Avoid character occurrance in brute force attack
#1
Hi, I'm trying to brute forcing my wpa's captured .cap file and, in order to boost the process 
I though to set some "filters" to the hashcat process, letting it jump the charset combination with 2 or more 
sequential occurrance of the same character.

Since I know my password is a ten digit password with no sequential occurrance of the same number,
hashcat should process something like:
1010101010
1231231231 
....

but NOT something like:
1101100100
1122333123
....

Now, the basic command for a brute force attack, i think it should be: 
m 2500 -a3 capture.hccapx ?d?d?d?d?d?d?d?d  

How do I get, in this command, a "rule" for filtering and deleting combination 
with sequential occurrance of the same number?

Thanks for your help, sorry if something's wrong, but I'm not an expert and these are my first steps with hashcat

P.S. I know is possible to get hashcat works with gpu for boosting process, but my gpu is too old
#2
I don't think that there is a way to express this using hashcat's rules (unless you generated a very large list of masks and custom character sets).

And even if there were, I don't think that it would reduce the keyspace enough to make a lot of difference.
~
#3
Oh OK then....I was a bit experienced with crunch pipelined to pyrit/aircrack and, in that case, an approach like that could have been more life semplifing, and so I though the same with hashcat....
But if you said there's no difference in terms of keyspace work, then whatever..
Thanks for the help anyway Smile
#4
Maskprocessor has a command line argument for exactly this type of password candidate filtering:
https://github.com/hashcat/maskprocessor...c/mp.c#L78

So one could use something like this:
Code:
./mp64.bin -q 2 ?d?d?d?d?d?d?d?d | ./hashcat -a 0 -m 2500 networks_2018.hccapx

Note: as royce already pointed out, it may or not may sense speedwise, depending on the mask, hash type (can we generalize it to say only "slow hashes" should be run like this!?), your hardware (especially vendor/model and amount of GPUs) etc
But the good thing is, you can just test it and see if it is faster or not for you.
#5
(03-06-2017, 08:53 AM)philsmd Wrote: Maskprocessor has a command line argument for exactly this type of password candidate filtering:
https://github.com/hashcat/maskprocessor...c/mp.c#L78

So one could use something like this:
Code:
./mp64.bin -q 2 ?d?d?d?d?d?d?d?d | ./hashcat -a 0 -m 2500 networks_2018.hccapx

Note: as royce already pointed out, it may or not may sense speedwise, depending on the mask, hash type (can we generalize it to say only "slow hashes" should be run like this!?), your hardware (especially vendor/model and amount of GPUs) etc
But the good thing is, you can just test it and see if it is faster or not for you.
Thanks!.... I've tried your command but I got some errors :
WARNING: Hash 'capture.hccapx' : Invalid eapol size

ERROR: No hashes loaded

Any idea?
#6
Typical error when you try to load hccapx into too old hashcat version
#7
(03-07-2017, 10:00 AM)atom Wrote: Typical error when you try to load hccapx into too old hashcat version

So all I have to do is update hashcat version?
Would you please help me telling me how to do it?It's something like :" apt-get update hashcat"?
It's strange, cause I'm running on the last version of The-Distribution-Which-Does-Not-Handle-OpenCL-Well (Kali) Linux and I thought all the software installed come with their lasts version...
#8
Either the The-Distribution-Which-Does-Not-Handle-OpenCL-Well (Kali) maintainer need to update the version or you use binary version from hashcat.net or you compile from sources
#9
(03-08-2017, 10:01 AM)atom Wrote: Either the The-Distribution-Which-Does-Not-Handle-OpenCL-Well (Kali) maintainer need to update the version or you use binary version from hashcat.net or you compile from sources
So all I have to do is remove old hashcat installation and then install the new one?
Simply by compiling the source file.....That's all?
#10
Yes, for hashcat that is it. OpenCL might be different, but this is not OpenCL support forum!