11-14-2017, 09:06 AM
What you normally use in such a case is a mask attack: https://hashcat.net/wiki/doku.php?id=mask_attack
Therefore, in hashcat's terminology this is not called a rule, but a mask attack (using attack type -a 3).
The mask would be:
-a 3 ?d?u?u?d?d?dW?u?d?d?d?d?d
.... the "only" problem here is that this mask is way too huge for -m 2500 = WPA/WPA2. The length of the password candidates is not really easily brute-forceable. As said, the keyspace is too huge.
If we assume that our charsets consist of 10 digits and 26 upper case latin letters, the math is like this:
10 * 26 * 26 * 10 * 10 * 10 * 1 * 26 * 10 * 10 * 10 * 10 * 10 = 17,576,000,000,000
It's not totally infeasible with a large rig consisting of several connected motherboards, each connected to 6-8 modern Nvidia GPUs (980ti, 1080 ti at the moment of this writing). If you do not have this, it might take several months/years to run this.
Therefore, in hashcat's terminology this is not called a rule, but a mask attack (using attack type -a 3).
The mask would be:
-a 3 ?d?u?u?d?d?dW?u?d?d?d?d?d
.... the "only" problem here is that this mask is way too huge for -m 2500 = WPA/WPA2. The length of the password candidates is not really easily brute-forceable. As said, the keyspace is too huge.
If we assume that our charsets consist of 10 digits and 26 upper case latin letters, the math is like this:
10 * 26 * 26 * 10 * 10 * 10 * 1 * 26 * 10 * 10 * 10 * 10 * 10 = 17,576,000,000,000
It's not totally infeasible with a large rig consisting of several connected motherboards, each connected to 6-8 modern Nvidia GPUs (980ti, 1080 ti at the moment of this writing). If you do not have this, it might take several months/years to run this.