hashcat Forum
Hashcat settings - explanation - Printable Version

+- hashcat Forum (https://hashcat.net/forum)
+-- Forum: Support (https://hashcat.net/forum/forum-3.html)
+--- Forum: hashcat-utils, maskprocessor, statsprocessor, md5stress, wikistrip (https://hashcat.net/forum/forum-28.html)
+--- Thread: Hashcat settings - explanation (/thread-9413.html)



Hashcat settings - explanation - soorta - 07-26-2020

I want to ask you. I found some video wehere The-Distribution-Which-Does-Not-Handle-OpenCL-Well (Kali) linux break WPA2. I'm interested in ethical hacking and I want to learn it. 

As you can see my english is not verry good, I have a problem to understand english tutorials.


I need to help set up mask in hashcat. I don't undrestand how to set up mode 6 wordlist + rules.
Let's say that my password is "ttaabbccBI1*" I created wordlist where is ttaabbcc, BI, 123456789, *,?=+;
I used hashcat -m 2500 -a 6 something.hccapx wordlist.txt ?d?d?s
and password was not found.
Can you tell me something about settings in simply english ?
I will reward you
Thank You


RE: Hashcat settings - explanation - Mem5 - 07-26-2020

Hashcat tries each line from your wordlist.
So it will test "ttaabbcc" first, then "BI", then "123456789", etc.
"BI" will be skipped as the WPA password must be greater or equal to 8.

You need to define custom charset : https://hashcat.net/wiki/doku.php?id=mask_attack#custom_charsets
Something like:
Code:
-a 3 -1 tabc  -2 BI  -3 ?d -4 *,?=+;    ?1?1?1?1?1?1?1?1?2?2?3?4



RE: Hashcat settings - explanation - soorta - 07-26-2020

(07-26-2020, 12:04 PM)Mem5 Wrote: Hashcat tries each line from your wordlist.
So it will test "ttaabbcc" first, then "BI", then "123456789", etc.
"BI" will be skipped as the WPA password must be greater or equal to 8.

You need to define custom charset : https://hashcat.net/wiki/doku.php?id=mask_attack#custom_charsets
Something like:
Code:
-a 3 -1 tabc  -2 BI  -3 ?d -4 *,?=+;    ?1?1?1?1?1?1?1?1?2?2?3?4
and this i dont understand.

Let's say i have wifi password ttaabbccBI1 get handshake a convert it to hccapx file.

Is it possible to find password using default rockyou.txt wordlist?


RE: Hashcat settings - explanation - undeath - 07-26-2020

Quote:hashcat -m 2500 -a 6 something.hccapx wordlist.txt ?d?d?s

Except for the mask ?d?d?s this is the correct command for what you wanted to do. ?d is a placeholder for digits and does not include (uppercase) letters and you are missing the placeholder for the number at position three (?d).

Quote:hashcat -m 2500 -a 6 something.hccapx wordlist.txt ?u?u?d?s

This command will find ttaabbccBI1* if ttaabbcc is in your wordlist.


RE: Hashcat settings - explanation - soorta - 07-26-2020

(07-26-2020, 12:23 PM)undeath Wrote:
Quote:hashcat -m 2500 -a 6 something.hccapx wordlist.txt ?d?d?s

Except for the mask ?d?d?s this is the correct command for what you wanted to do. ?d is a placeholder for digits and does not include (uppercase) letters and you are missing the placeholder for the number at position three (?d).

Quote:hashcat -m 2500 -a 6 something.hccapx wordlist.txt ?u?u?d?s

This command will find ttaabbccBI1* if ttaabbcc is in your wordlist.

Thanks and if "ttaabbcc" is not in wordlist? is any option for find it?

I mean let's say that i dont know my password. How can is set up hashcat for find it?

Only bruteforce?


RE: Hashcat settings - explanation - undeath - 07-26-2020

Really, there is no good answer to that question. Brute-force would eventually (read: sometimes long beyond the end of our solar system or the universe) find your password. A good best-effort solution is wordlist+rules. Deciding on the best wordlist(s) and rule sets (or similar more advanced attacks) for a certain target hash is basically the art of hash cracking (or maybe the science of hash cracking?).

Except for some very special cases or when you have sufficient knowledge about the target password there is no guaranteed way to crack a hash.


RE: Hashcat settings - explanation - soorta - 07-26-2020

(07-26-2020, 01:23 PM)undeath Wrote: Really, there is no good answer to that question. Brute-force would eventually (read: sometimes long beyond the end of our solar system or the universe) find your password. A good best-effort solution is wordlist+rules. Deciding on the best wordlist(s) and rule sets (or similar more advanced attacks) for a certain target hash is basically the art of hash cracking (or maybe the science of hash cracking?).

Except for some very special cases or when you have sufficient knowledge about the target password there is no guaranteed way to crack a hash.

Thanks for answear. Can I have quiestions about WPS hack? Did you try it? I tried it but I can not get PIN from router. I tried more routers.