Recommendations on WPA cracking
#1
I'm working on cracking a WPA key which is not in some of the general dictionaries. (checked) Knowing the client profile, I have a hunch they just took the company name and L33t speeked it. Possibly added a character or two to the end.

eg: tacobell to T@c0BelL#

What types of options should I set to test against this type of key?

I see the leetspeak rule option as well as toggles as possible options. Would I just use some combination of these?

Thanks in advance.
#2
sure, you could create a wordlist containing a few variations of the company name, and use rule chaining.
#3
So following along the previous example, manually create a wordlist with possible variations of the company name in full, reverse, with a space, followed by a number etc. Then add leetspeak rule and a toggle. Should I use any particular toggle? (I need to spend some more time researching the differences) What about appending characters? I'm still learning so I'm using the GUI for now, I don't have the option to include a mask when in "straight" mode.

Thanks for the Uber quick response!
#4
(11-20-2012, 04:33 PM)wonder1and Wrote: So following along the previous example, manually create a wordlist with possible variations of the company name in full, reverse, with a space, followed by a number etc. Then add leetspeak rule and a toggle. Should I use any particular toggle? (I need to spend some more time researching the differences) What about appending characters? I'm still learning so I'm using the GUI for now, I don't have the option to include a mask when in "straight" mode.

Thanks for the Uber quick response!
Since your wordlist will be very short, you can allow yourself to have plenty of rules. So take the file with the most leet rules and the most toggle rules and put them together in your command line:

oclhashcat-plus64 ... -r rule1.rule -r rule2.rule ... wpafile.hccap

It would be more efficient to learn the command line not from the GUI. See oclhashcat-plus64 --help for the list of all the switches.