Problems with bruteforce test wpa2
#1
Hello all,

I have run into some problems I cant solve, been at it for a day now and still no progress. I hope I can get some help here to solve my problem.   Smile 

I'am running Hashcat v6.1.1 on a fully updated Windows 10 (v1909, not v2004) with latest Nvidia drivers (v452.06) and a GTX 1080ti card + a AMD Ryzen 7 3800X on a X470 board.

I have a test router at home I'm trying to bruteforce, have captured a handshake in a hccapx file. Since it is my own router I know the password.

When I run a dictionary attack against the file I get a cracked status, but sometimes it doesn't write the results in the specified file, but it finds the password at least. Why wont it write the password in the RESULTS.txt file every run?

Command used:  hashcat -m 2500 Test_WiFi.hccapx -a 0 -w 3 Test_WiFi.txt -o RESULTS.txt --session=Test-Wifi


But when I use a bruteforce metod to try to find the password it fails all the time?? I have specified the letter to use since I know the password, but still only get status exhausted.

Command used: hashcat -m 2500 Test_WiFi.hccapx -a 3 -w 3 -1 ABCDE12345 ?1?1?1?1?1?1?1?1 -o RESULTS.txt --session=Test-Wifi


What am I doing wrong? Why wont it work?

Thank you in advance, K.    Smile
Reply
#2
1. you might need to use --potfile-disable if the file hashcat.potfile (by default; or Test-Wifi.potfile if you use --session=Test-Wifi) already contains the cracked hashes + password ("crack"), it want to crack it again and again and again
2. we need to know what the password is and the length of the password to tell you for sure, it's probably a misunderstanding or user error... maybe you are missing some characters in your custom charset etc. You must also make sure it wasn't already cracked (see --potfile-disable note above)
Reply
#3
1. Yes, I noticed that and tried the --potfile-disable switch. I even deleted the files between the tries since it said that the hash was already cracked. 

2. Ahh, sorry of course.  The password is 8 cases in length with uppercase and digits only.  The password is: DBCC4CEA33

I have also tried an older version 5.10 and I behaves the same way.

Trying to get to know the program and how to use it for later projects of similar typ and structure.  Wink
Reply
#4
it is very obvious:
DBCC4CEA33 is 10 characters long

while your mask:
?1?1?1?1?1?1?1?1

is only 8 characters long.

so you either need to use ?1?1?1?1?1?1?1?1?1?1

or use the increment option with a much longer mask e.g:
Code:
-a 3 --increment --increment-min 8 Test_WiFi.hccapx ?1?1?1?1?1?1?1?1?1?1?1
Reply
#5
OMG! I'm so tired so I cant even see the obvious.... Feel like bashing my head on a brick wall right now. Smile
Reply