Jump to content

Search the Community

Showing results for tags 'hashcat'.

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


  • Talk
    • Everything Else
    • Gaming
    • Questions
    • Business and Enterprise IT
    • Security
    • Hacks & Mods
    • Applications & Coding
    • Trading Post
  • Hak5 Gear
    • Hak5 Cloud C²
    • New USB Rubber Ducky
    • WiFi Pineapple
    • Bash Bunny
    • Key Croc
    • Packet Squirrel
    • Shark Jack
    • Signal Owl
    • LAN Turtle
    • Screen Crab
    • Plunder Bug
    • WiFi Coconut
  • O.MG (Mischief Gadgets)
    • O.MG Cable
    • O.MG DemonSeed EDU
  • Legacy Devices
    • Classic USB Rubber Ducky
    • WiFi Pineapple TETRA
    • WiFi Pineapple NANO
    • WiFi Pineapple Mark V
    • WiFi Pineapple Mark IV
    • Pineapple Modules
    • WiFi Pineapples Mark I, II, III
  • Hak5 Shows
  • Community
    • Forums and Wiki
    • #Hak5
  • Projects
    • SDR - Software Defined Radio
    • Community Projects
    • Interceptor
    • USB Hacks
    • USB Multipass
    • Pandora Timeshifting

Find results in...

Find results that contain...

Date Created

  • Start


Last Updated

  • Start


Filter by number of...


  • Start





Website URL







Enter a five letter word.

