Please note, this is a STATIC archive of website hashcat.net from October 2020, cach3.com does not collect or store any user information, there is no "phishing" involved.

hashcat Forum

Full Version: hashcat does not seem to crack via mask
You're currently viewing a stripped down version of our content. View the full version with proper formatting.
i decided to make it easier for hashcat to find the password for wpa/2 i set the wireless password to carinane witch is what the candidates would show it working on after a few seconds

then recaptured the 4 way handshake using airodump-ng and deauth via aireplay-ng then converted the cap file via your online converter and after running hashcat long enough for carinane to show up hashcat continued running  it should have stopped and showed the found password.

i thought maybe using it on a guest network was the reason but it looks like either the capture tools of aircrack-ng are at fault creating faulty cap files (garbage in garbage out) or hashcat does not stop or indicate anything until it has gone through the entire keyspace.

if the capture tools of aircrack-ng are at fault  then what is a good set of tools to use.

i know that for at least wordlists hashcat will stop and show the password if it is found because as a test i put the password near the beginning of the list to make it easier



here is the command i am using

'/root/Downloads/hashcat-3.5.0/hashcat-3.5.0/hashcat64.bin' -m 2500 -i --increment-min 8 --increment-max 20 /root/3.hccapx -a3 -1 "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890 " ?1?1?1?1?1?1?1?1 -w 4

the binaries are of the latest from downloads and is stored in the downloads

i am using increment min minimum of 8 because the wpa/2 standards dictate minimum of 8  however some routers may require numbers and case sensitive but mine is not require that.

i am using increment max of 20 since most users do not use any more than 20 let alone the entire 64 of the standard

the capture file may be faulty because of capture tools although did work with wordlists.

"abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890 " is the charset since most users do not use the symbols

w4 to max the workload however since upgrading to the gtx960 from the quadro 600 i notice the desktop is more responsive so it may be possible we need a new workload level of maybe 5 or is there a tweak so i can force the card to use more of it's ram?

i have no way to attach the cap file but you can make it your self   just change your router password to "caranane" and use the capture method?

i however would like to be able to do a sequential brute force attack that is where the chars are rolled like numbers on a counter  how do i get brute force instead of mask or get the mask to do the same as brute force.

i am considering crunching a complete wordlist of brute force sequence and that is faster in hashcat since there isnt then the overhead due to the internal generator.

under the quadro 600 i got 4000 wpa/2 keys per second with internal generator and 4800 keys per second from wordlist.

the wordlists will be a last resort as it will require many gigs and terabytes of data to store

thanks for the help
after some experimenting with hashcat it turns out the mask processor is the only way to get a classic brute force.

i mean by classic brute force is sequential tries on the password

aaaaa
aaaab
aaaac


zzzzx
zzzzy
zzzzz

i have to pipe mp64 into hashcat witch slows a little but at least i know what the status better .

you may say "bruteforcing is so old" you are right but if you dont have one sliver of the password that is the only way.

and why hashcat did not seem to work is because the mask attacker generates random passwords so it does not hit the password as soon even though i make it easier by using password that it hits quickly
Yet another thread where you go off the deep end and have no clue what you're talking about.

Mask attack in hashcat is not random, it's quite the opposite. It uses probabilistic Markov ordering to ensure that the most likely passwords are cracked first. You can disable Markov and use classic brute force by using --markov-disable, there's no need to use maskprocessor.

There are lots of other approaches one can use when they have no knowledge of the plaintext. Brute force is probably the least intelligent approach.
the reason i dont know is because the info is too difficult to find especially google and youtube i will try that and see what happens.

also note i see now the The-Distribution-Which-Does-Not-Handle-OpenCL-Well (Kali) rolling 2017 1 live cd now has more cuda ready programs .
You can find almost everything you need to know on the wiki: https://hashcat.net/wiki/