05-30-2017, 08:53 PM
(01-23-2017, 10:41 AM)atom Wrote: No, only fixed length is supported
I realise this is several months old now but a breakthrough was made by members of another forum where a CHAP was to be broken with challenge longer than 16 bytes. This was achieved with a combination of custom charset and --hex-charset
hashcat -m 0 -a 3 -w 3 file.hash --hex-charset -1 ?d?u?l [insert identifier from wireshark]?1?1?1?1?1?1?1?1[insert challenge value from wireshark]
Where file.hash contains the computed hash to crack. Identifier is the 1 byte session number in hex and challenge is the challenge in hex. Both from the capture file.
The result is the source for the hash with, in this case 8 chars, in hex. Convert the password hex values to ASCII gives the pass.
I'd like to take the credit for this but it wasn't me.