Found 7 results

  1. Hopefully some of you will find this table useful for (legally and ethically) pentesting WiFi routers. Please note that the figures shown in the far right column 'Time' are based on a Palit GTX 970 using oclHashCat. You will need to do your own maths for this, but it gives you a good idea of average crack times for a fairly standard £300 / $500 GPU. For WPA2 with the GTX 970, my benchmarks with hashcat are; 13,774,031,184 password hashes per day 573,917,966 per hour 9,565,299 per minute 159,421 per second Anything marked as 'Never' and red will take more than a year to crack. Anything green is less than 1 week. Anything amber is unknown or will require a word list. For EE/Brightbox wordlist details, see here (appears to have been taken down. Google cache search.) For NETGEAR details, see here. Obviously most of you will find the SSID / Password Format / Length columns the most useful. Good info! SSID Length Password Format Combinations Time 2WIREXXX 10 0-9 10,000,000,000 17 hrs 3MobileWiFi 8 0-9 a-z 2,821,109,907,456 7 mth 3Wireless-Modem-XXXX 8 0-9 A-F (The first 4 digits are the same as the 4 digits on the SSID!) 65,536 1 sec Alice_XXXXXXXX 24 0-9 a-z 22,452,257,707,354,557,240,087,211,123,792,674,816 Never AOLBB-XXXXXX 8 0-9 A-Z 2,821,109,907,456 7 mth ATT### 10 0-9 10,000,000,000 17 hrs ATTxxxx 0000 10 0-9 A-Z 3,656,158,440,062,976 Never ATTxxxxxxx 12 a-z + symbols 1,449,225,352,009,601,191,936 Never belkin.xxx 8 2-9 a-f 1,475,789,056 2.5 hrs belkin.xxxx 8 0-9 A-F 4,294,967,296 7.5 hrs Belkin.XXXX 8 0-9 A-F 4,294,967,296 7.5 hrs Belkin_XXXXXX 8 0-9 A-F 4,294,967,296 7.5 hrs BigPondXXXXXX 10 0-9 A-F 1,099,511,627,776 2.5 mth BOLT!SUPER 4G-XXXX 8 4 numbers + Last 4 of SSID 65,536 1 sec BrightBox-XXXXXX - 3 words, with hyphens in-between. Lengths 3-4-5 or any combination. Need dict. BTHomeHub(1)-XXXX 10 0-9 a-f 1,099,511,627,776 2.5 mth BTHomeHub2-XXXX 10 2-9 a-f 289,254,654,976 3 wks BTHub3 10 2-9 a-f 289,254,654,976 3 wks BTHub4 10 2-9 a-f 289,254,654,976 3 wks BTHub5 10 2-9 a-f 289,254,654,976 3 wks BTHub6 10, 12 0-9 a-z A-Z 100,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000 Never CenturyLinkXXXX 14 0-9 a-f 72,057,594,037,927,936 Never Cisco 26 0-9 a-f 43,608,742,899,428,874,059,776 Never Digicom_XXXX 8 0-9 A-Z 2,821,109,907,456 7 mth DJAWEB_##### 10 0-9 10,000,000,000 17 hrs Domino-XXXX 8 0-9 A-F 4,294,967,296 7.5 hrs E583x-xxxx 8 0-9 10,000,000 1 min E583x-xxxxx 8 0-9 A-F 4,294,967,296 7.5 hrs EasyBox 904 LTE 9 0-9 a-z A-Z 13,537,086,546,263,552 Never EasyBox-###### 9 0-9 A-F 68,719,476,736 5 days EEBrightBox-XXXXXX - 3 words, with hyphens in-between. Lengths 3-4-5 or any combination. Need dict. FRITZ!Box Fon WLAN #### 16 0-9 10,000,000,000,000,000 Never FrontierXXXX 10 0-9 10,000,000,000 17 hrs Hitron 12 0-9 A-Z (sometimes use the device’s serial number as the default key!) 4,738,381,338,321,616,896 Never INFINITUM#### 10 0-9 10,000,000,000 17 hrs iPhone 5 ? Lowercase word plus 4 numbers 172000^65,536 Need dict. Keenetic-XXXX 8 0-9 a-z A-Z 218,340,105,584,896 Never Linkem_XXXXXX 8 0-9 10,000,000 1 min Livebox-XXXX ? ? mifi2 13 0-9 A-Z 170,581,728,179,578,208,256 Never MobileWifi-xxxx 8 0-9 10,000,000 1 min MYWIFI (EE) - MYWIFI + 4 numbers 65,536 1 sec NETGEARXX - Adjective + Noun + 3 numbers Need dict. Netia-XXXXXX 13 0-9 a-f 4,503,599,627,370,496 Never ONOXXXX 10 0-9 10,000,000,000 17 hrs Orange-0a0aa0 8 0-9 a-f 4,294,967,296 7.5 hrs Orange-AA0A00 12 0-9 A-F 281,474,976,710,656 Never Orange-XXXX 8 2345679 ACEF 214,358,881 23 mins PLDT - PLDTWIFI + Last 5 digits of router MAC 1 1 sec Plusnet Broadband UK 64 a-z A-Z 0-9 - Never PlusnetWireless-XXXXXX 10 0-9 A-F 1,099,511,627,776 2.5 mth PLUSNET-XXXXXX 10 0-9 a-f 1,099,511,627,776 2.5 mth Sitecom_XXXX 8 0-9 A-F 4,294,967,296 7.5 hrs SKYXXXXX 8 A-Z http://www.ph-mb.com/products/sky-calc 208,827,064,576 2 wks SpeedTouchXXXXXX 10 0-9 a-f 1,099,511,627,776 2.5 mth TALKTALK-XXXXXX 8 346789 A-Z (bar ILOSZ) 282,429,536,481 3 wks TDC-#### 9 0-9 a-f 68,719,476,736 5 days Tech_XXXXXXXX 8 A-Z 208,827,064,576 15 days Technicolor-Router 10 0-9 A-F 1,099,511,627,776 2.5 mth Telecom-XXXXXXXX ? ? TelstraXXXXXX 10 0-9 A-F 1,099,511,627,776 2.5 mth TELUSXXXX 10 0-9 a-f 1,099,511,627,776 2.5 mth Thomson 10 0-9 A-F 1,099,511,627,776 2.5 mth ThomsonXXXXXX 10 0-9 a-f 1,099,511,627,776 2.5 mth TIM_PN51T_XXXX 8 0-9 WPS PIN is 12345670 10,000,000 1 min TNCAP-XXXX 10 0-9 A-F 1,099,511,627,776 