At a complete loss - mask attack how to
#2
10 character brute force on a single card will be very difficult. With a large keyspace determined by your initial post you are using all lowercase (26) and digits (10) so you will be accounting for 36^10 = 3,656,158,440,062,976 possible combinations of passwords which is a big number.


When attempting anything which is considered a "slow" hash such as WPA2 it is smarter to do some digging into the device itself. Such as the make and model may already have a default keygen for the wifi password, the mac address might be the default password, or just finding labels for same makes and models to generate an idea of the keyspace.

Around here alot of the default passwords are typically phone numbers which is simply 10 digits. However, if you have specific area codes you can diminish that keyspace by 3 because they will always be fixed. Such as 555xxxxxxx. This leaves you with only 7 digits which can be accomplished in a matter of seconds rather than days.

It is smarter to do smaller more precise attacks than big long attacks. As for your password being a complete jumble of letters and numbers you may want to look up to see if it really is random or perhaps specific positions of characters are locked. For example, in your situation of as648tarzb maybe the 3rd characters is ALWAYS a 6, or perhaps the last characters is always a lowercase letter. By finding out as much information about the possibilities of your target you can shorten your time spent "guessing" and create more attempts if it doesn't work out.

As for creating a wordlist out of a mask, no that is the complete opposite of what a mask attack is. A Mask attack generates your candidates on the fly, so no storage space is wasted.

For your attack, if you want to check out what kind of time frame it would take for you to attempt a lowercase+digit mask attack you can use this which I will explain:

Code:
hashcat  -a 3 -m 22000 -1 ?d?l hash.txt ?1?1?1?1?1?1?1?1?1?1

-a 3 determines your attack mode (3) being mask attack
-m 22000 determines your hashmode (22000)
-1 is for creating a custom character set in this case we are using digits (?d) and lowercase (?l) combined
hash.txt will contain your WPA2 capture converted to hashmode 22000 using hcxtools suite or online converter
After your hash you will have your keyspace (?1) which is 10 characters long as you have mentioned.

Hopefully this gives you some good info.
Reply


Messages In This Thread
RE: At a complete loss - mask attack how to - by slyexe - 09-22-2021, 05:18 AM