combining dictionary with digit mutation in hashcat plus
#1
first of all, it's WPA/WPA2

I've know for sure the password starts with the letters "pr*******", it is in my dictionary, but suffers from digit mutation. How do i know that? I've tried a Elcomsoft WSA trial and he found it.
I've stripped down the dictionary i used only to have just the words that start with "pr" (approximately 21000 words)

How can i command hashcat to try all the words in the dictionary with digit mutations?

Also, where could i find some resources of making rules? i'm finding the provided help not enough

Thanks

PS.. generating a new dictionary using maskprocessor (mp64.exe -1 abcdefghijlmnoprstuv0123456789 pr?1?1?1?1?1?1?1) it's gonna give me a very large file..
#2
why generating a file? just pipe it.

mp64 -1 abcdefghijlmnoprstuv0123456789 pr?1?1?1?1?1?1?1 | oclHashcat-plus64 -m 2500 bla.hccap
#3
yes, but this is not the optimum solution..
there are 28+10 characters (letters + numbers) - 38^7 / 90000 c/s = 353 hours to run
EWSA runs the digit mutation + dictionary in less than 5 minutes (because it doesnt do all the 30^7 combinations)

i've made it in access : get my dictionary, create another one with numbers from 1 to 9999, and do a Cartesian multiply between those two.. i think i'll get lucky

Thanks

#4
i guess you explained yourself wrong. if you want to run a hybrid attack, you should use rules. you can generates rules with maskprocessor.
#5
is there a manual on how to create rules?
as i said, i want to combine all the words in the dictionary with numbers from 0 to 9999

aa0,aa1,aa2,....aa9999
ab0,ab1,ab2,....ab9999
ac0...

zz0,zz1,zz2,...zz9999
#6
yes, on inofficial wiki. its what i am currently working on but not open to public yet. guess you have to wait or search the web for an howto, there are many Smile
#7
the unofficial wiki is for maskprocessor or hashcat? cand you give me a link?
Thanks
#8
@fast_checkmate,
Please by all means continue this thread so we all get answers and be sure to let us know either way so we can all learn. Google EWSA and Tsearch or try here http://sethioz.co.uk/forum/viewtopic.php?f=47&t=471 I didn't read that thread but they all say more or less the same. It is a work around to get EWSA to show you the password even trial version. Sorry Atom quick simple solution until solved otherwise.
#9
no its not yet public
#10
Thanks Rafe, your solution is good, i'm gonna give it a try
But i'm also interested in creating rules for hashcat..
Since it's (almost) impossible to crack 10 characters passwords using bruteforce and since nobody uses 10 random letters as a password, the combination of dictionary and rules is the best approach

Atom, thanks again for the software and we are waiting for the rules.. are they similar to john the ripper rules?