and then move on to the larger ones. The smaller ones usually run fairly quick; the larger ones can take significantly longer to...