Clarifying Attack Type for PW Type
#1
Hello all,

I am fairly new to this but have read through the Wiki and tutorial and wanted to make sure I'm understanding the various approaches correctly. I'm taking a cyber security course and learning about passwords and hashes, and wanted to try this on my own using my home network for testing.

I was able to capture the handshake for my home network and have the hccap file. For testing purposes, I put my password into the middle of a large word-list and I was able to get the dictionary-style attack to work.

My main question is, since my password is a bunch of random characters (for example: 8Gy69BZs), would I want to try to use a Brute-Force style attack for that?

Based on the wiki, it looks like I should run the following:

oclHashcat64.exe -m 2500 -a3 capture.hccap ?d?d?d?d?d?d?d?d

Am I correct in understanding this will run through every potential character and eventually should find my example password above? I know this would probably take a substantial amount of time, but if I'm on the right path I'd like to create a new password that's shorter just to test.

Sorry if this answer is already well explained somewhere, I've been trying to keep up but there's a lot to keep track of Sad
#2
(04-29-2016, 09:13 PM)jcleary47 Wrote: My main question is, since my password is a bunch of random characters (for example: 8Gy69BZs), would I want to try to use a Brute-Force style attack for that?
Yes and no, for completely random passwords there is not really other options, but for wpa (which is slow) bruteforce can take between long and too late you died.

(04-29-2016, 09:13 PM)jcleary47 Wrote: oclHashcat64.exe -m 2500 -a3 capture.hccap ?d?d?d?d?d?d?d?d

Am I correct in understanding this will run through every potential character and eventually should find my example password above?
No, read more about mask attack/charsets.
#3
(04-29-2016, 09:13 PM)jcleary47 Wrote: oclHashcat64.exe -m 2500 -a3 capture.hccap ?d?d?d?d?d?d?d?d

Am I correct in understanding this will run through every potential character and eventually should find my example password above?

?d is the charset for digits (0-9), so your example would guess 00000000-99999999 but would not find your example password. To find your example you would need to use something like ?a?a?a?a?a?a?a?a which includes lowercase ($l), uppercase ($u), numbers ($d) and common special characters ($s). Since you don't need the special characters you could create a custom-charset (documentation) which would speed things up a bit.

Also, keep in mind that when using masks it only performs the attack against that exact string length, so a password with 7 or fewer characters would not be found. If you want to search for those as well use the -i flag which will start with a single character and work its way up to the length of your mask.

Good luck!