How to bruteforce?
#21
Thanks for the tip HashCatUtils. I can replace the 4 piped egrep command with req.bin 7 already. This tool is generally quicker than egrep?

Combinator would solve another problem I have. Not quite. It gives me idea how to solve my problem. Is it solveable, I still not know
#22
much faster. you can meassure yourself with the "time" command. point out the results to /dev/null to avoid influences from hdd/apps/whatever. i bet req.bin wil be 1000 times faster than 4 piped egreps Smile
#23
I am back with a request regarding mp32/64.bin. Is it possible to be able to store more than 4 charsets option Atom? perhaps 10 or more.
I am coming on a bruteforce way which can cut down brute force time significantly. Basically in a way of matrix check of the first 2 bits.
For the beginning I assume it should solve 8bit password, with low alpha only. Any WPA password could be solved between 6 to 10 days at 58000 k/s. Only in worst scenarios it would take a 'little' longer than standards. But with luck, and elegance possible to beat it at 10 day max.

I need the extention to probably 10 possible charsets to work on mix alpha numeric WPA password solving. Or more? maybe at the moment with 16. Because when touching all apha numeric the size of a would be wordlist or pipng time will be enorm, so refine of the matrix for the two first bit, or 3 will help. that is the idea. What do you think?

a ./mp64.bin -1 abcdefgh -2 abcdefghijklm -3 nopqrstuvwxyz -4 abcdefghijklmnopqrstuvwxyz ?1?2?4?4 ?4?4?4?4
b ./mp64.bin -1 abcdefgh -2 abcdefghijklm -3 nopqrstuvwxyz -4 abcdefghijklmnopqrstuvwxyz ?2?2?4?4 ?4?4?4?4
c ./mp64.bin -1 abcdefgh -2 abcdefghijklm -3 nopqrstuvwxyz -4 abcdefghijklmnopqrstuvwxyz ?3?2?4?4 ?4?4?4?4
d ./mp64.bin -1 abcdefgh -2 abcdefghijklm -3 nopqrstuvwxyz -4 abcdefghijklmnopqrstuvwxyz ?1?3?4?4 ?4?4?4?4
e ./mp64.bin -1 abcdefgh -2 abcdefghijklm -3 nopqrstuvwxyz -4 abcdefghijklmnopqrstuvwxyz ?2?3?4?4 ?4?4?4?4
f ./mp64.bin -1 abcdefgh -2 abcdefghijklm -3 nopqrstuvwxyz -4 abcdefghijklmnopqrstuvwxyz ?3?3?4?4 ?4?4?4?4

Some example tests:
12345678
0 hdsuhsnc found with a
1 abcdxzwy found with a
2 adeelotd found with a
3 kusdkeoq found with c
4 zxvcnhue found with c
5 wijfmcfd found with c
6 teivhanv found with c
7 weqiojjn found with c
8 yfdkjfkk found with c
9 hnoashh found with a or d
9 jimhashh found with d
9 khanashh found with e
9 mohamedh found with e
9 mqdhashh found with e
10 zzzzzaaz found with f

a..f equal 6 machines at 58k k/s can solve any 8bits WPA/PSK in max 10.41days
if one machine fights alone then with this method if the worst scenario happen that the solution is in the i.te run then that machine would need a total of 6.41*2+10.41*4 =54.46d, in stead of a grandtotal 41d straight brute forcing.

Conclusion:
- if run a lone and when the worst case happen that you need to run all 6 scenarios you need extra 20d instead of 41d
- but if you hit the key anywhere before next step, your performance is increased by at least 6d to 10d compare with the grandtotal 41d of normal brute forcing with 26 chars in 8bit password
- OR just try elegantly networking, and run problem distributed. Then between 6 average 58000k/s machines, after between 6 to max 10 days one of the machine will definitely spit out the key. In a small certain password area 2 machines will raising hand. But is it only due to the 4 charsets option available at the moment.


I may make mistake. Please do test and comment, and make it better. I still do study rules, mask attack, combinator , etc but can not get away from brute forcing idea because brute covers every possible combinations, it is only take time. It intrigues me since opposer can talk from impossible to solve WPA, or before OCLhashcat+ from trilian, billian years, opposer still feel safe in spite of 8xAMD6990 WPA solving monster and talk from hundred of years to lose for one WPA. I read a comment from s.o could be one in hacker scene, "When hacker comes at you, they come not linear, incremental, but (they come) in wave, asynchon, dis-harmonic, you won't know what hit you." Using mp in mask like this, "grouping the MPs" to attack could be one asynchron way that person was talking about.
#24
Quote:For example: the new T0XlC.rule set is really cool, try it on rockyou.txt or any other good dictionaries.
Please where can I find this t0xic.rule file ?
Thanks.
#25
its in rules/