+- hashcat Forum (https://hashcat.net/forum)
+-- Forum: Support (https://hashcat.net/forum/forum-3.html)
+--- Forum: hashcat (https://hashcat.net/forum/forum-45.html)
+--- Thread: Hashcat + wlangenpmkocl how to convert back to plaintext ? (/thread-9893.html)
RE: Hashcat + wlangenpmkocl how to convert back to plaintext ? - walterlacka - 03-03-2021
(02-27-2021, 06:00 PM)ZerBea Wrote: Yes. It's an ugly copy and paste error:
$ hashcat --stdout -r "hcxessid.rule" raw.list | sort | uniq > word.list
The hcxessid.rule will append some digits (1..9999, 123, 1234, ...) to the cleaned -E output of hcxpcapngtool.
BTW:
hcxtools are running in back ground of several online WPA PSK auditoring services, e.g.:
https://wpa-sec.stanev.org/
To see how they are implemented, take a look at the source:
https://github.com/RealEnder/dwpa
Where is hcxessid.rule located?
RE: Hashcat + wlangenpmkocl how to convert back to plaintext ? - ZerBea - 03-03-2021
hcxessid is located in my personal testing environment.
It is a very, very simple set of rules starting from
$0
to
$2 $0 $2 $1
$1 $2 $3 $4 $5
$1 $2 $3 $4 $5 $6
$1 $2 $3 $4 $5 $6 $7
$1 $2 $3 $4 $5 $6 $7 $8
$1 $2 $3 $4 $5 $6 $7 $8 $9
that include iterations with l(ower) u(pper) and c(apital).
After an analyze of wpa-sec recovered PSKs I noticed that only a few rule sets are really useful (mostly that rules which append a simple number or a date).
hcxeiutool -s output will give the basic words (from WiFi traffic) on which the rules are additionally appended to obtain a (real chance, user defined) PSK candidate.
BTW:
Parts of this rule are included in many common rules e.g. rockyou-30000.rule
/usr/share/hashcat/rules/