WPA masks
#1
Hi I am new to hashcat in general .

I have used hashcat to find sha1 and MD5 hashes which its done with great speed...

I used to use pyrit for my wireless WPA attacks but due to graphics card changes I couldnt get pyrit to work but found the installation of hashcat a doddle

my cracker machine
AMD 1055T Phenom_II which runs 2.8Ghz over clockable to 3.6Ghz (It was overclocked with the bundle i bought) I now run at stock 2.8
I use an ASUS 5870 Ares Graphics card which is a dual 5870 on one board.
OS i run backtrack 5r3

That gives you an idea of what i am working with:

My question :

This is the command i would use to get crunch to create a wordlist that i need.

Code:
./crunch 10 10 -f charset.lst hex-lower -i -d 2 -b 100GB -o /media/sf_Desktop/passwords/START
This would generate a 10 char password using abcdef0123456789 and would not allow more than 2 identical chars..

In hashcat i use :

Code:
./oclHashcat-plus64.bin -m 2500 -a 3 -n 8 --gpu-loops=45 -1 abcdef?d /pentest/passwords/oclhashcat+/mynetworkcap.hccap ?1?1?1?1?1?1?1?1?1?1
after reading the wiki i can see you can use rules for many things but I don't understand how how to get the mask to skip passwords that are not compliant.

I hope this make sense
Thanks for any help.....
The Raver
#2
So you dont want the mask to contain identical chars?
#3
you can pipe if you want:

./crunch 10 10 -f charset.lst hex-lower -i -d 2 -b 100GB | ./oclHashcat-plus64.bin -m 2500 -n 8 --gpu-loops=45 -1 abcdef?d /pentest/passwords/oclhashcat+/mynetworkcap.hccap
#4
(12-14-2012, 03:00 PM)radix Wrote: So you dont want the mask to contain identical chars?

That was a super quick reply....

I'd like to limit the number of consecutive letters or numbers to a maximum of 2

eg:

aaaaaaaaaa I dont want this to happen
aabaabaaba So where the 3rd char would have been an a is it possible to increment it b for all lower-hex so abcdef1234567890

Many thanks again...
#5
(12-14-2012, 03:20 PM)atom Wrote: you can pipe if you want:

./crunch 10 10 -f charset.lst hex-lower -i -d 2 -b 100GB | ./oclHashcat-plus64.bin -m 2500 -n 8 --gpu-loops=45 -1 abcdef?d /pentest/passwords/oclhashcat+/mynetworkcap.hccap

Many thanks atom

I will try the pipe to hashcat now..

I wanted to try and use hashcat's features as I have heard it can generate a wordlist faster than crunch.

Thanks

The Rave
#6
For WPA the speed difference is irrelevant. Also hashcat cannot further filter the candidates generated by the mask generator.
#7
Many thanks,

I am piping crunch through to hashcat+ as suggested by atom

This is running now

For anyone else who wants to do this..
a very slight change in the command from crunch before the pipe.

Code:
./crunch 10 10 -f charset.lst hex-lower -i -d 2 | ./oclHashcat-plus64.bin -m 2500 -1 abcdef?d /pentest/passwords/oclhashcat+/mynetworkcap.hccap

Thanks again i will still be trying full bruteforce in hashcat as I know that the results will be the same but will take a bit longer

Cheers

Raver