hashcat Forum
The big fundamentals - Printable Version

+- hashcat Forum (https://hashcat.net/forum)
+-- Forum: Deprecated; Previous versions (https://hashcat.net/forum/forum-29.html)
+--- Forum: General Help (https://hashcat.net/forum/forum-8.html)
+--- Thread: The big fundamentals (/thread-3433.html)



The big fundamentals - 2die4 - 05-28-2014

Hello guys. I am new to the forum and to cracking in general. I would like to ask some fundamental questions, which I haven’t managed to figure out. Forgive me if it has been asked before, but although I tried, I didn’t manage to find an answer to my questions. If you can redirect me to an article instead of re-answering the questions, please do. I want to thank all the HashCat community in advance.

Let’s use as a base for the question the following scenario which I use right now in order to make my first steps in the field.

Let’s suppose that we want to crack a 10 character password of a difficult to crack algorithm (such as a WPA2 password). We don’t know anything about the characters used, so we go for all the basic characters. Uppercase, lowercase, numbers and special characters.
What is the best approach to do it?

For example, trying to brute force it, I got an estimation of more than 10 years to complete it (on a Radeon R9 270 GPU). So that’s out of the question.

Creating a dictionary with all the possible combinations is also out of the question, because the size is enormous.

I tried about 20GB of wordlists and that also didn’t work.

I also tried to brute force it with a 10 digits mask, but that failed as well.

So, the questions:

Does using maskprocessor to generate a wordlist on the fly and piping it to oclHashCat provide us with any advantage in speed, over brute forcing?

And, as I said above, what is the best approach to complete it, taking into consideration the above factors? The fact that we don’t know anything about the person or the password, apart from the fact that it is a 10 characters long password.

Thanx again!


RE: The big fundamentals - epixoip - 05-28-2014

(05-28-2014, 09:27 AM)2die4 Wrote: Let’s suppose that we want to crack a 10 character password of a difficult to crack algorithm (such as a WPA2 password). We don’t know anything about the characters used, so we go for all the basic characters. Uppercase, lowercase, numbers and special characters.
What is the best approach to do it?

there's not a whole lot you can do if you don't know anything about it, outside of guessing wildly.

most people don't use all of the character classes in their passwords. so no, you don't start by going after all of the character classes.

wpa is a pretty slow algorithm, especially with your GPU, so you have a very limited amount of guesses that you can make. you aren't going to be able to crack a password that is even mildly complex.

not a very good place to start as a noob.


(05-28-2014, 09:27 AM)2die4 Wrote: For example, trying to brute force it, I got an estimation of more than 10 years to complete it (on a Radeon R9 270 GPU). So that’s out of the question.

seems you have some expectations that are not grounded in reality. even if it was an easy algorithm you wouldn't be able to brute force length 10.


(05-28-2014, 09:27 AM)2die4 Wrote: Creating a dictionary with all the possible combinations is also out of the question, because the size is enormous.

this is almost always a terrible approach.


(05-28-2014, 09:27 AM)2die4 Wrote: Does using maskprocessor to generate a wordlist on the fly and piping it to oclHashCat provide us with any advantage in speed, over brute forcing?

maskprocessor and statsprocessor are just standalone implementations of oclHashcat's brute force mode. there will never be any speed advantage over piping these programs into oclHashcat. in fact, if you were using a fast algorithm, it would always be much, much slower.


(05-28-2014, 09:27 AM)2die4 Wrote: And, as I said above, what is the best approach to complete it, taking into consideration the above factors? The fact that we don’t know anything about the person or the password, apart from the fact that it is a 10 characters long password.

maybe try adding some rules to your wordlist attacks, and hope you get lucky. might also try some common masks for len 10 (?l?l?l?l?l?l?l?l?l?l, ?l?l?l?l?l?l?l?l?l?d, ?u?l?l?l?l?l?l?l?l?l, etc), or ?a?a?a?a?a?a?a?a?a?a with a very low markov threshold.

-


RE: The big fundamentals - 2die4 - 05-28-2014

Thank you epixoip. Your answer is quite clarifying and quite helpful to me.