05-12-2017, 06:05 PM
i decided to make it easier for hashcat to find the password for wpa/2 i set the wireless password to carinane witch is what the candidates would show it working on after a few seconds
then recaptured the 4 way handshake using airodump-ng and deauth via aireplay-ng then converted the cap file via your online converter and after running hashcat long enough for carinane to show up hashcat continued running it should have stopped and showed the found password.
i thought maybe using it on a guest network was the reason but it looks like either the capture tools of aircrack-ng are at fault creating faulty cap files (garbage in garbage out) or hashcat does not stop or indicate anything until it has gone through the entire keyspace.
if the capture tools of aircrack-ng are at fault then what is a good set of tools to use.
i know that for at least wordlists hashcat will stop and show the password if it is found because as a test i put the password near the beginning of the list to make it easier
here is the command i am using
'/root/Downloads/hashcat-3.5.0/hashcat-3.5.0/hashcat64.bin' -m 2500 -i --increment-min 8 --increment-max 20 /root/3.hccapx -a3 -1 "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890 " ?1?1?1?1?1?1?1?1 -w 4
the binaries are of the latest from downloads and is stored in the downloads
i am using increment min minimum of 8 because the wpa/2 standards dictate minimum of 8 however some routers may require numbers and case sensitive but mine is not require that.
i am using increment max of 20 since most users do not use any more than 20 let alone the entire 64 of the standard
the capture file may be faulty because of capture tools although did work with wordlists.
"abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890 " is the charset since most users do not use the symbols
w4 to max the workload however since upgrading to the gtx960 from the quadro 600 i notice the desktop is more responsive so it may be possible we need a new workload level of maybe 5 or is there a tweak so i can force the card to use more of it's ram?
i have no way to attach the cap file but you can make it your self just change your router password to "caranane" and use the capture method?
i however would like to be able to do a sequential brute force attack that is where the chars are rolled like numbers on a counter how do i get brute force instead of mask or get the mask to do the same as brute force.
i am considering crunching a complete wordlist of brute force sequence and that is faster in hashcat since there isnt then the overhead due to the internal generator.
under the quadro 600 i got 4000 wpa/2 keys per second with internal generator and 4800 keys per second from wordlist.
the wordlists will be a last resort as it will require many gigs and terabytes of data to store
thanks for the help
then recaptured the 4 way handshake using airodump-ng and deauth via aireplay-ng then converted the cap file via your online converter and after running hashcat long enough for carinane to show up hashcat continued running it should have stopped and showed the found password.
i thought maybe using it on a guest network was the reason but it looks like either the capture tools of aircrack-ng are at fault creating faulty cap files (garbage in garbage out) or hashcat does not stop or indicate anything until it has gone through the entire keyspace.
if the capture tools of aircrack-ng are at fault then what is a good set of tools to use.
i know that for at least wordlists hashcat will stop and show the password if it is found because as a test i put the password near the beginning of the list to make it easier
here is the command i am using
'/root/Downloads/hashcat-3.5.0/hashcat-3.5.0/hashcat64.bin' -m 2500 -i --increment-min 8 --increment-max 20 /root/3.hccapx -a3 -1 "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890 " ?1?1?1?1?1?1?1?1 -w 4
the binaries are of the latest from downloads and is stored in the downloads
i am using increment min minimum of 8 because the wpa/2 standards dictate minimum of 8 however some routers may require numbers and case sensitive but mine is not require that.
i am using increment max of 20 since most users do not use any more than 20 let alone the entire 64 of the standard
the capture file may be faulty because of capture tools although did work with wordlists.
"abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890 " is the charset since most users do not use the symbols
w4 to max the workload however since upgrading to the gtx960 from the quadro 600 i notice the desktop is more responsive so it may be possible we need a new workload level of maybe 5 or is there a tweak so i can force the card to use more of it's ram?
i have no way to attach the cap file but you can make it your self just change your router password to "caranane" and use the capture method?
i however would like to be able to do a sequential brute force attack that is where the chars are rolled like numbers on a counter how do i get brute force instead of mask or get the mask to do the same as brute force.
i am considering crunching a complete wordlist of brute force sequence and that is faster in hashcat since there isnt then the overhead due to the internal generator.
under the quadro 600 i got 4000 wpa/2 keys per second with internal generator and 4800 keys per second from wordlist.
the wordlists will be a last resort as it will require many gigs and terabytes of data to store
thanks for the help
