Hashcat + wlangenpmkocl how to convert back to plaintext ?
#41
(02-27-2021, 06:00 PM)ZerBea Wrote: Yes. It's an ugly copy and paste error:
$ hashcat --stdout -r "hcxessid.rule" raw.list | sort | uniq > word.list

The hcxessid.rule will append some digits (1..9999, 123, 1234, ...) to the cleaned -E output of hcxpcapngtool.

BTW:
hcxtools are running in back ground of several online WPA PSK auditoring services, e.g.:
https://wpa-sec.stanev.org/
To see how they are implemented, take a look at the source:
https://github.com/RealEnder/dwpa

Where is hcxessid.rule located?
Reply
#42
hcxessid is located in my personal testing environment.
It is a very, very simple set of rules starting from
$0
to
$2 $0 $2 $1
$1 $2 $3 $4 $5
$1 $2 $3 $4 $5 $6
$1 $2 $3 $4 $5 $6 $7
$1 $2 $3 $4 $5 $6 $7 $8
$1 $2 $3 $4 $5 $6 $7 $8 $9
that include iterations with l(ower) u(pper) and c(apital).

After an analyze of wpa-sec recovered PSKs I noticed that only a few rule sets are really useful (mostly that rules which append a simple number or a date).
hcxeiutool -s output will give the basic words (from WiFi traffic) on which the rules are additionally appended to obtain a (real chance, user defined) PSK candidate.

BTW:
Parts of this rule are included in many common rules e.g. rockyou-30000.rule
/usr/share/hashcat/rules/
Reply