Posts: 42
Threads: 4
Joined: Sep 2014
I'm new to ocl/cudaHashcat and I'm looking to build a syntax that would cover certain criteria.
A capture.hccap is the target. I'm using cudaHashcat 1.30 | The-Distribution-Which-Does-Not-Handle-OpenCL-Well (Kali).
- Markov Chains(statsprocessor).
- 8 to 10 character long.
- first character a Capitalized letter.
- last two characters are numbers.
=: Orange67, Carbon14,..
If some of you can help me getting started it would be appreciated =]
Posts: 2,267
Threads: 16
Joined: Feb 2013
See
http://hashcat.net/wiki/doku.php?id=mask_attack
Your command will look something like this:
length 8
Code:
./oclHashcat -w 3 -m 2500 capture.hccap -a 3 ?u?a?a?a?a?a?d?d
length 9
Code:
./oclHashcat -w 3 -m 2500 capture.hccap -a 3 ?u?a?a?a?a?a?a?d?d
length 10
Code:
./oclHashcat -w 3 -m 2500 capture.hccap -a 3 ?u?a?a?a?a?a?a?a?d?d
OclHashcat also supports maskfiles ( see
http://hashcat.net/wiki/doku.php?id=mask...mask_files ).
This means that you can put all 3 masks into a *.hcmask file and let oclHashcat loop through all masks. Content of the my.hcmask file would look something like this:
Code:
?u?a?a?a?a?a?d?d
?u?a?a?a?a?a?a?d?d
?u?a?a?a?a?a?a?a?d?d
Now you can run oclHashcat with this new .hcmask like follows:
Code:
./oclHashcat -w 3 -m 2500 capture.hccap -a 3 my.hcmask
Note: I assumed here that between the uppercase and the digits can be every special character, lower case char, upper case char and digit, see
http://hashcat.net/wiki/doku.php?id=mask_attack for full explanation of the predefined charset and if you need build your own charset, see
http://hashcat.net/wiki/doku.php?id=mask...m_charsets
Posts: 42
Threads: 4
Joined: Sep 2014
=] Thank you Phil!
2 more questions..
- Markov Chains(statsprocessor) will automatically kick in right?
- How can I verify the output(generated character set) to actually see the resulting words?
Posts: 117
Threads: 0
Joined: Nov 2013
(09-12-2014, 04:11 PM)Quest Wrote: =] Thank you Phil!
2 more questions..
- Markov Chains(statsprocessor) will automatically kick in right?
- How can I verify the output(generated character set) to actually see the resulting words?
it uses markov but you can explicitly set a threshold with -t
you can see the output using the maskprocessor executable from hashcat-utils
Posts: 42
Threads: 4
Joined: Sep 2014
Hi coolbry!
I do not have a "maskprocessor" executable from hashcat-utils folder ( /usr/share/hashcat-utils )!?
I've also checked in the /usr/share/cudahashcat directory.
Why would I want to set a threshold?
I feel uncomfortable being so ignorant, but I've been searching and reading for 2 days without progress. All I can do is ask questions to wrap my brain around this. Thanks
Posts: 42
Threads: 4
Joined: Sep 2014
09-13-2014, 03:38 PM
(This post was last modified: 09-13-2014, 03:40 PM by Quest.)
Hi all,
so I'm having 2 basic problems.
- Markov Chains doesn't seem to 'kick in' when I use a syntax without a mask.
- Then when I try to use a mask, cudaHashcat starts, but doesn't do anything and stops after a few seconds.
Code:
root@The-Distribution-Which-Does-Not-Handle-OpenCL-Well (Kali):~# cd /usr/share/cudahashcat/ && ./cudaHashcat64.bin -w 3 -m 2500 /root/capture.hccap -a 3 rockyou-1-60.hcmask
cudaHashcat v1.30 starting...