2.5 mth TNCAPXXXXXX 10 0-9 A-F 1,099,511,627,776 2.5 mth TP-LINK_###### 8 0-9 0-9 A-F 10,000,000 1 min TRENDnet TEW-123ABC 11 First 3 digits in SSID (123 here) + 8 digits https://forums.kali.org/showthread.php?26366-TRENDnet-WPA-disclosure-amp-dictionaries 2,821,109,907,456 7 mth TRKASHI-###### 8 2 numbers, 6 digits (10^2)^(26^6) Need dict. UNITE-XXXX 8 0-9 10,000,000 1 min UPCXXXXXXX 8 A-Z 208,827,064,576 15 days Verizon MIFIXXXX XXXX 11 0-9 100,000,000,000 7.5 days virginmediaXXXXXX 8 a-z (bar iol) 78,310,985,281 6 days VirginMobile MiFiXXXX XXX 11 0-9 100,000,000,000 7.5 days VMXXXXXXX 12 0-9 a-z A-Z 3,226,266,762,397,899,821,056 Never VMXXXXXXX-2G 8 a-z (bar iol) 78,310,985,281 6 days VMXXXXXXX-5G 8 a-z (bar iol) 78,310,985,281 6 days Vodaphone_XXXXXXXX 15 0-9 a-z 221,073,919,720,733,357,899,776 Never WLAN1-XXXXXX 11 0-9 A-F 17,592,186,044,416 Never ZyXELXXXXXX 13 10 0-9 A-Z 0-9 A-F 1,099,511,627,776 2.5 mth Please inform me of any inaccuracies or additional data you feel could be added. Enjoy! *edit* My sources are my own personal experiences, plus; http://xiaopan.co/forums/threads/netgearxx-wordlist.6571/ https://scotthelme.co.uk/ee-brightbox-router-hacked/ https://forum.hashkiller.co.uk/topic-view.aspx?t=1660&m=46959#46959 https://forum.hashkiller.co.uk/topic-view.aspx?t=2715&p=2
  2. The Pineapple Mark VII Is A Beast by AgtShadow | Shadow Gaming So, I have so far collected 107 handshakes and cracked a lot of them in Kali Linux. It is scary how powerful this device is. Long read, but I hope you do. TL:DR: Powerful device, google drive folder with redacted screenshots included below this paragraph, how to limit long wordlists when cracking handshakes, converting them and more Opening Thoughts: The screenshots are too big to include here, so here are some I had captured before the update wiped everything, and the ones I took this morning (this Google Drive folder is not from my business account, so it should not ask for permission to view this folder) Google Drive Link I have no plans to do anything with them after cracking them, either. I just wanted to see how powerful this device is. It seems running the Enterprise Client while making a campaign in Active Mode and having the PineAP-Open appears to provide some insane amount of data leaked and near almost constantly connected clients. I live in the suburbs of a city in California Central Valley, so the traffic is low, and the neighbors are limited, but someone getting powerful results with this. I am working on a React.js web app to deploy by midnight tonight, so I am losing time to Kali/Pineapple to work on this, so I will resume more research on this device, as well as the Rubber Ducky and Bash Bunny Mark II, after I deploy my new website/web app. I am a Web Designer and Developer first, penetration testing has just been this 14 month passion/hobby of mine, and watching/buying Hak5 gear has been essential, as I carry my Bash Bunny/Rubber Ducky/Work Laptop and WiFi Adapter on me everywhere I go now. The Handshakes Captured, How and the Results: I wanted to spend a few hours or so yesterday looking over the insanely long HTML reports, the over 100 handshakes I have had (this screenshot is after I went from beta to stable release, so it erased everything, but I downloaded everything before it being wiped from the update to stable). I also included a screenshot of my pineapple-handshakes directory in my 6TB external HDD, where I keep all my VMs and store pictures/screenshots/downloads, etc., instead of clogging up my 1TB NVME C:\ drive. I do this with several SSDs and external SSDs as well. All I ever do with this thing is keep it running in a pinned tab on my Windows 11 machine (64GB of RAM, Intel i9-9900K 5Ghz 8 cores, NVIDIA RTX 3060, Windows 11 Beta Insider Preview Build, etc.), keep it in active mode. From time to time run a campaign I made where it runs inactive. Reports plaintext and HTML reports, and eventually Cloud C2 once I get the time to set it up through the command line, it seems. Still, every time I open Windows Terminal through that directory, I download the Cloud C2 files or cd to it. It does not open like it does when I just double-click it, even running Windows Terminal in Admin Mode or using cmd.exe.) Limiting the characters of the rockyou.txt file from 14m passwords to about 1m, and limiting the characters to 8-32 characters/digits/symbols, cracked them much