In this tutorial we will show you how to perform a combinator attack using hashcat.
For demonstration purposes, we will be using the MD5 password hashes from the Battlefield Heroes leak in 2013. The password hashes can be obtained here.
The commands used in this tutorial were run using the Kali Linux operating system by Offensive Security. In other environments the commands may be different however, the procedure will be the same.
What is a Combinator Attack?
A combinator attack works by taking words from one or two wordlists and joining them together to try as a password. For example, if wordlist one contained the following:
fast
slow
big
And wordlist two contained:
car
truck
building
A combinator attack will try the following:
fastcar
fasttruck
fastbuilding
slowcar
slowtruck
slowbuilding
bigcar
bigtruck
bigbuilding
Although you will get combinations that make no sense, such as “slowbuilding” and “fastbuilding”. You will get a lot of joined words which do make sense and could potentially be someone’s password. Also, just because some of the joins don’t make sense, it doesn’t mean you should assume someone wouldn’t choose it as a password.
It’s also important to mention with this attack that the words in wordlist one will not be tried with wordlist two in reverse order. For example, “carfast’, “truckfast” etc.
With a single wordlist, the combinator attack will combine each word with itself and every other in the list.
For example, a combinator attack using a single wordlist such as:
fast
slow
big
Would produce:
fastfast
fastslow
fastbig
slowfast
slowslow
slowbig
bigfast
bigslow
bigbig
Performing A Combinator Attack
As previously mentioned, the hashes can be downloaded from the link provided at the top of the page. To demonstrate the different attacks, the following wordlists will be used:
Using The CPU Version of Hashcat
From what we could find, the CPU version of hashcat seems to only work with one dictionary at a time (even if you specify two at the command line). If your hashcat installation uses your CPU for cracking, you will have to make a compromise to perform the attack.
If your version of hashcat utilises your GPU, you can skip to the next section.
For CPU hashcat users, you will have to merge your two wordlists into one file and store it on your disk. Within the hashcat-utils suite there is a tool called combinator that will do this for you.
To merge wordlists with the combinator utility, you can use the following command:
# /usr/share/hashcat-utils/combinator.bin 500-worst-passwords.txt 1-1000.txt > combined_wordlist.txt
Now our file combined_wordlist contains the joined words from 1-1000.txt and 500-worst-passwords.txt.
To make sure the command has worked, you can check the word count of the file like so:
# wc combined_wordlist.txt
500000 500000 5913000 combined_wordlist.txt
Combinator Attack with Two Wordlists Using a GPU
Using the GPU version of hashcat, you can perform a combinator attack with the following command:
# hashcat –m 0 –a 1 bfield.hash 500-worst-passwords.txt 1-1000.txt
| Command | Meaning |
| -m 0 | Indicates to hashcat we are cracking MD5 hashes. |
| -a 1 | Combination attack mode. |
| bfield.hash | The hashed MD5 passwords. |
| 500-worst-passwords.txt | The 500 worst passwords wordlist. |
| 1-1000.txt | The 1000 most common US English words wordlist. |
You should see the an output similar to below:
…
41962a071e499f2ce2b129eaf8eafc6e:voodooman
ddc88111e7c6437760bf9c1e7f267b47:musica
075f74ae2b8989ab2c7e3c8c91bcf62a:musicman
5811ce413d7b598d29b5852e16976848:alberta
Session.Name...: hashcat
Status.........: Exhausted
Input.Left.....: File (500-worst-passwords.txt)
Input.Right....: File (1-1000.txt)
Hash.Target....: File (bfield.hash)
Hash.Type......: MD5
Time.Started...: Mon Jul 25 11:57:35 2016 (4 secs)
Speed.Dev.#1...: 116.5 kH/s (0.97ms)
Recovered......: 1167/423623 (0.28%) Digests, 0/1 (0.00%) Salts
Recovered/Time.: CUR:N/A,N/A,N/A AVG:16240.79,974447.44,23386738.00 (Min,Hour,Day)
Progress.......: 500000/500000 (100.00%)
Rejected.......: 0/500000 (0.00%)
Started: Mon Jul 25 11:57:35 2016
Stopped: Mon Jul 25 11:57:42 2016
