New and learning - Printable Version +- hashcat Forum (https://hashcat.net/forum) +-- Forum: Deprecated; Ancient Versions (https://hashcat.net/forum/forum-46.html) +--- Forum: Very old oclHashcat-plus Support (https://hashcat.net/forum/forum-23.html) +--- Thread: New and learning (/thread-2549.html) Pages:
1
2
|
New and learning - garethgtt - 08-26-2013 Hi Guys im hoping to work eventually as a penetration tester and im trying to pickup the wireless security side of pentesting so im experimenting on my own home wireless, WPA2 ive an NVIDIA GTX 550 Ti card I cracked my own win8 user LM hash in 10 minutes (8characters, upper/lower and number) - pwdump etc but when trying my WPA2 of a handshake i got from my wireless using the following syntax: cudaHashcat-plus64.exe --hash-type 2500 --attack-mode 3 --outfile C:\Users\username\Desktop\capture.hccap.out C:\Users\uername\Desktop\capture.hccap ?u?u?u?u?u?u?u?u?u now I know my password is 9 digits all uppercase but it reckons at 12515 H/s it will take more than 10 years to try every combination can anyone point me in the right direction to optimising this based on the command line I supplied? there must be quicker ways of bruteforcing this? many thanks for your help RE: New and learning - mastercracker - 08-26-2013 (08-26-2013, 12:01 AM)garethgtt Wrote: Hi GuysIt's a big keyspace and a slow algorithm so there would be not much optimization to do better without more knowledge. First you can try higher -u and -n settings to see what your card can support. Secondly, if for example your password is GARETHGTT and you know that it starts by GARET, you can use the mask GARET?u?u?u?u. This cut downs the keyspace a lot but you need some knowledge of the password. Otherwise, try dictionary attacks. Bruteforcing is really not the best attack type in your case. RE: New and learning - garethgtt - 08-26-2013 (08-26-2013, 03:50 AM)mastercracker Wrote:(08-26-2013, 12:01 AM)garethgtt Wrote: Hi GuysIt's a big keyspace and a slow algorithm so there would be not much optimization to do better without more knowledge. First you can try higher -u and -n settings to see what your card can support. Secondly, if for example your password is GARETHGTT and you know that it starts by GARET, you can use the mask GARET?u?u?u?u. This cut downs the keyspace a lot but you need some knowledge of the password. Otherwise, try dictionary attacks. Bruteforcing is really not the best attack type in your case. Hey thanks for your reply. my wpa2 key is something like TCVNNGSXN so how could a dictionary attack work against something like that? I know I can generate a wordlist of every combination, think it requires about 2TB of disk space, I know with aircrack/crunch if I use something like this command line: crunch 9 9 ABCDEFGHIJKLMNOPQRSTUVWXYZ | aircrack-ng -b 00:0C:F6:55:E6:6C -w - /root/WPA-01.cap it generates the file and tests it on the fly without using hard disk space isn't this just bruteforcing though? if not how can I leverage this using GPU power instead? RE: New and learning - garethgtt - 08-26-2013 (08-26-2013, 03:50 AM)mastercracker Wrote: First you can try higher -u and -n settings to see what your card can support.im not sure what you mean by this can you elaborate? also using an optimal pc with multiple GPU cards how much can I incease the 12515 H/s to? im quite happy to buy all the cards I need to make this viable as this will be a career move for me RE: New and learning - epixoip - 08-26-2013 (08-26-2013, 06:17 AM)garethgtt Wrote:(08-26-2013, 03:50 AM)mastercracker Wrote: First you can try higher -u and -n settings to see what your card can support.im not sure what you mean by this can you elaborate? Read the output of --help and read the wiki page on oclHashcat-plus. Then you will understand what -n and -u do. (08-26-2013, 06:17 AM)garethgtt Wrote: also using an optimal pc with multiple GPU cards how much can I incease the 12515 H/s to? Nvidia cards suck for hash cracking, get high-end AMD GPUs instead. A single Radeon 7970 can do about 130000 H/s. RE: New and learning - mastercracker - 08-26-2013 Quote:my wpa2 key is something like TCVNNGSXN so how could a dictionary attack work against something like that?If your password is random then yes, there is no point in generating a dictionary for it. You are stuck with bruteforcing the keyspace. It's up to you to decide if that crack is worth the time and money investment. RE: New and learning - garethgtt - 08-26-2013 Radeon 7970 it is then what kind of timneframe am I looking at to bruteforce a random 9 digit uppercase Alphabet key then with this card? what about 2 cards? RE: New and learning - undeath - 08-26-2013 according to epixoip's post one 7970 will do 130kH/s therefore: >>> (26**9)/130000/60/60/24 483.3959828148148 result in days. Two cards will halve the time. RE: New and learning - jb_bak - 08-27-2013 (08-26-2013, 10:25 PM)undeath Wrote: according to epixoip's post one 7970 will do 130kH/s So your saying two 7970s will take over half a year to BF a 9 digit WPA??!?!?! RE: New and learning - epixoip - 08-27-2013 yes, two 7970s will take over half a year to brute force a nine-character wpa key comprised of all uppercase letters. wpa is properly slow. |