Joining 2 dictionaries together without bruteforcing one side - Printable Version +- hashcat Forum (https://hashcat.net/forum) +-- Forum: Deprecated; Previous versions (https://hashcat.net/forum/forum-29.html) +--- Forum: Old oclHashcat Support (https://hashcat.net/forum/forum-38.html) +--- Thread: Joining 2 dictionaries together without bruteforcing one side (/thread-3850.html) |
Joining 2 dictionaries together without bruteforcing one side - whattheflux - 11-22-2014 Hi guys, long time lurker, first time poster. I have a question about dictionaries that has come up from some investigating netgear routers with WPA2-PSK. The default SSID is often NETGEARXXX The default password on these devices (at least where I live) is 2 english works with a 3 digit number on the end all in lower case. The English language is reasonably small (around 1 million individual words) Is there a way I can run 2 English dictionaries (the same dictionary!) against each other then add the numbers at the end Ie: Dictionary 1: dog cat table Dictionary 2: dog cat table To give an output like: dogdog001 dogdog002 . . . dogcat001 dogcat002 . . dogtable001 dogtable002 . . And so on. at 500kh/s that my home rig is capable of with oclhashcat, I am expecting a total crack time of around 20 days---does this soudn correct? Also is there a way to eliminate combinations that would not meet wpa rules of 8 character minimum to save on crack time? Your help is greatly appreciated RE: Joining 2 dictionaries together without bruteforcing one side - philsmd - 11-22-2014 As far as I know, the keyspace is even more restricted for Netgear routers than you might think. See: https://forum.hashkiller.co.uk/topic-view.aspx?t=2715 NETGEARXX - Adjective + Noun + 3 Digits So it is recommended to use 2 very specific dicts (1st: adjectives, 2nd: nouns). The speed will vary depending on attack mode. There are many possibilities to join the 3 parts, for instance, -a 1 with rules (but you need to add each 3 digit number individually with -k), combinator.exe and pipe it to oclHashcat or develop your own tool to join the 2 dicts + add digits from 000 - 999 (or whatever the range is) and again pipe it etc... On the other hand, it usually doesn't make much sense to build a huge dict that has already everything combined (since it will be too huge and it needs too much unneeded preprocessing) etc. RE: Joining 2 dictionaries together without bruteforcing one side - Kgx Pnqvhm - 11-22-2014 The Unified List Manager (http://unifiedlm.com) can do some of what the hashcat-utils can do, plus a lot of other useful functions. RE: Joining 2 dictionaries together without bruteforcing one side - bsec - 11-23-2014 Hi, first of all in my post i've used the attached adj.txt & noun.txt ( that's all what i've found ) Quote:$ wc -l adj.txt noun.txt 1- i've combined adj.txt & noun.txt using combinator.bin from hashcat utils, and used a perl script to check if length of the result is >= 5 & <= 61 (cause wpa password is between 8 (5+3) and 64 (61+3) the 3 is the 3 digit number that we'll be adding them to the generated plains ), the command i've used: Quote:$ ./combinator.bin adj.txt noun.txt | perl -ne'if (length($_) >= 5 && length($_) <= 61' > com.listtheoretically, there's 1830*2396 = 4384680 combination without applying the length rule, after using the length rule: Quote:$ wc -l com.listthe result still the same cause the aren't any combined work < 6 and > 61 in my lists. 2- creating the rule that would append the ?d?d?d for every word from com.list. i've used maskproccesor to create it: Quote:$ ./mp32.bin "$"?d"$"?d"$"?d > 1000.rule3- launching the attack: Quote:./hashcat-cli32.bin -m 2500 -r 1000.rule com.list test.hccap assuming that you're running the attack at speed of 500,000 h/s, the time of running would be: 4384680000/(500000*3600) = 2.43 hour. 4384680000 is the number of plains that would be tested. btw you could used the same attack by using hybrid attack mode, and piping the result of combinator. RE: Joining 2 dictionaries together without bruteforcing one side - whattheflux - 11-23-2014 (11-23-2014, 11:15 AM)bsec Wrote: Hi, This is really great. Thank you so much for your input. It's definitely much nicer than my solution which was: 1. combinator.exe adjectives.txt nouns.txt > mixedwords.txt 2. mp64.exe -1 0123456789 ?1?1?1 -o 3digits.txt 3. combinator.exe mixedwords.txt 3digits.txt > netgearpasswords.txt As you can imagine, the resulting list would have been gargantuan!!! RE: Joining 2 dictionaries together without bruteforcing one side - bsec - 11-23-2014 (11-23-2014, 01:06 PM)whattheflux Wrote:Glad for helping you, hope that you found the key.(11-23-2014, 11:15 AM)bsec Wrote: Hi, RE: Joining 2 dictionaries together without bruteforcing one side - forumhero - 11-24-2014 an alternative to the perl script, you can also use splitlen from hashcat-utilities to organize words by length. Code: combinator.bin adj.txt noun.txt > adj_noun.dict Code: splitlen.bin length/ < adj_noun.dict Code: wc -l length/* you can then delete all the files that have zero bytes. my opinion is that netgear would not want their customers typing more than a 20 length passwords. that could be considered bad user-experience. 20+ length is not a big deal on computers but having to type that into your xbox, playstation, cell phone, TV, etc. is a pain, but that theory needs to be proven. RE: Joining 2 dictionaries together without bruteforcing one side - Mangix - 11-25-2014 instead of rules, you can use "-a 6" in hashcat. eg: hashcat -a 6 -m 2500 blah.hccap netgear.dict ?d?d?d |