Brute Force WPA2
#1
If we have a WPA2 handshake, and wanted to brute force it with -1 ?l?u?d for starters, but we dont know the length of the password, would this be a good start?


oclhashcat.exe -m 2500 -a 3 <capture.hccap> -1 ?l?u?d --incremental
#2
no

1. --incremental is not a valid oclHashcat switch, I think you mean --increment (always double-check the switches with the --help output):
-i, --increment Enable increment mode

2. with -a 3 you always need to also supply a mask, so there are at least 2 different kinds of information needed:
- the custom char set(s) ( see https://hashcat.net/wiki/doku.php?id=mas...m_charsets )
- where this/these char set(s) should be used in the mask

e.g. something like -a 3 -1 ?l?u?d ?1?1?1?1?1?1?1
would mean use the custom char set in the mask in position 1, 2, 3, 4, 5, 6 and 7, while:
-a 3 -1 ?l?u?d ?1?1?1hcat
would mean, use the char set number 1 (-1 -> ?1) only for position 1, 2 and 3
etc

If you want to use incremental mode you define with you mask the maximum length you want to try (or you could also use --increment-max):
--increment --increment-min 8 -a 3 -1 ?l?u?d ?1?1?1?1?1?1?1?1?1?1
(this would try all password which are limited to lower letters, upper letters and digits of length 8 to 10 - since mask is no longer than 10 characters)

For more details, I kindly invite you to read this wiki page: https://hashcat.net/wiki/doku.php?id=mask_attack


BTW: bruteforcing or mask attacking a WPA/WPA2 password is in general not a very clever idea. The algorithm is a so-called slow algorithm, the speed cannot be compared to a fast algorithm such as ntlm, md5 etc. There are other attack modes that you should always consider before starting a -a 3 attack (which should always be the last thing you should try, if nothing else worked).
there are other attack modes which normally would be more clever to try first, such as wordlist attack with rules (-a 0 -r rules.txt), combinator attacks (-a 1), etc
#3
I think what am looking for is, if it means: Start incrementing from 8 up to 12, given the custom char set of lower case, upper case, and digits

-i --incremement-min 8 --increment-max 12 -a 3 -a ?l?u?d
#4
the mask is still missing, and this
"-a ?l?u?d"
is not valid syntax

With all this information I just did give you, you should easily understand that this is what you are looking for:
Code:
oclhashcat.exe -m 2500 -a 3 -1 ?l?u?d --increment --increment-min 8 --increment-max 12 capture.hccap ?1?1?1?1?1?1?1?1?1?1?1?1

Also one of the very first line of --help says:
Code:
Usage: oclHashcat [options]... hash|hashfile|hccapfile [dictionary|mask|directory]...

So you should have:
1. options: -m 2500 -a 3 -1 ?l?u?d --increment --increment-min 8 --increment-max 12
2. hashfile: capture.hccap
3. mask: ?1?1?1?1?1?1?1?1?1?1?1?1
#5
Sorry that was a typo, it was supposed to be -a 3 -1 ?l?u?d

Ahhh, so we still have to specify the mask ?1?1?1?1?1?1?1?1?1?1?1?1, even though we already have the --increment-max 12, correct?