faster. To do this, just do this as it helped tremendously (and hopefully will help others newer to this as it took me some time to figure this out after over a year in Kali Linux): (to see the 14 million lines of text in the rockyou.txt file: wc -l rockyou.txt I then copied the rockyou.txt to my documents/pinelists directory: cp /usr/share/wordlists/rockyou.txt rockyou.txt Only keep passwords that are 8 to 34 characters in length, and make that copied rockyou.txt file to a new file, just make sure you are in that directory with the copied one, I use wpacracks1 as I have made a new one after cracking over 80 passwords from these handshakes to include into them). sudo grep -x '.\{8,34\}' rockyou.txt > wpacracks1.txt wc -l whatevernameyouwant.txt You can use Hashcat, or the utility in Hashcat, or on their website here to convert the .pcap file to something hashcat can work with, or use the 22000 files as well. However, I converted my .pcap files, and I believe the pineapple provides you with .cap files, but I converted them anyway, super fast and straightforward. Main Conclusion: Anything else I am missing here? Or should we do better or differently? And what else can be done with these? I am 100% ethical about this stuff. I mainly use my Rubber Ducky and Bash Bunny to automate tasks at my current IT job at my college, where they have authorized me to use them to test payloads, as long as all sensitive data is destroyed upon clocking out. They never check, but they know I am an honest person that is mainly a Frontend Web Designer and Developer. So, if I check my notifications from @Darren Kitchen GitHub repos from Rubber Ducky, Bash Bunny, and Ducky Toolkit. Side note, for anyone who has more available time than I or is better suited for/experienced in pentesting than I, please keep adding to and fixing these repos and payloads. Most of them I have tried on Windows/Mac/Linux desktops, laptops, tablets, phones, FireTVs, etc., from work to school (with permission). Many of them do not work or must be modified, especially the DELAY and other things, as my work uses Sophos. When I image laptops/PCs/Macs, I have removed anti-virus from them to test as well, and many still have some sort of conflicted issue I just, unfortunately, have no time for at the moment. Surprisingly, the USB Rubber Ducky Deluxe works amazing, modifying the delays and they work better than my Bash Bunny Mark II somehow, and of course the 7 second boot, but I am not doing in the field social engineering tests anymore, I did with a few coworkers and it is shocking how easy it is to pop one in, either or, and get results and unplug before they notice. I of course tell them later, and show them the loot directory, with only two of them, and they thought it was cool, but those were the ones that worked. I need to get back to work finishing my react web app. I am working hard to land this React Developer position soon and get an interview with them in 4 days after a phone interview, so I am really excited but incredibly overworked now doing all of this. Plus finishing my Associate Degree in Web Design this fall semester as well. And my wife and kids need time with them more than ever after all this work/school/etc. So, any tips, tricks, or helpful advice moving forward would be greatly appreciated as I do not have any time to work on this anymore. And the handshakes, connected clients, reports, and everything just keep flowing in, so I am leaving it in passive mode and disabling the campaign until I get back to pentesting. Also, my wife and kids hate me being on my PC all day, so I spent the weekend mostly with them, but I am back to post and finish my web app and deploy it. Anyway, attached are the screenshots and included here. It is already time-consuming redacting private information on these screenshots poorly, I don't even want to fire up PhotoShop, faster to load up Paint and do it dirty, but it works. Windows 11 vs Windows 10 mini-rant: And yes, Windows 11 for the past two weeks on my machine, in my experience, has been much smoother, faster, better, and the new interface/UI/GUI improvements, as well as WSLg. Hence, all your WSL Linux apps are standalone in Windows 11 (like setoolkit or hashcat or CherryTree, etc., can all be run as a standalone app within Windows 11, instead of firing up VMware Workstation Pro 16, Kali Linux, then opening the tools, I just Windows Key + S > <kali