Cracking 20 Digit Uppercase+Lowercase+Numbers
#1
Hello,
Of course, I am an absolute newbie here. I am trying to crack one of my wifi WPA2 passwords by brute force using my GPU. Already have the 4way capture taken to hccapx. 

The part I am missing is how I should compose the brute-force attack if the password is a 20 digit one and can have: uppercase, lowercase and digits. No special characters, nothing else. Just letters in both lowercase and uppercase plus digits. Might be all uppercase or all lowercase.

Any recommendations on how to set this custom charset?

I appreciate it in advance.
Reply
#2
(08-09-2022, 09:29 PM)taciopv Wrote: Hello,
Of course, I am an absolute newbie here. I am trying to crack one of my wifi WPA2 passwords by brute force using my GPU. Already have the 4way capture taken to hccapx. 

The part I am missing is how I should compose the brute-force attack if the password is a 20 digit one and can have: uppercase, lowercase and digits. No special characters, nothing else. Just letters in both lowercase and uppercase plus digits. Might be all uppercase or all lowercase.

Any recommendations on how to set this custom charset?

I appreciate it in advance.

https://hashcat.net/wiki/doku.php?id=mask_attack
Reply
#3
(08-09-2022, 09:29 PM)taciopv Wrote: Hello,
Of course, I am an absolute newbie here. I am trying to crack one of my wifi WPA2 passwords by brute force using my GPU. Already have the 4way capture taken to hccapx. 

The part I am missing is how I should compose the brute-force attack if the password is a 20 digit one and can have: uppercase, lowercase and digits. No special characters, nothing else. Just letters in both lowercase and uppercase plus digits. Might be all uppercase or all lowercase.

Any recommendations on how to set this custom charset?

I appreciate it in advance.

Even if hashcat would start this attack (it won't, it's too many combinations) not going to be computationally feasible to attack a 20-character WPA passphrase with only these constraints.

Do the quick math: 62 possible characters (26+26+10) in 20 positions is 62^20 combinations (~7x10^35). You'd be millions and millions of years cracking that.
Reply
#4
(08-09-2022, 09:40 PM)pdo Wrote:
(08-09-2022, 09:29 PM)taciopv Wrote: Hello,
Of course, I am an absolute newbie here. I am trying to crack one of my wifi WPA2 passwords by brute force using my GPU. Already have the 4way capture taken to hccapx. 

The part I am missing is how I should compose the brute-force attack if the password is a 20 digit one and can have: uppercase, lowercase and digits. No special characters, nothing else. Just letters in both lowercase and uppercase plus digits. Might be all uppercase or all lowercase.

Any recommendations on how to set this custom charset?

I appreciate it in advance.

Even if hashcat would start this attack (it won't, it's too many combinations) not going to be computationally feasible to attack a 20-character WPA passphrase with only these constraints.

Do the quick math: 62 possible characters (26+26+10) in 20 positions is 62^20 combinations (~7x10^35). You'd be millions and millions of years cracking that.

Thank you very much for the insight! Very helpful and super logical. Had not thought about that. Just as a general knowledge thing, if the passphrase was just 6 characters, for example, what would the command look like? hehe, I know the passphrase; I just didn't know how to express the custom charset. Smile

Thanks a lot.
Reply
#5
(08-09-2022, 11:55 PM)taciopv Wrote:
(08-09-2022, 09:40 PM)pdo Wrote:
(08-09-2022, 09:29 PM)taciopv Wrote: Hello,
Of course, I am an absolute newbie here. I am trying to crack one of my wifi WPA2 passwords by brute force using my GPU. Already have the 4way capture taken to hccapx. 

The part I am missing is how I should compose the brute-force attack if the password is a 20 digit one and can have: uppercase, lowercase and digits. No special characters, nothing else. Just letters in both lowercase and uppercase plus digits. Might be all uppercase or all lowercase.

Any recommendations on how to set this custom charset?

I appreciate it in advance.

Even if hashcat would start this attack (it won't, it's too many combinations) not going to be computationally feasible to attack a 20-character WPA passphrase with only these constraints.

Do the quick math: 62 possible characters (26+26+10) in 20 positions is 62^20 combinations (~7x10^35). You'd be millions and millions of years cracking that.

Thank you very much for the insight! Very helpful and super logical. Had not thought about that. Just as a general knowledge thing, if the passphrase was just 6 characters, for example, what would the command look like? hehe, I know the passphrase; I just didn't know how to express the custom charset. Smile

Thanks a lot.

So WPA passphrases are a minimum of 8 characters, and the basic command line would look like this:

hashcat -m 22000 hash.hc22000 -a3 -1 ?l?u?d ?1?1?1?1?1?1?1?1

-a3 means "mask attack"
-1 ?l?u?d means "create a custom charset with lowercase, uppercase, and digits"

and

?1?1?1?1?1?1?1?1  means "my mask is eight characters long, and the characters are defined by the -1 option"
Reply
#6
(08-10-2022, 01:21 AM)pdo Wrote:
(08-09-2022, 11:55 PM)taciopv Wrote:
(08-09-2022, 09:40 PM)pdo Wrote:
(08-09-2022, 09:29 PM)taciopv Wrote: Hello,
Of course, I am an absolute newbie here. I am trying to crack one of my wifi WPA2 passwords by brute force using my GPU. Already have the 4way capture taken to hccapx. 

The part I am missing is how I should compose the brute-force attack if the password is a 20 digit one and can have: uppercase, lowercase and digits. No special characters, nothing else. Just letters in both lowercase and uppercase plus digits. Might be all uppercase or all lowercase.

Any recommendations on how to set this custom charset?

I appreciate it in advance.

Even if hashcat would start this attack (it won't, it's too many combinations) not going to be computationally feasible to attack a 20-character WPA passphrase with only these constraints.

Do the quick math: 62 possible characters (26+26+10) in 20 positions is 62^20 combinations (~7x10^35). You'd be millions and millions of years cracking that.

Thank you very much for the insight! Very helpful and super logical. Had not thought about that. Just as a general knowledge thing, if the passphrase was just 6 characters, for example, what would the command look like? hehe, I know the passphrase; I just didn't know how to express the custom charset. Smile

Thanks a lot.

So WPA passphrases are a minimum of 8 characters, and the basic command line would look like this:

hashcat -m 22000 hash.hc22000 -a3 -1 ?l?u?d ?1?1?1?1?1?1?1?1

-a3 means "mask attack"
-1 ?l?u?d means "create a custom charset with lowercase, uppercase, and digits"

and

?1?1?1?1?1?1?1?1  means "my mask is eight characters long, and the characters are defined by the -1 option"

Much appreciated!! Best.
Reply