At a complete loss - mask attack how to
Thanks for your reply sylexe. So to clarify some things after reading your reply and the doco and trying to get this to sink in. I'm also going to go step by step so this all makes sense and I can write down the instructions.

hashcat  -a 3 -m 22000 -1 ?d?l hash.txt ?1?1?1?1?1?1?1?1?1?1

1. So this command is suitable to try and guess/crack the wifi password using a mask attack and the -a 3 tells hc to use this method.
2. The -m 22000 determines the hash type to use and there many many hash modes (like 900 = MD4 or 22000 = WPA-PCKDF2-PMKID+EAPOL).
3. The -1 ?d?l tells hc to use lowercase alpha and numbers in the attempts - eg abcde...tuvxwyz & 1-9.
4. The ?1?1?1?1?1?1?1?1?1?1 tells hc to use 10 character password length.

Next is the hash.txt file and i'm lost after reading the doco.
1. I can grab the handshake .cap file as normal with airodump-ng? Is this the right method or is there another program I should use?
2. Once I have the .cap I then could put the file through, and 
(a) Paste the output (like the screenshot below) into a text file and call hashes.txt? Or; 
(b) Take the hash, paste it into a new file and call it file.hc22000?

.png   Capture.PNG (Size: 20.36 KB / Downloads: 1)

Assuming option a is correct, I then run hashcat  -a 3 -m 22000 -1 ?d?l hash.txt ?1?1?1?1?1?1?1?1?1?1, and this will begin the process.  

I just tried the command and it looks to be working as per below! But the time estimated to finish is 467 years -lol.

.png   Capture2.PNG (Size: 42.99 KB / Downloads: 1)

One last question with the mask attack. As I know what the password is and that it has numbers in certain places, can you use the ?1?1?1?1?1?1?1?1?1?1 and make it use numbers in a certain positions (placeholders) like the as648tarzb password? Can this be done and if so how? Also hc says it will take 467 years to find this password. Wow.

Messages In This Thread
RE: At a complete loss - mask attack how to - by smallwac - 09-22-2021, 08:16 AM