Hello, first time here.
I'm having some issues with the WPA algorithm rejecting all my candidate passwords before applying any rules (that would make them valid >len8 candidates)
I'm competing with my roommate, and we decided to start with 5 short passwords (8 characters), and so far he's ahead with python scripts to generate dictionaries + aircrack...
Here is some code + output to demonstrate what is happening. You can see that the append rule produces 4 valid results out of 5. Yet hashcat seems to evaluate the candidates based on the lenght of the base word... I would expect it to reject 5 out of the 25 candidates, but it just goes ham.
Works like a charm for len>=8 base words, and I've tested it on my own handshakes, so I know it's working.
Also, on the same bucket of problems, here is another error that I've found:
(at least) On hashcat v3.10, rejection rules are not working on the 'slow algorithm' which is WPA, contrary to what is stated on the rule-based attack page... Proof :
I managed to get a dirty workaround for these problems by piping hashcat into itself, which fells pretty dumb.
And then I tried something more complex, a combination attack (which doesnt accept rules for god knows what reason), piped into my rule set, piped into the actual hash cracking. It didn't work, and I got presented with a pretty... well, see for yourself:
And then it exhausts without processing a single word...
Sorry for the huge dump of complaints, it's just that all this is giving me a hard time in something that is already challenging... Thanks a bunch for any help :/
I'm having some issues with the WPA algorithm rejecting all my candidate passwords before applying any rules (that would make them valid >len8 candidates)
I'm competing with my roommate, and we decided to start with 5 short passwords (8 characters), and so far he's ahead with python scripts to generate dictionaries + aircrack...
Here is some code + output to demonstrate what is happening. You can see that the append rule produces 4 valid results out of 5. Yet hashcat seems to evaluate the candidates based on the lenght of the base word... I would expect it to reject 5 out of the 25 candidates, but it just goes ham.
Code:
C:\me\hackhim>echo 1234567| hashcat -r .\rules\append.rule --stdout
1234567
12345671
1234567123
12345672
123456712
C:\me\hackhim>echo 1234567| hashcat -r .\rules\append.rule -m 2500 .\captures\catAll.hccap
hashcat (v3.10) starting...
OpenCL Platform #1: Intel(R) Corporation
========================================
- Device #1: Intel(R) HD Graphics 4600, 407/1629 MB allocatable, 20MCU
- Device #2: Intel(R) Core(TM) i7-4720HQ CPU @ 2.60GHz, skipped
OpenCL Platform #2: NVIDIA Corporation
======================================
- Device #3: GeForce GTX 960M, 512/2048 MB allocatable, 5MCU
- Device #3: WARNING! Kernel exec timeout is not disabled, it might cause you errors of code 702
See the wiki on how to disable it: https://hashcat.net/wiki/doku.php?id=timeout_patch
WARN: nvmlDeviceGetFanSpeed() 3 Not Supported
Hashes: 5 hashes; 5 unique digests, 5 unique salts
Bitmaps: 16 bits, 65536 entries, 0x0000ffff mask, 262144 bytes, 5/13 rotates
Rules: 5
Applicable Optimizers:
* Zero-Byte
* Slow-Hash-SIMD
Watchdog: Temperature abort trigger set to 90c
Watchdog: Temperature retain trigger set to 75c
Starting attack in stdin mode...
Session.Name...: hashcat
Status.........: Exhausted
Rules.Type.....: File (.\rules\append.rule)
Input.Mode.....: Pipe
Hash.Target....: File (.\captures\catAll.hccap)
Hash.Type......: WPA/WPA2
Time.Started...: 0 secs
Speed.Dev.#1...: 0 H/s (0.00ms)
Speed.Dev.#3...: 0 H/s (0.00ms)
Speed.Dev.#*...: 0 H/s
Recovered......: 0/5 (0.00%) Digests, 0/5 (0.00%) Salts
Progress.......: 25
Rejected.......: 25
Started: Wed Sep 07 06:01:00 2016
Stopped: Wed Sep 07 06:01:07 2016
C:\me\hackhim>
Works like a charm for len>=8 base words, and I've tested it on my own handshakes, so I know it's working.
Also, on the same bucket of problems, here is another error that I've found:
(at least) On hashcat v3.10, rejection rules are not working on the 'slow algorithm' which is WPA, contrary to what is stated on the rule-based attack page... Proof :
Code:
C:\me\hackhim>echo ^<C > small.rule
C:\me\hackhim>type small.rule
<C
C:\me\hackhim>echo 12345678| hashcat -r .\small.rule -m 2500 .\captures\catAll.hccap
hashcat (v3.10) starting...
WARNING: Cannot convert rule for use on OpenCL device in file .\small.rule on line 1: <C
ERROR: No valid rules left
C:\me\hackhim>
I managed to get a dirty workaround for these problems by piping hashcat into itself, which fells pretty dumb.
And then I tried something more complex, a combination attack (which doesnt accept rules for god knows what reason), piped into my rule set, piped into the actual hash cracking. It didn't work, and I got presented with a pretty... well, see for yourself:
Code:
C:\me\hackhim>hashcat -a 1 --stdout -j c -k c guesses.dic guesses.dic | hashcat --stdout -r small.rule -r .\rules\append.rule | hashcat -m 2500 .\captures\catAll.hccap
ERROR: C:\Program Files\hashcat-3.10/stdout.induct: Permission denied
hashcat (v3.10) starting...
Sorry for the huge dump of complaints, it's just that all this is giving me a hard time in something that is already challenging... Thanks a bunch for any help :/