Set Min and Max Password length give error
#1
Question 
Hi guys!

I have three Fritz boxes available on which a 20-digit password made up of numeric numbers is used by default.

Now I thought I'd try how long it would take to crack these passwords under real conditions. I use a GTX 2060 and generate around 350,000 keys per second with WPA / WPA2.

I know that the key is exactly 20 digits long and only numerically. But now to my little problem:

Input
Code:
hashcat 3.hccapx -a 3 -m 22000 -i --increment-min=20 --increment-max=20 ?d?d?d?d?d?d?d?d?d?d?d?d?d?d?d?d?d?d?d?d --session=3

Error Message
Code:
Integer overflow detected in keyspace of mask: ?d?d?d?d?d?d?d?d?d?d?d?d?d?d?d?d?d?d?d?d

What am I doing wrong here?

Thanks in advance
Reply
#2
Hi. Your mask length is over limits. Depending on your hardware setup, I suggest you to increment mask attack between 10-13.
Otherwise generate a list of length 10 digits using mask processor and use combinator attack by doing 10+10. By having wordlist larger than 20gb and combining it it will take years to process your request even with the good setup. Good luck
$
Reply
#3
I have to admit that I haven't quite understood that yet. Also just take 21 instead of 20 in the mask?

The simplest would be if I generate a word list with 20 numbers and then use it for a rainbow attack, right?
Reply
#4
I can't really imagine myself cracking such long passwords, but in your case, I recommend you to generate one wordlist with numbers length of 10. Randomize it, then split to sizes like 10MB or so and use that in combinator attack. Combinator attack uses two wordlists at once, so you could play with and understand a bit. By having two wordlists and combining them together, you will get the length of 20.

Read more about combinator attack: https://hashcat.net/wiki/doku.php?id=combinator_attack
Mask processor: https://hashcat.net/wiki/doku.php?id=maskprocessor
$
Reply
#5
(09-09-2021, 06:23 PM)MorkBorlog Wrote: I have to admit that I haven't quite understood that yet. Also just take 21 instead of 20 in the mask?

The simplest would be if I generate a word list with 20 numbers and then use it for a rainbow attack, right?

Just think about how big this list is, 20 numbers is 10 to the power 20 possibilities. A 100 billion billion possibilities. When hashcat says "Integer overflow detected in keyspace of mask:" it is actually saying "There is no way in the time of this universe you are ever going to approach any useful form of brute forcing".

The number of possibilities you are trying is estimated to be the same number of grains of sand on the planet earth. So you are effectively saying "I'm going to look at every grain of sand on the planet and only one of those grains is the correct one I want".

It is not going to happen.
Reply
#6
Cracking 20 digits for WPA is currently infeasible.
I and ZeroBeat did an extensive look at these passwords and concluded there is a stream of generated pseudorandom integers and the passwords are taken as sliding window from this sequence. Eg. we see a lot of new passwords, which are part of others like this:
    *00040272476157282866    14:07:08:b1:47:a2 FRITZ!Box 7560 GS
          27247615728286683646
        40272476157282866836
We identified some rewarding sequences, but for sure there is something more for this algo.
Reply
#7
maybe another approach could be more reasonable

it is known, that some vendors (dont know whether fritzbox is among them) used a simple algorithm to compute these standard passes from the given mac-adress of the device, maybe i would do some "google research" on this
Reply