biob Posted October 11, 2017 Posted October 11, 2017 Disclaimer: I have not interest in accessing networks that I don't have permission to do so. This is purely educational. Hi All, i currently have a very little WIFI pen test lab set up. I'm concentrating on wifi as my first task to learn. I have an AP setup with a password :12232890. I have successfully captured the WPA2 handshake. I now want to bruteforce my password. How can I setup a mask/rule for hashcat with following complexities? Keyspace:1234567890 Length:8 Pw: 12232890 No more than two of the same digits sequentially e.g ok:-22183456, not ok:-22213456 No more than 3 of the same digit e.g ok:-22124567, not ok:-22289456 No more than 1 double repeating digits e.g. Not ok:-11223344 or 11422055 or 11672289 Quote
0phoi5 Posted October 11, 2017 Posted October 11, 2017 (edited) 32 minutes ago, biob said: No more than two of the same digits sequentially e.g ok:-22183456, not ok:-22213456 No more than 3 of the same digit e.g ok:-22124567, not ok:-22289456 No more than 1 double repeating digits e.g. Not ok:-11223344 or 11422055 or 11672289 For a password that is numbers only, 8 digits, I wouldn't bother. It'll crack so fast, it'd take you longer to type the mask out than the crack time without it anyway! 8^10 = 1,073,741,824 = About 6 seconds to crack for GTX 970. hashcat64 -a 3 [filename] -l ?d?d?d?d?d?d?d?d Edited October 11, 2017 by haze1434 Quote
biob Posted October 11, 2017 Author Posted October 11, 2017 (edited) But then where would be the fun in learning :-) My PC is ancient by today's standard and would take 4.5 hours to crack 10^8. think I have my figure wrong Edited October 11, 2017 by biob Quote
biob Posted October 11, 2017 Author Posted October 11, 2017 Unfortunately my learning capabilities resolve around seeing an example. Quote
0phoi5 Posted October 11, 2017 Posted October 11, 2017 (edited) 1 hour ago, biob said: Unfortunately my learning capabilities resolve around seeing an example. No worries. The best page to read through all of the available options for mask attacks is this. You may also find my previous post interesting. Edited October 11, 2017 by haze1434 Quote
0phoi5 Posted October 11, 2017 Posted October 11, 2017 2 hours ago, biob said: My PC is ancient by today's standard and would take 4.5 hours to crack 10^8. Really? That's slow! What GPU do you use? FYI, a GTX 970 is £300 and average by today's standards. Someone with a Titan at £1000 could crack about 30% faster than the table on my other post (linked in the post above). Quote
biob Posted October 11, 2017 Author Posted October 11, 2017 Isn't it just :-) It's an antique...GT545. Had the PC since approx 2011 i7 2600k.8Gb RAM. Only get 6.5-8k WPA hashes. Hence the attempt to learn how to streamline the process. Quote
biob Posted October 11, 2017 Author Posted October 11, 2017 Managed to implement the rule in maskprocessor, but hashcat doesn't seem to have all the same options. Not at my PC so can't paste what I used yet. Quote
0phoi5 Posted October 12, 2017 Posted October 12, 2017 20 hours ago, biob said: Managed to implement the rule in maskprocessor, but hashcat doesn't seem to have all the same options. Not at my PC so can't paste what I used yet. You could use Crunch to generate a wordlist, and then use HashCat with this wordlist. I believe you can pipe one directly to the other, without having to save a file in-between. I don't have much experience of Crunch to be honest. You can download it here, and some instructions are here. Quote
biob Posted October 13, 2017 Author Posted October 13, 2017 Thank you for all your help, Haze1434. Hak5 forum, is not what it use to be. i will give that a go tonight. I totally forgot about piping outputs in to hashcat. Think I will try piping the output of the maskprocessor into hashcat too. i will post my result here if they work, just in case anyone else anyone else is interested. just out on interest, what is your hardware setup Haze1434? Quote
0phoi5 Posted October 13, 2017 Posted October 13, 2017 3 hours ago, biob said: just out on interest, what is your hardware setup Haze1434? I use a GTX 970 from Palit; I'm mainly a gamer, rather than using it for Pentesting, but it slowly does the job for less than £300 ($400). Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.