Combinator Attack with Two Wordlists Using a CPU
Here we’ll run the attack with our merged wordlist, the same output as above should be produced:
# hashcat -m 0 bfield.hash combined_wordlist.txt
| Command | Meaning |
| -m 0 | Indicates to hashcat we are cracking MD5 hashes. |
| bfield.hash | The hashed MD5 passwords. |
| combined_wordlist.txt | The merged wordlist. |
The output produced should be similar to:
…
4c4157d546b649d329e7e7e5f041fee2:victoras
11ebbc4eca59bc42a3ab2b4f8cce3cfd:tuckerboy
ff24622dc3ebc7cb01d38d9733e3bc45:5150time
51238ad8f7fef704732c247e7ff64298:bubbadog
[s]tatus [p]ause [r]esume [b]ypass [q]uit =>
Input.Mode: Dict (combined_wordlist.txt)
Index.....: 1/1 (segment), 500000 (words), 5913000 (bytes)
Recovered.: 1167/548686 hashes, 0/1 salts
Speed/sec.: 746.72k plains, 746.72k words
Progress..: 500000/500000 (100.00%)
Running...: --:--:--:--
Estimated.: --:--:--:--
Started: Mon Jul 25 07:09:43 2016
Stopped: Mon Jul 25 07:09:44 2016
In this case, we didn’t tell hashcat to perform a combinator attack (-a 1). This is because we had already merged our wordlists beforehand. Instead we used the default “straight mode” which uses our single dictionary of combined words.
Combinator Attack with One Wordlist (CPU or GPU)
To combine each entry in a wordlist with every other, one a time, the following command can be run:
# hashcat –m 0 –a 1 bfield.hash 1-1000.txt
The parameters mean the following:
| Command | Meaning |
| -m 0 | Indicates to hashcat we are cracking MD5 hashes. |
| -a 1 | Combination attack mode. |
| bfield.hash | The hashed MD5 passwords. |
| 1-1000.txt | The 1000 most common US English words wordlist. |
The output produced should look like:
...
722afaed8390857b289c4b3c34ab2712:eastcoast
72e584f5f5292dca057d77de1e781730:paintbox
7529bcfbfbd960846f8e5891872672e2:paintball
b0710317c620d5d52bd5b4dc3312e825:paintshop
[s]tatus [p]ause [r]esume [b]ypass [q]uit =>
Input.Mode: Dict (1-1000.txt)
Index.....: 1/1 (segment), 1000 (words), 5840 (bytes)
Recovered.: 3167/548686 hashes, 0/1 salts
Speed/sec.: 906.39k plains, 906 words
Progress..: 1000/1000 (100.00%)
Running...: 00:00:00:01
Estimated.: --:--:--:--
Started: Mon Jul 25 08:02:12 2016
Stopped: Mon Jul 25 08:02:14 2016
When You May Want to Perform a Combinator Attack
As shown above, running the previous attacks allowed cracking of some passwords that are unlikely to be in a common password dictionary. From our comparison we found the passwords “moongame”, “fulltool” and “doublebrown” as examples of this.
The table below gives some insight into the number of passwords cracked with the combinator using different wordlists. The far right column shows the number of passwords that were cracked only using that wordlist.
| Wordlist | Total Number of Combinations | Passwords Cracked | Number of Cracked Passwords Not Found in the Other Lists |
| 1-1000.txt | 1,000,000 | 3167 | 492 |
| 500-worst-passwords.txt | 250,000 | 949 | 162 |
| combined_list.txt | |||
| 500,000 | 1167 | 181 | |
| rockyou.txt (normal dictionary run) | 14,442,063 | 119693 | 116610 |
From the table you can see that each wordlist was able to crack some passwords that others couldn’t. A normal dictionary attack using the rockyou wordlist was added to the table to show that other attacks will give better results when run first. If there are still password hashes to be cracked after a dictionary, you could then try a combinator attack.
A specific example of where you may use this attack could be if a default password generation procedure is a random phrase of words. Overall though, we believe most situations will call for a different method of cracking, such as mask, or rule-based dictionary attacks.
Summary
In this article we have explained in a step-by-step procedure how to perform a combinator attack using hashcat. Due to limitations in the CPU version of hashcat, we have also provided a workaround that enables CPU version users to run a combinator attack. The commands for the GPU version have also been demonstrated.
To finish, we’ve tried to highlight the use cases of a combinator attack and show that in some cases it can potentially crack hashes that other methods can’t.
