sha1 20 numbers
#1
Hello,

I'm new, and -German-
Try to crack Fritzbox. Hash successful, should be SHA1 (-m 100) but according to my research it should be 20 numbers, hashcat doesn't want that.

Now I've been looking for a long time. Someone has the same problem. But I didn't see a solution.

One suggested trying 2 dictionaries.
I wanted to pursue that.

My approach 1:
under linux The-Distribution-Which-Does-Not-Handle-OpenCL-Well (Kali), crunch:
crunch 10 10 0123456789 -o 0123456789.txt
aborted because about 102 GB. And x2 because yes Combinator Attack

Side question:
Should it be necessary that these 2 dictionaries have to be generated with Crunch, ...
could someone kindly explain to me (because new territory like Linux, The-Distribution-Which-Does-Not-Handle-OpenCL-Well (Kali), VM, ... German, ...) how I can use an external hard drive via USB(3) as storage in VM/Linux/The-Distribution-Which-Does-Not-Handle-OpenCL-Well (Kali) (embed)?

After "studying" this page, I came up with the solution:
Dictionary 1 (10_Numbers_1.txt) Editor:
0
1
2
3
4
5
6
7
8
9

Dictionary 2: 10_numbers_1.txt copied to (10_numbers_2.txt)

Under WINDOWS because supposedly faster (CPU, GPU), cmd, ...

hashcat.exe -m 100 -a 1 -D 1,2 a5ce115533ff95282eee25783ce5021b1a7da72a 10_numbers_1.txt 10_numbers_2.txt -O -w 4

But, error messages:
The wordlist or mask that you are using is too small.
This means that hashcat cannot use the full parallel power of your device(s).
Unless you supply more work, your cracking speed will drop.
For tips on supplying more work, see: https://hashcat.net/faq/morework

Approach final keyspace - workload adjusted.

There I am now and can't see the forest for the trees anymore :-))

According to the motto: Many know more than the individual!

Do you have a solution?
Do I have an execution or reasoning error?

Or is it all just hype and cracking "almost impossible? It is clear that most views (youtube, ...) are simply unrealistic. Of course, because of the illustration, etc.,

Thank you in advance for your trouble.
Reply
#2
10^20 = 100,000,000,000,000,000,000 guess attempts. Way to big of an attack to process even with a super computer. 20 characters even with just digits is no feasible.
Reply
#3
In addition to what @slyexe mentioned:
I guess you want to recover the 20 digit WPA2 Pre Shared Key of a FRITZBOX.
This is not SHA1:
$ hashcat --help | grep " 100 "
100 | SHA1

Instead it is WPA-PBKDF2-PMKID+EAPOL (which is a very slow algo):
$ hashcat --help | grep 22000
22000 | WPA-PBKDF2-PMKID+EAPOL

You have to capture an EAPOL MESSAGE PAIR, because FRITZBOXes do not use a PMKID and to convert it to a hc22000 hash line, hashcat can work on.
How to do this is explained here:
https://hashcat.net/wiki/doku.php?id=cracking_wpawpa2
Reply