I think I found a small bug
#1
Hi all. Awesome program and awesome support forum!! Been reading many posts here via search, but created an account to report this one:

I am using a wordlist and rules file to crack WPA passwords, many of which tend to be phone numbers. To save space, instead of generating a giant list of phone numbers, I simply made a wordlist of area code + suffix. I then made a rule list to append the last 4 digits. This way, what would otherwise be a 4GB list of phone numbers, is instead a 180kb wordlist + 117kb rules file. The bug and problem is that hashcat is rejecting 100% of these passwords.

Why? Because WPA requires a password length of 8 - 63 characters. And as far as I can see, hashcat is looking at the password before it applies the rule!! It should apply the rule FIRST and then see if the resulting word meets the 8 - 63 limitation.

Example:

The password for a given -m2500 hash is, 208555121

My wordlist (-a 0) contains 208555 and has a rule of $?d$?d$?d$?d (adding the last 4 digits)

Yet if ran like this, the password 208555 is rejected, before the last 4 digits within the rule are applied.

I think that this bug is causing a significant number passwords to slip through this crack whenever the root password is less than 8 chars long.

It would be nice if hashcat applied the rule, thus getting the full 10 digits, then performed the compliance check to accept/reject a given password.

Am I doing something wrong?
Reply


Messages In This Thread
I think I found a small bug - by Tyson0317 - 02-01-2021, 06:34 AM
RE: I think I found a small bug - by Chick3nman - 02-01-2021, 06:52 AM
RE: I think I found a small bug - by vicious1 - 02-01-2021, 06:54 AM
RE: I think I found a small bug - by Tyson0317 - 02-01-2021, 09:44 AM
RE: I think I found a small bug - by philsmd - 02-01-2021, 11:33 AM
RE: I think I found a small bug - by Tyson0317 - 02-01-2021, 07:01 PM