Hashcat mask/rules?

[biob]

Disclaimer: I have not interest in accessing networks that I don't have permission to do so. This is purely educational.

Hi All,

i currently have a very little WIFI pen test lab set up. I'm concentrating on wifi as my first task to learn. 

I have an AP setup with a password :12232890. I have successfully captured the WPA2 handshake. I now want to bruteforce my password. How can I setup a mask/rule for hashcat with following complexities?

Keyspace:1234567890

Length:8

Pw: 12232890

No more than two of the same digits sequentially e.g ok:-22183456, not ok:-22213456

No more than 3 of the same digit e.g ok:-22124567, not ok:-22289456

No more than 1 double repeating digits e.g. Not ok:-11223344 or 11422055 or 11672289

[0phoi5]

32 minutes ago, biob said:

No more than two of the same digits sequentially e.g ok:-22183456, not ok:-22213456

No more than 3 of the same digit e.g ok:-22124567, not ok:-22289456

No more than 1 double repeating digits e.g. Not ok:-11223344 or 11422055 or 11672289

For a password that is numbers only, 8 digits, I wouldn't bother. It'll crack so fast, it'd take you longer to type the mask out than the crack time without it anyway!

8^10 = 1,073,741,824 = About 6 seconds to crack for GTX 970.

hashcat64 -a 3 [filename] -l ?d?d?d?d?d?d?d?d

Edited October 11, 2017 by haze1434

[biob]

But then where would be the fun in learning :-)

My PC is ancient by today's standard and would take 4.5 hours to crack 10^8.

 

think I have my figure wrong

Edited October 11, 2017 by biob

[biob]

Unfortunately my learning capabilities resolve around seeing an example. 

[0phoi5]

1 hour ago, biob said:

Unfortunately my learning capabilities resolve around seeing an example. 

No worries.

The best page to read through all of the available options for mask attacks is this.

You may also find my previous post interesting.

Edited October 11, 2017 by haze1434

[0phoi5]

2 hours ago, biob said:

My PC is ancient by today's standard and would take 4.5 hours to crack 10^8.

Really? That's slow! What GPU do you use?

FYI, a GTX 970 is £300 and average by today's standards. Someone with a Titan at £1000 could crack about 30% faster than the table on my other post (linked in the post above).

[biob]

Isn't it just :-) It's an antique...GT545. Had the PC since approx 2011 i7 2600k.8Gb RAM. Only get 6.5-8k WPA hashes.

Hence the attempt to learn how to streamline the process. 

[biob]

Managed to implement the rule in maskprocessor, but hashcat doesn't seem to have all the same options. Not at my PC so can't paste what I used yet.

[0phoi5]

20 hours ago, biob said:

Managed to implement the rule in maskprocessor, but hashcat doesn't seem to have all the same options. Not at my PC so can't paste what I used yet.

You could use Crunch to generate a wordlist, and then use HashCat with this wordlist. I believe you can pipe one directly to the other, without having to save a file in-between.

I don't have much experience of Crunch to be honest. You can download it here, and some instructions are here.

[biob]

Thank you for all your help, Haze1434. Hak5 forum, is not what it use to be.

i will give that a go tonight. I totally forgot about piping outputs in to hashcat. Think I will try piping the output of the maskprocessor into hashcat too.

i will post my result here if they work, just in case anyone else anyone else is interested.

just out on interest, what is your hardware setup Haze1434?

[0phoi5]

3 hours ago, biob said:

just out on interest, what is your hardware setup Haze1434?

I use a GTX 970 from Palit; I'm mainly a gamer, rather than using it for Pentesting, but it slowly does the job for less than £300 ($400).