Linux app name>, click on it, it loads up, no terminal needed for every app within Kali Linux, Debian, Ubuntu, Git Bash, Azure, literally all the WSL subsystems I have installed on my machine that I usually would access through Windows Terminal Preview (can be downloaded and highly customized in the Windows Store, and you can get Winget, windows package manager. On top of all of this, gaming has been much better, CPU/GPU utilization, the list goes on and on with why I installed Windows 11 over Windows 10. Much more beautiful (please Microsoft, tabs on Explorer.exe, and dark mode integrated into ALL Windows apps and utilities like Control Panel, etc and beautify those as well as keeping the Windows 10 skin.) Sorry for the long read. I type fast and probably talk too much outside of the topic. It is a flaw I am working on.
  3. its been a while since i have messed around, but the time has come that i document what im doing... wash reaver wps pin attacks deauth and capture handshakes hashcat gpu cracking wpa word list's 'couch potato 123' comcast word generator type of password attacks that are router specific. wifi antennas 2.4 ghz and 5.8ghz it looks like nonsense but ill do some automation in my favorite language (ruby) ill do some multi threaded task like clock work to automate almost the hole process. ill start with small simple snippets. if people want to make comments on techniques that have worked for them that are related to wifi cracking/reaver/gpu-cracking. please for example post your reaver commands. if any one has seen mdk3 attacks work to reset routers, make comments on this as well.
  4. Disclaimer: I have not interest in accessing networks that I don't have permission to do so. This is purely educational. Hi All, i currently have a very little WIFI pen test lab set up. I'm concentrating on wifi as my first task to learn. I have an AP setup with a password :12232890. I have successfully captured the WPA2 handshake. I now want to bruteforce my password. How can I setup a mask/rule for hashcat with following complexities? Keyspace:1234567890 Length:8 Pw: 12232890 No more than two of the same digits sequentially e.g ok:-22183456, not ok:-22213456 No more than 3 of the same digit e.g ok:-22124567, not ok:-22289456 No more than 1 double repeating digits e.g. Not ok:-11223344 or 11422055 or 11672289
  5. Regarding password statistics and differences between demographics, have a little shufti at these. Good read. https://www.unix-ninja.com/p/Password_DNA https://beta.unix-ninja.com/download/YXR0YWNobWVudHMvUGFzc3dvcmQgRE5BIEFwcGVuZGl4IG9mIENvbXBpbGVkIERhdGEucGRm And a free wordlist, compiled from the list used to create these statistics (looks half decent); https://beta.unix-ninja.com/download/YXR0YWNobWVudHMvZG5hLmRpY3Q
  6. Hey guys, I'm new to the hacking scene, been doing small tests like using metasploit, imbedding meterpreter sessions and ssh'ing into machines for fun. But I've recently focused on Wi-Fi hacking, and been having alot of fun with it. But however, I've come across this one hash that does not want to go down. No matter how many wordlists I throw at it, not matter how many different combination rules I throw at it, this hash REFUSES to bite the bullet and just give in. So, like any responsible penetration tester, I've decided to turn to the group's forum that got me interested in hacking in the first place. If anyone wants to try their hand at cracking it, I can send it via Skype, just ask for my contact info. Thanks!
  7. Hello, I'm trying to teach myself John the ripper and hashcat, I cant crack this at all. Tried 40 different wordlists (totaling 120GB), 20 different types hashes. What am I doing wrong. I want someone to tell me how to properly crack this stuff, I don't want a simple hand out. The tutorials online and hash-cat site are not yielding any results. When I use hash id it says SHA-1.So I've done that and a number of other ones. I wonder if my wordlist. Can anyone help. Example set: d9081cc033ac2c19afe3ff8cf453946c12448422 f47f25c081e912826f3e14c1096e38d1f4dd2b43 afdc1c9439966fd0a314ee237c7338e871f59d7d ea4a493b6dd029de9f014848b68d7a55fad95437 2b62c635f72be4242fff4b1717504e5c7df80b3b ed879ab939c2d4e4afdf24f09f8946f2509366de f7a5d996f8221f4c5080f5326a915ce0a9b2d6e1 ef23bcefbc3cfe63d3bff54d9d606d3d2e4eea32 0febac796bfc2f86c74cc1c0875add0fe4e1c670 d1a0c716884144c47937a6fbee49390ac8fb33d1 Thanks
  • Create New...