05-16-2017, 04:40 PM
Hi all,
I'm trying to understand Markov chains in relation to incremental brute force attacks a little better and was playing around with masks over the weekend. I'm not actually trying to crack anything, just learning about Markov.
Let's assume I have some awesome hardware (better than the stats below) and wanted to brute force a WPA2 handshake by way of an incremental attack starting at 8 and ending with 50 using the following
I might get the following output
My question is specific to how Markov chains increment. Let's take Candidates.#1 as an example
Even though I'm able to crack through 98261 H/s, I've noticed when checking the status, there are times where the progress moves forward but the candidates do not changes for X seconds. Let's call it 15 seconds which got me thinking.
How exactly does Markov increment in hashcat? Will hashcat start with the first 8 character candidate and work it's way to the last 8 character candidate before it increments?
Or will the Markov chain increment the current candidate until the max length is reached before moving on to the next?
Example
and so on until all possible 8 character combinations are satisfied
or
and so on until the current candidate has tried all possible combinations between 8 and 50?
I don't fully understand Markov chains yet so it's difficult to articulate my question in exactly the right way, please ask if you have any questions about what I'm asking.
I'm trying to understand Markov chains in relation to incremental brute force attacks a little better and was playing around with masks over the weekend. I'm not actually trying to crack anything, just learning about Markov.
Let's assume I have some awesome hardware (better than the stats below) and wanted to brute force a WPA2 handshake by way of an incremental attack starting at 8 and ending with 50 using the following
Code:
hashcat64 -w 4 --restore-file-path=~/my.restore -o ~/cracked.txt -m 2500 -a 3 --increment --increment-min=8 --increment-max=50 handshakes.hccapx ?a?a?a?a?a?a?a?a
I might get the following output
Code:
Session..........: hashcat
Status...........: Running
Hash.Type........: WPA/WPA2
Hash.Target......: handshakes.hccapx
Time.Started.....: xxxxxxx (9 hours, 30 mins)
Time.Estimated...: xxxxxx (3 years, 61 days)
Guess.Mask.......: ?a?a?a?a?a?a?a?a [8]
Guess.Queue......: 1/1 (100.00%)
Speed.Dev.#1.....: 98261 H/s (55.75ms)
Recovered........: 0/80 (0.00%) Digests, 0/24 (0.00%) Salts
Progress.........: 94919065600/159220903509375000 (0.00%)
Rejected.........: 0/94919065600 (0.00%)
Restore.Point....: 41615360/69833729609375 (0.00%)
Candidates.#1....: hH2Pmane -> hXU<LINA
HWMon.Dev.#1.....: Temp: 59c Fan:100% Util: 98% Core:1024MHz Mem:1333MHz Bus:16
My question is specific to how Markov chains increment. Let's take Candidates.#1 as an example
Code:
Candidates.#1....: hH2Pmane -> hXU<LINA
Even though I'm able to crack through 98261 H/s, I've noticed when checking the status, there are times where the progress moves forward but the candidates do not changes for X seconds. Let's call it 15 seconds which got me thinking.
How exactly does Markov increment in hashcat? Will hashcat start with the first 8 character candidate and work it's way to the last 8 character candidate before it increments?
Or will the Markov chain increment the current candidate until the max length is reached before moving on to the next?
Example
Code:
"aaaaaaaa"
"aaaaaaab"
"aaaaaaac"
"aaaaaaad"
and so on until all possible 8 character combinations are satisfied
or
Code:
"aaaaaaaa"
"aaaaaaaab"
"aaaaaaaabc"
and so on until the current candidate has tried all possible combinations between 8 and 50?
I don't fully understand Markov chains yet so it's difficult to articulate my question in exactly the right way, please ask if you have any questions about what I'm asking.