Weird estimated time
#1
Hi everybody ,

Anytime I want to run a brute force attack with masks or a rule based attack I have really really long estimated time now I just tried another time a brute force attacks with masks and the estimated time is 40.000 years !!!
I use a Macbook Air for the moment but i'll buy a PC laptop with linux soon .

Here is the command I used : 

./hashcat -m 2500 -a 3 -1 ?l -2 ?l?u?d?s -3 ?d hash file ?2?2?2?2?2?2?2


Can you please tell me how to fix this ?


Thanks a lot
#2
The time estimate is accurate. WPA is a slow hash, and you've requested a brute-force attack.

Most of the time, a full brute-force attack like the one you've crafted is a last-resort activity, after you've gone through wordlists, combinator, hybrid, mask, and other attacks. This works on the assumption that most passwords are not randomly generated, but rather contain human-selected elements that can dramatically reduce the attack space.

But if you truly know that this specific plaintext is exactly 7 characters long and was randomly generated - the only time that this attack would be what you'd start with - then there's no "faster" approach than the one you're taking.
~
#3
To check if time estimate is accurate, divide the number of tries (charset) to the speed, and you'll roughly find the same time.
#4
7 character for WPA???!!!?  Thought you needed 8.
#5
(06-05-2018, 04:36 AM)starkkh Wrote: Hi everybody ,

Anytime I want to run a brute force attack with masks or a rule based attack I have really really long estimated time now I just tried another time a brute force attacks with masks and the estimated time is 40.000 years !!!
I use a Macbook Air for the moment but i'll buy a PC laptop with linux soon .

Here is the command I used : 

./hashcat -m 2500 -a 3 -1 ?l -2 ?l?u?d?s -3 ?d hash file ?2?2?2?2?2?2?2


Can you please tell me how to fix this ?

Two other things for you, using a Mac or Linux will be very (relatively slow) if you don't have graphics cards. If you want to speed things up, use graphics cards. 

Also, I'm wondering where you got that mask, or why you're using it that way? You have three custom character sets but in your brute force, you're only using one. And the one you're using is the same as using ?a, no? Like Royce suggested, have you already tried using wordlists with rules? There's a lot of good ones out there and if it's WPA, it's likely to be not random, likely to be words since people need to remember that kind of password. Good luck!
#6
Hi ,
I just made a mistake when I wrote it , it's 8 character sorry , but hey I've tried wordlist and combination but I always have "exhausted" as result . Also I used only 2 fpr the brute force because I don't know anything about the password is I knew for example that the 3 last characters 'd be numbers i'd use ?3 for that last ones of the brute force attack but it's not the case . As worldist I used Rockyou , 82millions wordlist and crackstation human-only . Maybe you know some better ones ? Ok Plaverty9 i'll use better graphic cards , i'm not really an expert in hardware , do you have any really good graphic card to buy/use in mind ?

thank's to everyone !