WPA/WPA2 which hashcat, which rules ?
#1
Hello everyone.

I captured a 4-way handshake with airodump.
For the password, I know this : It's 10 characters long, mostly numbers, has 1 or 2 capital letters, and there can't be 3 sequential identical characters.

So these are IMPOSSIBLE password examples :

444D250397 (3 sequential 4's)
GDTF973104 (More than 2 letters)
hg86710235 (non-capital letters)
2159637854 ( no letters at all)
GH51009971965 (longer than 10)
BU963401 (shorter than 10)

And there are POSSIBLE password examples :

671034H864 (1 letter, 9 numbers)
8D61074J68 (2 letters 8 numbers)

Letters can be anywhere in the keyspace (otherwise I'd already solved it)

I'd like to know if you can limit the amount of letter-chars to 2, but let the possibility to put it anywhere.
The AP manufacturer priorises the 8 letters at the beginning of the alphabet (ABCDEFGH) more than the others, and excludes I's and O's as they can be confused with 1's and 0's, I wonder if there is any way to include some kind of a rule with that info ?

I am also a bit confused about the hashcat I should be using, as I'm doing this with a laptop that has a lame Intel graphics card.

please forgive my english, it is not my mother tongue

Thanks in advance
EDIT : For the moment, the only rule I can think about is :

?u?d 1?1?1?1?1?1?1?1?1?1?
#2
You're out of luck and you can not use hashcat to crack WPA if you don't have an AMD/Nvidia GPU.
But it's somewhat possible in oclHashcat-plus.

Your English is more than fine, self-underestimation is no good.
#3
so oclHashcat-plus can work out the WPA with the laptop's CPU ? Is there a special command, or just normal program execution ?

With aircrack I calculated that it could take about 419.000 years to complete (1350k/s) I'm afraid I can't wait that long ...

But I'm also considering advanced crunch options .... I'll post something here if I find the right thing, as I haven't yet tried that out

EDIT : Laptop's CPU is not that bad i guess... it's a P8600 Core2 (it's written "pro" instead of "duo", I don't know if it makes big difference)
#4
if you want to crack WPA on cpu you have to use aircrack.
#5
oclHashcat-plus, which is the only cat that cracks WPA currently, works using GPU, not CPU.

The keyspace in your bruteforce plan is quite big, so expect it to take too long, unless you have big toys, GPUs I mean.

crunch might help, but you there would be speed loss, so better stick with straight options.
#6
(01-10-2013, 05:18 PM)M@LIK Wrote: oclHashcat-plus, which is the only cat that cracks WPA currently, works using GPU, not CPU.

The keyspace in your bruteforce plan is quite big, so expect it to take too long, unless you have big toys, GPUs I mean.

crunch might help, but you there would be speed loss, so better stick with straight options.

okay, I'll try out with my desktop, wich has a 9600GT. A bit outdated, but might do the job.
I'll make a bootable BT4 USB stick (desktop is running on win7) and try oclHashcat-plus. I'll give it a go with only ABCDEFGH possible letters and see what the result is

I'll keep you guys informed Wink
#7
Good, 9600 would work, don't know how fast, but it would.

I don't know why you're wanting to use BT while all hashcats, including plus, officially support Windows.
#8
I guess running hashcat on a linux base could make it work faster as W7 takes more ressource ?
#9
No, there is no performance difference from Windows to Linux.
#10
Just as a tip..

If you want to use crunch with hashcat I advise creating your wordlist via files

for 0-9 a-f lowercase took about a week to go create 9TB
When you pipe directly into crunch you will get rejected items as crunch will still go though every combination.

Hope this helps in your endeverours Smile

The rave

I would say one thing I dont know about a 9600 but i did have a gtx260 this only did about 10000pmks on pyrit never actually used it with hashcat as this is quite a new bit software for me....
I have a dual 5870 and get around 160-200 k