I need help with syntax
#1
I'm new to ocl/cudaHashcat and I'm looking to build a syntax that would cover certain criteria.
A capture.hccap is the target. I'm using cudaHashcat 1.30 | The-Distribution-Which-Does-Not-Handle-OpenCL-Well (Kali).

- Markov Chains(statsprocessor).
- 8 to 10 character long.
- first character a Capitalized letter.
- last two characters are numbers.

=: Orange67, Carbon14,..

If some of you can help me getting started it would be appreciated =]
#2
See http://hashcat.net/wiki/doku.php?id=mask_attack

Your command will look something like this:
length 8
Code:
./oclHashcat -w 3 -m 2500 capture.hccap -a 3 ?u?a?a?a?a?a?d?d
length 9
Code:
./oclHashcat -w 3 -m 2500 capture.hccap -a 3 ?u?a?a?a?a?a?a?d?d
length 10
Code:
./oclHashcat -w 3 -m 2500 capture.hccap -a 3 ?u?a?a?a?a?a?a?a?d?d


OclHashcat also supports maskfiles ( see http://hashcat.net/wiki/doku.php?id=mask...mask_files ).
This means that you can put all 3 masks into a *.hcmask file and let oclHashcat loop through all masks. Content of the my.hcmask file would look something like this:
Code:
?u?a?a?a?a?a?d?d
?u?a?a?a?a?a?a?d?d
?u?a?a?a?a?a?a?a?d?d

Now you can run oclHashcat with this new .hcmask like follows:
Code:
./oclHashcat -w 3 -m 2500 capture.hccap -a 3 my.hcmask

Note: I assumed here that between the uppercase and the digits can be every special character, lower case char, upper case char and digit, see http://hashcat.net/wiki/doku.php?id=mask_attack for full explanation of the predefined charset and if you need build your own charset, see http://hashcat.net/wiki/doku.php?id=mask...m_charsets
#3
=] Thank you Phil!

2 more questions..

- Markov Chains(statsprocessor) will automatically kick in right?
- How can I verify the output(generated character set) to actually see the resulting words?
#4
(09-12-2014, 04:11 PM)Quest Wrote: =] Thank you Phil!

2 more questions..

- Markov Chains(statsprocessor) will automatically kick in right?
- How can I verify the output(generated character set) to actually see the resulting words?

it uses markov but you can explicitly set a threshold with -t

you can see the output using the maskprocessor executable from hashcat-utils
#5
Hi coolbry!

I do not have a "maskprocessor" executable from hashcat-utils folder ( /usr/share/hashcat-utils )!?
I've also checked in the /usr/share/cudahashcat directory.

Why would I want to set a threshold?

I feel uncomfortable being so ignorant, but I've been searching and reading for 2 days without progress. All I can do is ask questions to wrap my brain around this. Thanks Wink
#6
Hi all,

so I'm having 2 basic problems.

- Markov Chains doesn't seem to 'kick in' when I use a syntax without a mask.
- Then when I try to use a mask, cudaHashcat starts, but doesn't do anything and stops after a few seconds.


Code:
root@The-Distribution-Which-Does-Not-Handle-OpenCL-Well (Kali):~# cd /usr/share/cudahashcat/ && ./cudaHashcat64.bin -w 3 -m 2500 /root/capture.hccap -a 3 rockyou-1-60.hcmask
cudaHashcat v1.30 starting...

Device #1: GeForce GT 630M, 2047MB, 950Mhz, 2MCU

Hashes: 1 hashes; 1 unique digests, 1 unique salts
Bitmaps: 8 bits, 256 entries, 0x000000ff mask, 1024 bytes
Applicable Optimizers:
* Zero-Byte
* Single-Hash
* Single-Salt
* Brute-Force
Watchdog: Temperature abort trigger set to 90c
Watchdog: Temperature retain trigger set to 80c
Device #1: Kernel ./kernels/4318/m2500.sm_21.64.ptx
Device #1: Kernel ./kernels/4318/markov_le_v1.64.ptx
Device #1: Kernel ./kernels/4318/bzero.64.ptx

