hashcat Forum Support hashcat v
Mix of single and multi byte in wordlist

Thread Closed 
Threaded Mode
Mix of single and multi byte in wordlist
Mem5 Offline
Posting Freak
*****
Posts: 803
Threads: 135
Joined: Feb 2011
#1
06-22-2018, 09:00 PM
Hi,

Royce has written a good post ( https://security.stackexchange.com/quest...-passwords ) to deal with accented letters, german here.

i am wondering how to deal with wordlists and rules  ; no -a 3 mode.

Should I convert all my items from my german wordlist to hexadecimal and then specify --hex-charset ?
Or is there another way to deal with accented letters in wordlists  ? Which are a mix of single and multi byte.

Thank you.
Find
undeath Offline
Sneaky Bastard
******
Posts: 2,301
Threads: 11
Joined: Jul 2010
#2
06-23-2018, 11:29 AM
multibyte wordlists with rules are an open problem. Your wordlists will just work but rules will still only modify single bytes. Converting to hex or whatever is not going to solve that limitation.
Find
atom Offline
Administrator
*******
Posts: 5,185
Threads: 230
Joined: Apr 2010
#3
06-24-2018, 03:27 PM (This post was last modified: 06-24-2018, 03:29 PM by atom.)
You can add utf-8 german umlauts by using two function calls:

Quote:root@ht:~/hashcat# cat rule
$\xc3 $\xa4
root@ht:~/hashcat# echo test | ./hashcat --stdout -r rule
testä
Website Find
Mem5 Offline
Posting Freak
*****
Posts: 803
Threads: 135
Joined: Feb 2011
#4
06-25-2018, 05:17 PM (This post was last modified: 06-25-2018, 05:19 PM by Mem5.)
(06-23-2018, 11:29 AM)undeath Wrote: multibyte wordlists with rules are an open problem. Your wordlists will just work but rules will still only modify single bytes. Converting to hex or whatever is not going to solve that limitation.

To be sure to well understand you, if for example :

Example #1:
- Password of my WPA capture is "éatonávo"
- This word is inside my wordlist, encoded into UTF-8
Am I able to recover this password straight forward ?


Example #2:
- Password of my WPA capture is "éatonávo123"
- The wordlist includes "éatonávo", and I add a rule to add '123' at the end.
Do you mean the rule will not generate "éatonávo123" ?

Thank you for this clarification.
Find
undeath Offline
Sneaky Bastard
******
Posts: 2,301
Threads: 11
Joined: Jul 2010
#5
06-25-2018, 05:36 PM (This post was last modified: 06-25-2018, 05:38 PM by undeath.)
Both your cases will work. What will not work is for example rule "T0" to change the word to "Éatonávo".
Find
Mem5 Offline
Posting Freak
*****
Posts: 803
Threads: 135
Joined: Feb 2011
#6
06-25-2018, 06:27 PM (This post was last modified: 06-25-2018, 06:28 PM by Mem5.)
OK got it.

By the way, I just figure out that WPA-Personal has a limitation conerning accented letters : "passphrase of 8 to 63 printable ASCII characters" : meaning it's not possible to enter 'é' or 'à', right ?
Find
atom Offline
Administrator
*******
Posts: 5,185
Threads: 230
Joined: Apr 2010
#7
06-28-2018, 04:42 PM
From technical perspective there's no problem with utf8 used with PBKDF2 (the KDF of WPA/WPA2). The same goes with passwords < length 8. If a client or AP ignores the policies from WPA on passwords it's possible to use them.
Website Find
Thread Closed