Help generating wordlist

[skiutah02]

Pretty new to hashcat and have been having fun playing around.  While new to this, used to play around with rainbowtables way back in 2005 so it has been fun to see how things have changed. 

So here is the question.  Was visiting brother and thought it would be fun to try to crack his wifi password (with his permission).  After 5 days he had to give it to me because I couldn't get the job done.

For fun, each day he would give me a hint and I would use that info to try to create a new attack strategy.  After 5 days there were the sum total of 4 hints and when I tried my logic to build a final wordlist, a massive 700Tb table was projected!

So am looking to see what you all would do the trim that down.

Hint #1, Day 2: The password is 13 characters long
Hint #2: The password ends with 3 numbers
Hint #3: The password is all lowercase
Hint #4:  The password is a combination of two English words followed by the numbers

I liked the idea of building a 10 character sublist of two English words using mentalist and the builtin English dictionary, but couldn't figure out how to only include combinations that exactly equaled 10 characters i.e. bully+spirit = 11 (reject) but bull+shitty = 10 (include) that I would then use a rule to add the 3 numbers at end.

SO, who do you think?  How to build this 10-letter wordlist known it is two English words?

Thanks.

[Snoopy]

take a look at https://github.com/hashcat/hashcat-utils/releases

tool splitlen

take the mentalist english wordlist, lower its content with an editor of your choice, use linux oder WSL for sort file | uniq > file_uniq and split this uniq list into its parts 

so you have lists from length 1-9

so possible combos would be
1 9
9 1
2 8
8 2
3 7
7 3
4 6
6 4
5 5

the problem, there is no attack for combining 2 wordlists AND a mask so you have to add the numbers yourself, use hashcat with --stdout to generate 9 new lists with numbers appended, so you have lists 1-9 and lists 1-9 with appended numbers, mentalists eng_dict is ~2.5mb so you will end up with a needed maximum storage of 2.5GB, which is far from your 700tb

then use combinator attack https://hashcat.net/wiki/doku.php?id=combinator_attack to let hashcat do the combining work (no need to build the whole list) so you end up with 9 runs of combinator attack

have fun

[skiutah02]

Good stuff, thanks.

I think I found a solution that your comments guided me to.  Here is what I did that ended up being able to crack the password in about 4 hrs.

I found a dictionary with the top 20,000 used English words and named it 20k.txt (rather than the whole English dict)

I then used the combinor function built directly into hashcat and piped it into awk to only write 10-character words to a file I named 10.txt  (I ended up making txt files of 8-character words (only) up to 14-character words (only) this way).

# hashcat --stdout -a 1 20k.txt 20k.txt | awk 'length($0) > 9 && length($0) < 11' >> 10.txt

I then used the maskprocessor to make a hashcat rule to add the three numbers to the end of any word in a wordlist and named the rule file appendXXX.rule

#  mp64 -o appendXXX.rule '$?d $?d $?d'

I used vi to modify the rule file to place the "l" in front of each line in the rule file to lowercase each word of the wordlist

:1,1000s/^/l/

then for the big test....

# hashcat -a 0 -m 22000 brothersHASH.22000 --rules=appendXXX.rule 10.txt

My system running 3 old NVIDIA GPUs and 2 really old AMD GPUs projected a 10 hr run (650+kH/s) but cracked it at the 4 hr mark.

I think this method is pretty efficient with multiple GPUs as they have plenty to do.

Thanks!

skiutah02

take a look at https://github.com/hashcat/hashcat-utils/releases

tool splitlen

take the mentalist english wordlist, lower its content with an editor of your choice, use linux oder WSL for sort file | uniq > file_uniq and split this uniq list into its parts 

so you have lists from length 1-9

so possible combos would be
1 9
9 1
2 8
8 2
3 7
7 3
4 6
6 4
5 5

the problem, there is no attack for combining 2 wordlists AND a mask so you have to add the numbers yourself, use hashcat with --stdout to generate 9 new lists with numbers appended, so you have lists 1-9 and lists 1-9 with appended numbers, mentalists eng_dict is ~2.5mb so you will end up with a needed maximum storage of 2.5GB, which is far from your 700tb

then use combinator attack https://hashcat.net/wiki/doku.php?id=combinator_attack to let hashcat do the combining work (no need to build the whole list) so you end up with 9 runs of combinator attack

have fun