Noob issues with oclhashcat
#1
Im running Windows 7 and trying to use oclhashcat on my nvidia gtx660. I am struggling to get any kind of response from hashcat tho, trying to bruteforce an hccap file and to output to found.txt but nothing happens.

W:\oclhashcat>hashcat64.exe -m 3 W:\oclhashcat\mongo.hccap W:\oclhascat\found.txt

I press enter, get the eula: yes/no, I type yes and nothing happens. Have spent most of the day on this, hard to find noob friendly step-by-step guides for hashcat.
I know Im screwing up, but how?

(what I really want to do is use a mask attack to pinpoint a 13 letter lower-case password, but Im not there yet)
#2
Hi
Here is step by step mask attack guide http://hashcat.net/wiki/doku.php?id=mask_attack
But 13 ?l with take couple YEARS so dont know is it worth Your work
#3
(02-14-2015, 07:46 AM)Szulik Wrote: Hi
Here is step by step mask attack guide http://hashcat.net/wiki/doku.php?id=mask_attack
But 13 ?l with take couple YEARS so dont know is it worth Your work


Thanks, reading it now, makes more sense when you are not tired lol. But wouldnt cracking a 13 letter password be feasible when there are only lower case letters, no numbers, and no identical letters appear after eachother (like aa…..)?
#4
I think you didn't realize how large that keyspace is.

Let us start with 26 characters which can be repeated.
The charset would be: abcdefghijklmnopqrstuvwxyz
The number of characters would be: 26
Hence, the total keyspace for exactly length 13 (not incremented, that one would be even larger) would be:
26 ^ 13 = 2,481,152,873,203,736,576
or more simply:
26 * 26 * 26 * 26 * 26 * 26 * 26 * 26 * 26 * 26 * 26 * 26 * 26 = 2,481,152,873,203,736,576

Yes, in this case (all chars can be repeated), each position can be all 26 characters.
Please try to read that resulting value aloud and you should recognize how large that number really is.

Let's now move on to case number #2, i.e. where there cannot be a sequence of 2 repeating characters (directly attached to each other).
This reduces the number of possible candidates by a little (but still not too much to be doable):
26 * 25 * 25 * 25 * 25 * 25 * 25 * 25 * 25 * 25 * 25 * 25 * 25 = 1,549,720,764,160,156,250

(note: we cannot repeat for instance like "...aab..." but "...aba..." is allowed)

The problems here:
1. Bruteforcing WPA/WPA2 is difficult already for short(er) (random) passwords (like 9, 10)
2. WPA/WPA2 is a slow algorithm, it cannot be compared to md5/ntlm etc (fast algorithms)
3. If the passwords are not completely random, it is a good advice to try other attack modes (wordlists, wordlists with rules, combinator etc), bruteforcing a hash should always be the last (most of the time desperate Wink ) step one should try, if really all other attack modes did exhaust
4. the keyspace mentioned here (and this is a really BIG problem) is not even doable for a fast algorithm (like ntlm/md5), even with the largest and best cluster of GPUs in a reasonable time
#5
Wow, guess this is a silly endeavour. It will actually be easier to just pick the lock on the door and photograph the wpa key sticker under the router (joke,sort of). Suppose most people who put custom names as ESSID also choose shorter passwords than 13 characters.