Posts: 803
Threads: 135
Joined: Feb 2011
Hi,
Royce has written a good post (
https://security.stackexchange.com/quest...-passwords ) to deal with accented letters, german here.
i am wondering how to deal with wordlists and rules ; no -a 3 mode.
Should I convert all my items from my german wordlist to hexadecimal and then specify --hex-charset ?
Or is there another way to deal with accented letters in wordlists ? Which are a mix of single and multi byte.
Thank you.
Posts: 2,301
Threads: 11
Joined: Jul 2010
multibyte wordlists with rules are an open problem. Your wordlists will just work but rules will still only modify single bytes. Converting to hex or whatever is not going to solve that limitation.
Posts: 5,185
Threads: 230
Joined: Apr 2010
06-24-2018, 03:27 PM
(This post was last modified: 06-24-2018, 03:29 PM by atom.)
You can add utf-8 german umlauts by using two function calls:
Quote:root@ht:~/hashcat# cat rule
$\xc3 $\xa4
root@ht:~/hashcat# echo test | ./hashcat --stdout -r rule
testä
Posts: 803
Threads: 135
Joined: Feb 2011
06-25-2018, 05:17 PM
(This post was last modified: 06-25-2018, 05:19 PM by Mem5.)
(06-23-2018, 11:29 AM)undeath Wrote: multibyte wordlists with rules are an open problem. Your wordlists will just work but rules will still only modify single bytes. Converting to hex or whatever is not going to solve that limitation.
To be sure to well understand you, if for example :
Example #1:
- Password of my WPA capture is "éatonávo"
- This word is inside my wordlist, encoded into UTF-8
Am I able to recover this password straight forward ?
Example #2:
- Password of my WPA capture is "éatonávo123"
- The wordlist includes "éatonávo", and I add a rule to add '123' at the end.
Do you mean the rule will not generate "éatonávo123" ?
Thank you for this clarification.
Posts: 2,301
Threads: 11
Joined: Jul 2010
06-25-2018, 05:36 PM
(This post was last modified: 06-25-2018, 05:38 PM by undeath.)
Both your cases will work. What will not work is for example rule "T0" to change the word to "Éatonávo".
Posts: 803
Threads: 135
Joined: Feb 2011
06-25-2018, 06:27 PM
(This post was last modified: 06-25-2018, 06:28 PM by Mem5.)
OK got it.
By the way, I just figure out that
WPA-Personal has a limitation conerning accented letters : "passphrase of 8 to 63
printable ASCII characters" : meaning it's not possible to enter 'é' or 'à', right ?
Posts: 5,185
Threads: 230
Joined: Apr 2010
From technical perspective there's no problem with utf8 used with PBKDF2 (the KDF of WPA/WPA2). The same goes with passwords < length 8. If a client or AP ignores the policies from WPA on passwords it's possible to use them.