Issues in cracking WPA2 with wordlist+mask - Printable Version +- hashcat Forum (https://hashcat.net/forum) +-- Forum: Support (https://hashcat.net/forum/forum-3.html) +--- Forum: hashcat (https://hashcat.net/forum/forum-45.html) +--- Thread: Issues in cracking WPA2 with wordlist+mask (/thread-6842.html) |
Issues in cracking WPA2 with wordlist+mask - pipifax - 09-04-2017 1. collect a WPA2 handshake with an AP. 2. convert it to hccapx ../hashcat-utils-1.8/bin/cap2hccapx.bin Testnetz_E0-28-6D-F9-4C-7D.cap Testnetz_E0-28-6D-F9-4C-7D.cap.hccapx 2. you know that the password is 8+ chars long. 5loweralpha and the rest are numbers. 3. what I did: 3.1 create a dictionary crunch 5 5 -f /usr/share/rainbowcrack/charset.txt loweralpha -o /root/wordlists/5_5_loweralpha.lst 3.2 create a mask for the digits mkdir /root/digirules mp64 -o /root/digirules/append_3_digits.rule '$?d $?d $?d' mp64 -o /root/digirules/append_4_digits.rule '$?d $?d $?d $?d' mp64 -o /root/digirules/append_5_digits.rule '$?d $?d $?d $?d $?d' cat /root/digirules/append*.rule > /root/digirules/append3-5.rule execute the following: #hashcat -a0 -w3 -m2500 /root/hs/Testnetz_E0-28-6D-F9-4C-7D.cap.hccapx -r /root/digirules/append3-5.rule /root/wordlists/5_5_loweralpha.lst But I get this.: hashcat (pull/1273/head) starting... nvmlDeviceGetFanSpeed(): Not Supported nvmlDeviceGetTemperatureThreshold(): Not Supported OpenCL Platform #1: NVIDIA Corporation ====================================== * Device #1: Quadro M2000M, 1010/4042 MB allocatable, 5MCU OpenCL Platform #2: Mesa, skipped or no OpenCL compatible devices found. Hashes: 2 digests; 1 unique digests, 1 unique salts Bitmaps: 16 bits, 65536 entries, 0x0000ffff mask, 262144 bytes, 5/13 rotates Rules: 111000 Applicable optimizers: * Zero-Byte * Single-Hash * Single-Salt * Slow-Hash-SIMD Watchdog: Temperature abort trigger set to 90c Watchdog: Temperature retain trigger disabled. * Device #1: build_opts '-I /usr/share/hashcat/OpenCL -D VENDOR_ID=32 -D CUDA_ARCH=500 -D VECT_SIZE=1 -D DEVICE_TYPE=4 -D DGST_R0=0 -D DGST_R1=1 -D DGST_R2=2 -D DGST_R3=3 -D DGST_ELEM=4 -D KERN_TYPE=2500 -D _unroll -cl-std=CL1.2' Dictionary cache built: * Filename..: /root/wordlists/5_5_loweralpha.lst * Passwords.: 11881376 * Bytes.....: 71288256 * Keyspace..: 1318832736000 * Runtime...: 0 secs - Device #1: autotuned kernel-accel to 128 - Device #1: autotuned kernel-loops to 128 Approaching final keyspace - workload adjusted. [s]tatus [p]ause [r]esume [b]ypass [c]heckpoint [q]uit => Session..........: hashcat Status...........: Exhausted Hash.Type........: WPA/WPA2 Hash.Target......: Testnetz (AP:e0:28:6d:f9:4c:7d STA:c0:ee:fb:e2:e7:64) Time.Started.....: Mon Sep 4 09:46:50 2017 (1 sec) Time.Estimated...: Mon Sep 4 09:46:51 2017 (0 secs) Guess.Base.......: File (/root/wordlists/5_5_loweralpha.lst) Guess.Mod........: Rules (/root/digirules/append3-5.rule) Guess.Queue......: 1/1 (100.00%) Speed.Dev.#1.....: 0 H/s (0.00ms) Recovered........: 0/1 (0.00%) Digests, 0/1 (0.00%) Salts Progress.........: 277776128/1318832736000 (0.02%) Rejected.........: 277776128/277776128 (100.00%) Restore.Point....: 11881376/11881376 (100.00%) Candidates.#1....: [Copying] HWMon.Dev.#1.....: Temp: 53c Util: 26% Core:1137MHz Mem:2505MHz Bus:16 Started: Mon Sep 4 09:46:45 2017 Stopped: Mon Sep 4 09:46:51 2017 however if I execute this: #hashcat -a0 -w3 -m0 469be687c1b631db23c195b04e24b497 -r /root/digirules/append3-5.rule /root/wordlists/5_5_loweralpha.lst the process of cracking is much longer and the password will be found. So what is the issue with WPA2 hashes? I already tried remving append1-2_digits because the password would be lower than 8chars, but I think hashcat will jump over too short passwords anyway. RE: Issues in cracking WPA2 with wordlist+mask - philsmd - 09-04-2017 The minimum password length for WPA/WPA2 is 8 bytes/characters. Hashcat will immediately reject (see the Rejected.........: line within your status) all passwords which do not adhere to this limitation. To avoid it (when using rules/amplifiers), you could just run something like this: Code: hashcat --stdout -r append3-5.rule 5_5_loweralpha.lst | hashcat -a 0 -m 2500 -w 3 Testnetz_E0-28-6D-F9-4C-7D.cap.hccapx btw. you should find a better strategy to attack these hashes. using a huge dict generated by crunch together with a lot of generated rules, might not be the most efficient way to crack these hashes. You should read the wiki/forum etc to find better solutions... including the use of the built-in mask attack (-a 3) etc |