Jump to content

Recommended Posts

Posted

Disclaimer: I have not interest in accessing networks that I don't have permission to do so. This is purely educational.

Hi All,

i currently have a very little WIFI pen test lab set up. I'm concentrating on wifi as my first task to learn. 

I have an AP setup with a password :12232890. I have successfully captured the WPA2 handshake. I now want to bruteforce my password. How can I setup a mask/rule for hashcat with following complexities?

Keyspace:1234567890

Length:8

Pw: 12232890

No more than two of the same digits sequentially e.g ok:-22183456, not ok:-22213456

No more than 3 of the same digit e.g ok:-22124567, not ok:-22289456

No more than 1 double repeating digits e.g. Not ok:-11223344 or 11422055 or 11672289

Posted (edited)
32 minutes ago, biob said:

No more than two of the same digits sequentially e.g ok:-22183456, not ok:-22213456

No more than 3 of the same digit e.g ok:-22124567, not ok:-22289456

No more than 1 double repeating digits e.g. Not ok:-11223344 or 11422055 or 11672289

For a password that is numbers only, 8 digits, I wouldn't bother. It'll crack so fast, it'd take you longer to type the mask out than the crack time without it anyway!

8^10 = 1,073,741,824 = About 6 seconds to crack for GTX 970.

hashcat64 -a 3 [filename] -l ?d?d?d?d?d?d?d?d

Edited by haze1434
Posted (edited)

But then where would be the fun in learning :-)

My PC is ancient by today's standard and would take 4.5 hours to crack 10^8.

 

think I have my figure wrong

Edited by biob
Posted (edited)
1 hour ago, biob said:

Unfortunately my learning capabilities resolve around seeing an example. 

No worries.

The best page to read through all of the available options for mask attacks is this.

You may also find my previous post interesting.

Edited by haze1434
Posted
2 hours ago, biob said:

My PC is ancient by today's standard and would take 4.5 hours to crack 10^8.

Really? That's slow! What GPU do you use?

FYI, a GTX 970 is £300 and average by today's standards. Someone with a Titan at £1000 could crack about 30% faster than the table on my other post (linked in the post above).

Posted

Isn't it just :-) It's an antique...GT545. Had the PC since approx 2011 i7 2600k.8Gb RAM. Only get 6.5-8k WPA hashes.

Hence the attempt to learn how to streamline the process. 

Posted

Managed to implement the rule in maskprocessor, but hashcat doesn't seem to have all the same options. Not at my PC so can't paste what I used yet.

Posted
20 hours ago, biob said:

Managed to implement the rule in maskprocessor, but hashcat doesn't seem to have all the same options. Not at my PC so can't paste what I used yet.

You could use Crunch to generate a wordlist, and then use HashCat with this wordlist. I believe you can pipe one directly to the other, without having to save a file in-between.

I don't have much experience of Crunch to be honest. You can download it here, and some instructions are here.

Posted

Thank you for all your help, Haze1434. Hak5 forum, is not what it use to be.

i will give that a go tonight. I totally forgot about piping outputs in to hashcat. Think I will try piping the output of the maskprocessor into hashcat too.

i will post my result here if they work, just in case anyone else anyone else is interested.

just out on interest, what is your hardware setup Haze1434?

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...