Posts: 2
Threads: 1
Joined: Oct 2024
My WPA code consists of 10 strings.
7 characters are numbers and 3 characters are capital letters.
Could I use ?d?d?d?d?d?d?d?d?u?u?u to tell hashcat that the code generally consists of 7 numbers and 3 capital letters, or do I have to communicate this with ?H?H?H?H?H?H?H?H?H?H?H?H?
This is a 60 vs. 10 day calculation procedure with -a 3 (bruteforce).
Thank you!
Posts: 374
Threads: 0
Joined: Nov 2017
if you know the positions of each digit and capital letter then yes the first method is all you would need to do. Otherwise, if you do not know the position you would have to do either a custom mask including the full keyspace or individualize it into multiple attacks using an hcmask.
Code:
hashcat -a 3 -m 22000 -1 ?d?u hash.file ?1?1?1?1?1?1?1?1?1?1
Otherwise using a hcmask file you would include ALL possibilities with all positions of your upper case letters.
?u?u?u?d?d?d?d?d?d?d
?u?d?u?u?d?d?d?d?d?d
?u?d?d?u?u?d?d?d?d?d
etc.etc.etc...
Having such a big keyspace for a slower hash with WPA is not ideal, unfortunately this is your only options.
Posts: 2
Threads: 1
Joined: Oct 2024
Unfortunately, I don't know the position of each digit and capital letter.
With your code: hashcat -a 3 -m 22000 -1 ?d?u hash.file ?1?1?1?1?1?1?1?1?1?1?1
my computer would calculate several hundred years for that.
And what do you think about using ?H?H?H?H?H?H?H?H?H?H?H?H?
e.g.: hashcat.exe -m 22000 -a 3 xxx.hc22000 ?H?H?H?H?H?H?H?H?H?H
Wouldn´t this also include all combinations and positions of digit and capital letters, like a mask?
Because for this it "only" needs about 50 days...
Posts: 874
Threads: 15
Joined: Sep 2017
(10-11-2024, 01:19 PM)w31x Wrote: Unfortunately, I don't know the position of each digit and capital letter.
With your code: hashcat -a 3 -m 22000 -1 ?d?u hash.file ?1?1?1?1?1?1?1?1?1?1?1
my computer would calculate several hundred years for that.
And what do you think about using ?H?H?H?H?H?H?H?H?H?H?H?H?
e.g.: hashcat.exe -m 22000 -a 3 xxx.hc22000 ?H?H?H?H?H?H?H?H?H?H
Wouldn´t this also include all combinations and positions of digit and capital letters, like a mask?
Because for this it "only" needs about 50 days...
No, ?H is 0123456789ABCDEF its the HEX charset, therefore you are missing all letters from G to Z
as slyexe mentioned, you have to generate all possible masks by yourself, given your infos this should be 120 different masks
in the worst case you would crack it with the last mask, therefore i would shuffle the masks or use the masks with 3 letters together as the last ones (i just presume that the letters are embedded and not together)