Device #1: GeForce GT 630M, 2047MB, 950Mhz, 2MCU
Hashes: 1 hashes; 1 unique digests, 1 unique salts
Bitmaps: 8 bits, 256 entries, 0x000000ff mask, 1024 bytes
Applicable Optimizers:
* Zero-Byte
* Single-Hash
* Single-Salt
* Brute-Force
Watchdog: Temperature abort trigger set to 90c
Watchdog: Temperature retain trigger set to 80c
Device #1: Kernel ./kernels/4318/m2500.sm_21.64.ptx
Device #1: Kernel ./kernels/4318/markov_le_v1.64.ptx
Device #1: Kernel ./kernels/4318/bzero.64.ptx
INFO: approaching final keyspace, workload adjusted
Session.Name...: cudaHashcat
Status.........: Exhausted
Input.Mode.....: Mask (rockyou-1-60.hcmask) [19]
Hash.Target....: misi (38:60:77:c1:29:ad <-> 94:eb:cd:6c:f0:38)
Hash.Type......: WPA/WPA2
Time.Started...: 0 secs
Time.Estimated.: 0 secs
Speed.GPU.#1...: 0 H/s
Recovered......: 0/1 (0.00%) Digests, 0/1 (0.00%) Salts
Progress.......: 1/1 (100.00%)
Skipped........: 0/1 (0.00%)
Rejected.......: 0/1 (0.00%)
HWMon.GPU.#1...: -1% Util, 47c Temp, -1% Fan
Started: Sat Sep 13 10:30:01 2014
Stopped: Sat Sep 13 10:30:02 2014
root@The-Distribution-Which-Does-Not-Handle-OpenCL-Well (Kali):/usr/share/cudahashcat#
could someone educate me?
Posts: 2,936
Threads: 12
Joined: May 2012
oclHashcat always uses Markov by default everywhere a mask is used, unless you explicitly disable it via the '--markov-disable' switch.
You have a syntax error in the command that you shared. You are not providing the path to "rockyou-1-60.hcmask", and since this file does not exist in the working directory, oclHashcat thinks that it is a 19-character mask. That is why the progress says "1/1" and it completes instantly.
Further, the rockyou hcmask files will not work well for WPA since WPA has a minimum length requirement of 8 characters, and rockyou had no password complexity requirements.
Posts: 42
Threads: 4
Joined: Sep 2014
of course! *slap face* Slowly unconfusing myself here. Thank you =]
How can it takes an estimated 44 days, 16 hours, when my .hcmask only contain one line( ?u?l?l?l?l?l?d?d )..?
Is there really that many combinations, one Upercase | five lowercases | two numbers ?
Code:
root@The-Distribution-Which-Does-Not-Handle-OpenCL-Well (Kali):~# cd /usr/share/cudahashcat/ && ./cudaHashcat64.bin -w 3 -m 2500 /root/capture.hccap -a 3 /usr/share/cudahashcat/masks/my.hcmask
cudaHashcat v1.30 starting...
Device #1: GeForce GT 630M, 2047MB, 950Mhz, 2MCU
Hashes: 1 hashes; 1 unique digests, 1 unique salts
Bitmaps: 8 bits, 256 entries, 0x000000ff mask, 1024 bytes
Applicable Optimizers:
* Zero-Byte
* Single-Hash
* Single-Salt
* Brute-Force
Watchdog: Temperature abort trigger set to 90c
Watchdog: Temperature retain trigger set to 80c
Device #1: Kernel ./kernels/4318/m2500.sm_21.64.ptx
Device #1: Kernel ./kernels/4318/markov_le_v1.64.ptx
Device #1: Kernel ./kernels/4318/bzero.64.ptx
[s]tatus [p]ause [r]esume [b]ypass [q]uit => s
Session.Name...: cudaHashcat
Status.........: Running
Input.Mode.....: Mask (?u?l?l?l?l?l?d?d) [8]
Hash.Target....: misi (38:60:77:c1:29:ad <-> 94:eb:cd:6c:f0:38)
Hash.Type......: WPA/WPA2
Time.Started...: Sat Sep 13 12:48:59 2014 (32 secs)
Time.Estimated.: Tue Oct 28 05:26:26 2014 (44 days, 16 hours)
Speed.GPU.#1...: 8376 H/s
Recovered......: 0/1 (0.00%) Digests, 0/1 (0.00%) Salts
Progress.......: 262144/30891577600 (0.00%)
Skipped........: 0/262144 (0.00%)
Rejected.......: 0/262144 (0.00%)
HWMon.GPU.#1...: -1% Util, 72c Temp, -1% Fan
[s]tatus [p]ause [r]esume [b]ypass [q]uit =>
doesn't look right to me.
Posts: 5,185
Threads: 230
Joined: Apr 2010
It's correct.. 26^6 + 10^2 = 30891577600 combinations. you do 8376 per second = 3688106 seconds
Your GPU sucks
Posts: 42
Threads: 4
Joined: Sep 2014
Hey atom himself!! Thank you sir for all the work!!
hahaha yes it would appear that my GPU sucks. At least there is nothing wrong with my syntax, so I'm not too depressed with the results. I came here to learn. Hardware can be bought.
I'm still not clear on the mechanic of it all. I was under the impression that 'Markov Chains' would drastically reduce the number of 'words' generated, and therefore reduce the proceeding time compared to brutforce.
Is "26^6 + 10^2 = 30891577600 combinations", Markov or brutforce?