Hybrid attack
#1
Hi,

I am new to the hashcat, and I cant find a way to make this working for wpa2 cracking

Is there a way, beside wordlist (i tried, works great but very large files) to make somthing like this

Lets say I know one part of the password, for this example "bill"

I want to make hashcat do like this ?d bill ?d?d?d, I tried hybrid attack, but could only make it left or right.


thanks
Reply
#2
(10-04-2017, 11:16 AM)pkneca Wrote: Hi,

I am new to the hashcat, and I cant find a way to make this working for wpa2 cracking

Is there a way, beside wordlist (i tried, works great but very large files) to make somthing like this

Lets say I know one part of the password, for this example "bill"

I want to make hashcat do like this ?d bill ?d?d?d, I tried hybrid attack, but could only make it left or right.


thanks

Look at using rules which can be used to append and prepend to your wordlist

https://hashcat.net/wiki/doku.php?id=rule_based_attack
Reply
#3
Thank you for the quick replay. I will look into it, when I return home from work.

I want to make this, maybe there is a better way

I was planning to make script that automaticly execute hashcat commands

I want to use mixalpha-numeric charset, in this example I will present it as X, key is for some random word

keyX
Xkey
keyXX
XXkey
XkeyX
keyXXX
XXXkey
XkeyXX
XXkeyX
keyXXXX
XXXXkey
XkeyXXX
XXkeyXX
XXXkeyX

I was looking in increment option, but I couldnt understand it well.

thanks
Reply
#4
You could use a hcmask file (see https://hashcat.net/wiki/doku.php?id=mas...mask_files):

file my.hcmask:
Code:
?l?u?d,key?1
?l?u?d,?1key
?l?u?d,key?1?1
?l?u?d,?1?1key
?l?u?d,?1key?1
?l?u?d,key?1?1?1
?l?u?d,?1?1?1key
?l?u?d,?1key?1?1
?l?u?d,?1?1key?1
?l?u?d,key?1?1?1?1
?l?u?d,?1?1?1?1key
?l?u?d,?1key?1?1?1
?l?u?d,?1?1key?1?!
?l?u?d,?1?1?1key?1

and run it like this:
Code:
hashcat -m 0 -a 3 -w 3 hashes.txt my.hcmask

the only disadvantage of this solution is that the speed is not guaranteed to be the best for all mask (especially if we have masks with a constant prefix). On the other hand, it is for sure the most convenient way to run a set of masks that follow certain policies.
Reply
#5
Thank you soo much, this is great.

Is it possible to get that "key" value also checked with mixalpha characters. I hope that you can understand, english is not my native language, I dont know how to explain..
Reply