HELP ME! specific password list generation??

[somegross]

So I usually use crunch to generate my password lists, cuz its easy and straight forward and it usually gets the task i need done, done..

However, after saving up enough hard drives with enough TB to generate the list i want (lol yeah its alot), i realize Im gonna need some masks probably to get it done. I am familliar with hashcat but not as much as I'd like to be, thus, im asking the community for help on this subject.... ???

I live in Canada, BC, and in my area we have an ISP provider called Shaw, and i've been taking down notes of the general  default passwords for the WPA2, and found out that they consist mostly of 12 characters, the first 4 being
2511 .

So that leaves me with 8 characters to fill in. Of which these 8 characters, they may consist of letters A - F and 0 - 9...

This is easy, ive already made lists like this, but it will take up 10 TB of hard drive space to make a full list. that is excessive. so to narrow it down, I want to add to my list, the ability to make it;

- no more than 2 of the same character repeats in a row, so never 3 of the same characters repeatedly.
- no more than 4 letters


since i am not familiar with masks, i am wondering if somebody could tell me how to acheive what i am trrying to do, either with crunch, or totally with hashcat. any help would be awesome, thanks !

[somegross]

SORRY I MIGHT ADD, ITS ALL CAPITOL LETTERS

[Snoopy]

first, there is no logic built in for filtering out masks or password candidates the way you want, it was discussed multiple times and the result was, these logic would slow down the whole password generating done by hashcat to an extend, that it would be much slower than just calculating the hashes for these candidates

second, you can use a self generated maskfile for your attack, see https://hashcat.net/wiki/doku.php?id=mask_attack this way you can at least utilize your max 4 letters

i will give you something to start with, beginn with numbers only and then add the first letter for all possible positions
?1 is digits
?2 is ABCDEFG
maskfile.txt
?d,ABCDEFG,2511?1?1?1?1?1?1?1?1
?d,ABCDEFG,2511?2?1?1?1?1?1?1?1
?d,ABCDEFG,2511?1?2?1?1?1?1?1?1
till
?d,ABCDEFG,2511?1?1?1?1?1?1?1?2
(8 possibilites)
then the same for 2, 3 and 4 letters

i didnt do the math completely , but for 2 letters, the possible masks should be
7+6+5+4+3+2+1 = 28 , so you will have to do some real manual work here

every line is a possible mask, given your infos

you dont need generate and store the wordlist before, just let hashcat generate the candidates on the fly

[slyexe]

Payknight over at Hashkillers has a nice list of Hitron Shaw router passwords and mask. 

You can check this for information. I use to crack these all the time but that was back on hashcat 3.0 which I have long left behind including my batch files and potfile. Probably had 100's of these which I could crack on an HD5770 in about 10 minutes.

SHAW-XXXXXX (Hitron Technologies. Inc / Shenzhen Bopengfa Elec&Technology CO.,Ltd)

2511xy0yzzzz (12 Char)

x = 4, 5, or 6
y = ABCDEF0123456789
z = 0123456789


SHAW-6XXXXX (PEGATRON CORPORATION / Roku, Inc.)

277zzzzzz (9 Char)

z = 0123456789

SHAW Login Page

Username: cusadmin
Password: Router Password

[slyexe]

So to use this in a mask attack is simple:

Code:

hashcat -a 3 -m 22000 -1 456 -2 ABCDEF0123456789 hashlist.file 2511?1?20?2?d?d?d?d

Code:

hashcat -a 3 -m 22000 hashlist.file 277?d?d?d?d?d?d

[ZerBea]

Code:

$ cat hashcat.mask
27?d?d?d?d?d?d?d
45678,2511?1?H0?H?d?d?d?d

$ hashcat -m 22000 hashlist.file -a 3 hashcat.mask