Posts: 47
Threads: 15
Joined: Dec 2013
I am trying to run a mask attack against my router with a test password the following is the syntax I am using -
oclHashcat64.exe -m 2500 -a 3 -1 z -2 abrtxxwz Deepspace.hccap -i --session=Deepspace ?1?2?2?2?2?2?2?2
Where z is the start of the password and abrtxxwz (not in the correct order) is the rest.
oclHashcat will not find the password, what am I doing wrong?
Rab.
Posts: 117
Threads: 0
Joined: Nov 2013
Well first off there is not need for -i when you only have 8 characters. Second you must not being doing the right character set.
Posts: 47
Threads: 15
Joined: Dec 2013
(03-18-2014, 12:46 AM)coolbry95 Wrote: Well first off there is not need for -i when you only have 8 characters. Second you must not being doing the right character set.
The char set is correct but I will remove the i and try again.
Thanks
Rab.
Posts: 117
Threads: 0
Joined: Nov 2013
Removing the -i will not make a difference of it not being cracked or not unless it is not 8 characters. I don't think you have the right charset or the right length
Posts: 47
Threads: 15
Joined: Dec 2013
I appreciate what you are saying but it is the correct char set and length I set it up myself on my own router just jumbled up the letters.
Posts: 117
Threads: 0
Joined: Nov 2013
Ok just saying it is a typical problem. If it still doesn't work post the commandline again and then the error.
Posts: 31
Threads: 0
Joined: Feb 2014
03-18-2014, 01:18 AM
(This post was last modified: 03-18-2014, 01:22 AM by Milzo.)
No need for two occurences of x in your charset or any for that matter unless it's the opposite case.
Say your pass you set was 12345678, use this as your charset it should crack near enough instantly, if not i'd look at your re-capturing the handshake.
Run test:
oclHashcat64.exe -m 2500 -a 3 -1 12345678 Deepspace.hccap ?1?1?1?1?1?1?1?1
Posts: 47
Threads: 15
Joined: Dec 2013
I included the 2 x's to speed up the process and used the z as a starting point for future projects - predicting the starting letter of a particular password ( Kind of like a lucky dip) in future I would be using the complete lower case charset.
It is possible I may have to capture the handshake again as EWSA has found the password using the same mask but doesn't display it and it reported two handshakes in the cap file one of which did not find the password but the other did.
Rab.
Posts: 31
Threads: 0
Joined: Feb 2014
03-18-2014, 01:48 AM
(This post was last modified: 03-18-2014, 01:50 AM by Milzo.)
You can use it in this fashion...... zxx?l?l?l?l?l in a mask directly but not with a specified charset, it's just pointless and would be ignored in any case.
Can't say i've ever used EWSA but if that software can find the key with your raw cap file, then maybe something went wrong with the conversion to hccap, but i doubt that, i just think your getting muddled up a bit, I'm sure you'll sort it out.
Posts: 47
Threads: 15
Joined: Dec 2013
Got it!!
I think the original capture file had two handshakes in it one was valid and the other corrupt, in EWSA I was able to filter the corrupt handshake out and that is why it was able to crack it and hashcat couldn't.
After a fresh capture and a hccap conversion using aircrack -J I was able to successfully crack the password using the syntax and charset as laid out above. YeeeeHaaaa!
Thanks everyone for your input. I now know that this method works.
Rab.
