Posts: 63
Threads: 10
Joined: Nov 2017
(02-27-2021, 06:00 PM)ZerBea Wrote: Yes. It's an ugly copy and paste error:
$ hashcat --stdout -r "hcxessid.rule" raw.list | sort | uniq > word.list
The hcxessid.rule will append some digits (1..9999, 123, 1234, ...) to the cleaned -E output of hcxpcapngtool.
BTW:
hcxtools are running in back ground of several online WPA PSK auditoring services, e.g.:
https://wpa-sec.stanev.org/
To see how they are implemented, take a look at the source:
https://github.com/RealEnder/dwpa
Where is hcxessid.rule located?
Posts: 1,044
Threads: 2
Joined: Jun 2017
hcxessid is located in my personal testing environment.
It is a very, very simple set of rules starting from
$0
to
$2 $0 $2 $1
$1 $2 $3 $4 $5
$1 $2 $3 $4 $5 $6
$1 $2 $3 $4 $5 $6 $7
$1 $2 $3 $4 $5 $6 $7 $8
$1 $2 $3 $4 $5 $6 $7 $8 $9
that include iterations with l(ower) u(pper) and c(apital).
After an analyze of wpa-sec recovered PSKs I noticed that only a few rule sets are really useful (mostly that rules which append a simple number or a date).
hcxeiutool -s output will give the basic words (from WiFi traffic) on which the rules are additionally appended to obtain a (real chance, user defined) PSK candidate.
BTW:
Parts of this rule are included in many common rules e.g. rockyou-30000.rule
/usr/share/hashcat/rules/