                                            
INFO: approaching final keyspace, workload adjusted

                                            
Session.Name...: cudaHashcat
Status.........: Exhausted
Input.Mode.....: Mask (rockyou-1-60.hcmask) [19]
Hash.Target....: misi (38:60:77:c1:29:ad <-> 94:eb:cd:6c:f0:38)
Hash.Type......: WPA/WPA2
Time.Started...: 0 secs
Time.Estimated.: 0 secs
Speed.GPU.#1...:        0 H/s
Recovered......: 0/1 (0.00%) Digests, 0/1 (0.00%) Salts
Progress.......: 1/1 (100.00%)
Skipped........: 0/1 (0.00%)
Rejected.......: 0/1 (0.00%)
HWMon.GPU.#1...: -1% Util, 47c Temp, -1% Fan

Started: Sat Sep 13 10:30:01 2014
Stopped: Sat Sep 13 10:30:02 2014
root@The-Distribution-Which-Does-Not-Handle-OpenCL-Well (Kali):/usr/share/cudahashcat#

could someone educate me?
#7
oclHashcat always uses Markov by default everywhere a mask is used, unless you explicitly disable it via the '--markov-disable' switch.

You have a syntax error in the command that you shared. You are not providing the path to "rockyou-1-60.hcmask", and since this file does not exist in the working directory, oclHashcat thinks that it is a 19-character mask. That is why the progress says "1/1" and it completes instantly.

Further, the rockyou hcmask files will not work well for WPA since WPA has a minimum length requirement of 8 characters, and rockyou had no password complexity requirements.
#8
of course! *slap face* Slowly unconfusing myself here. Thank you =]

How can it takes an estimated 44 days, 16 hours, when my .hcmask only contain one line( ?u?l?l?l?l?l?d?d )..?

Is there really that many combinations, one Upercase | five lowercases | two numbers ?

Code:
root@The-Distribution-Which-Does-Not-Handle-OpenCL-Well (Kali):~# cd /usr/share/cudahashcat/ && ./cudaHashcat64.bin -w 3 -m 2500 /root/capture.hccap -a 3 /usr/share/cudahashcat/masks/my.hcmask
cudaHashcat v1.30 starting...

Device #1: GeForce GT 630M, 2047MB, 950Mhz, 2MCU

Hashes: 1 hashes; 1 unique digests, 1 unique salts
Bitmaps: 8 bits, 256 entries, 0x000000ff mask, 1024 bytes
Applicable Optimizers:
* Zero-Byte
* Single-Hash
* Single-Salt
* Brute-Force
Watchdog: Temperature abort trigger set to 90c
Watchdog: Temperature retain trigger set to 80c
Device #1: Kernel ./kernels/4318/m2500.sm_21.64.ptx
Device #1: Kernel ./kernels/4318/markov_le_v1.64.ptx
Device #1: Kernel ./kernels/4318/bzero.64.ptx

[s]tatus [p]ause [r]esume [b]ypass [q]uit => s

Session.Name...: cudaHashcat
Status.........: Running
Input.Mode.....: Mask (?u?l?l?l?l?l?d?d) [8]
Hash.Target....: misi (38:60:77:c1:29:ad <-> 94:eb:cd:6c:f0:38)
Hash.Type......: WPA/WPA2
Time.Started...: Sat Sep 13 12:48:59 2014 (32 secs)
Time.Estimated.: Tue Oct 28 05:26:26 2014 (44 days, 16 hours)
Speed.GPU.#1...:     8376 H/s
Recovered......: 0/1 (0.00%) Digests, 0/1 (0.00%) Salts
Progress.......: 262144/30891577600 (0.00%)
Skipped........: 0/262144 (0.00%)
Rejected.......: 0/262144 (0.00%)
HWMon.GPU.#1...: -1% Util, 72c Temp, -1% Fan

[s]tatus [p]ause [r]esume [b]ypass [q]uit =>

doesn't look right to me.
#9
It's correct.. 26^6 + 10^2 = 30891577600 combinations. you do 8376 per second = 3688106 seconds

Your GPU sucks Smile
#10
Hey atom himself!! Thank you sir for all the work!!

hahaha yes it would appear that my GPU sucks. At least there is nothing wrong with my syntax, so I'm not too depressed with the results. I came here to learn. Hardware can be bought.

I'm still not clear on the mechanic of it all. I was under the impression that 'Markov Chains' would drastically reduce the number of 'words' generated, and therefore reduce the proceeding time compared to brutforce.

Is "26^6 + 10^2 = 30891577600 combinations", Markov or brutforce?