Custom Charset

[boylin]

Hi guys, new here, trying to learn oclHashcat and got stuck.

So i'm attacking a WPA hccap file, using: oclhashcat64 -m 2500 -w 3 -a 3 1.hccap ?l?l?l?l?l?l?l?l -o found.txt

This is using all lowercase alpha min 8 max 8 characters, but i want to use all the lower alpha characters except the letter o and i as i'm cracking a Virgin Media router which uses the letters abcdefghjklmnpqrstuvwxyz

Can someone help with a mask for this charset. 
Thanks

[Xanadrel]

https://hashcat.net/wiki/doku.php?id=mas...m_charsets

Oh boy, that was hard.

[boylin]

cheers, figured it out now. For any future searches:

oclhashcat64 -m 2500 -w 3 -a 3 1.hccap -1 abcdefghjklmnpqrstuvwxyz ?1?1?1?1?1?1?1?1 -o found.txt
Gives 110075314176 words, hashing at 171,000H/s on a single HD 6990, time estimated 9 days.

Anyone know how i can use GPU & CPU at the same time in oclHashcat? I have an 8 core AMD which hashes at 49,000 h/s in PYRIT and seems a bit of a waste not using them.

[rico]

Anyone know how i can use GPU & CPU at the same time in oclHashcat?

Well you could split the job and have the GPU work on 77.73% of the keyspace and the CPU on 22.27% (that's what 171kH/s and 49kH/s work out to.

Then use skip and limit options to specify what parts of the job to work on, i.e. keyspace is 4586471424, split as above is 3564939153 and 1021532272 (both rounded up so as not to leave a gap)

tell oclHashcat to run 0%-77.73% and hashcat 77.73%-100% and they should exhaust their keyspaces at the same time unless there's a hit first.

oclhashcat64 -m 2500 -w 3 -a 3 -l 3564939153  1.hccap -1 abcdefghjklmnpqrstuvwxyz ?1?1?1?1?1?1?1?1 -o found.txt


Use -s 85558539654 for CPU hashcat (uses skip parameter slightly different):

hashcat-cli64 -m 2500 -a 3 -s 85558539654 1.hccap -1 abcdefghjklmnpqrstuvwxyz ?1?1?1?1?1?1?1?1 -o found.txt

See, starts at 77.73%:

Input.Mode: Mask (?1?1?1?1?1?1?1?1) [8]
Index.....: 0/1 (segment), 110075314176 (words), 0 (bytes)
Recovered.: 0/1 hashes, 0/1 salts
Speed/sec.: - plains, 2.67k words
Progress..: 85558548890/110075314176 (77.73%)
Running...: 00:00:00:04

[boylin]

Thanks for that, set it all up and the hashcat is running at 4.12k words, is that 4120 words / second? If so, thats not so great.

[rico]

I don't know much pyrit I'm afraid and I was a bit surprised when you said your CPU could do 49kH/s. That's about what a GTX 760 pulls using cudaHashcat (on WPA).

And even if pyrit supported some sort of skip option, it wouldn't be any good to you as the keyspace would be processed completely different. hashcat doesn't work through the keyspace aaaaaaaa, aaaaaaab,...,zzzzzzzy, zzzzzzzz by default. You'd have to use the --markov-disable option for that behaviour.

For what it's worth, I've only cracked about 10 or so WPAs and luckily never had to go past 67% of the keyspace so maybe just go with your GPU from 0% and leave it at that.