10 years to crack a 13 character password?
#5
(11-15-2016, 08:06 PM)potentshadow Wrote: Hey guys,


Just created an account, apologies if this isn't the correct forum to be posting in. Lately I have been experimenting with oclHashcat and cracking WPA2 passwords with The-Distribution-Which-Does-Not-Handle-OpenCL-Well (Kali) Linux.

I have an older Linksys E2500 test router that I have setup. The password is 13 characters, it uses ONLY Uppercase letters and Numbers. No special characters or lowercase letters. I have captured the handshake and have a capture file.

I am using a Nvidia 680GTX as the GPU. I am using Windows 10 64bit with the latest GPU drivers and using a hashcat GUI. When I use wordlists it runs at about 28,600 or so H/S I believe. It tears through word lists without any issues.

However I decided I wanted to learn how brute-forcing works and some of the techniques that go along with it. One in particular is the masking type of attack. I have read the wiki several times on this attack, and I have created a mask file for hashcat to use. 

Upon executing the task it gets up to about 28,800 H/S like normal, but hashcat estimates somewhere in the ballpark of 10 years to crack. My mask file looks like: ?u?d,?l?l?l?l?l?l?l?l?l?l?l?l?1


If I read the wiki correct, the mask file I wrote would mean, uppercase letters and numbers, 13 characters.  On the GUI I use for hashcat it gives me the option to key in the how many characters it would attack, like 1-8 or 1-13. Since I know the password is 13 I just put in 13-13.

Am I doing something wrong? Is my graphics card too old? Finally, if I am doing everything correctly, is 10 years about what it would really take? Additionally, is there anymore information I can offer that would help me locate my issue (if any)

Thank you!

For the E2500, you might not even need to go after the WPA2 key from a handshake.

Check this out:

http://www.computerworld.com/article/294...twork.html

Also, I know the E1000 was very susceptible to Reaver attacks.  I don't know about the E2500, but the situation could be similar.  If WPS is on, it would be WAY more efficient to attack WPS than any WPA2 password.

Also, are you absolutely certain that it is a 13 digit password and not a 14 digit password?


Messages In This Thread
RE: 10 years to crack a 13 character password? - by devilsadvocate - 11-16-2016, 12:25 PM