Quantcast
Channel: hashcat Forum - All Forums
Viewing all articles
Browse latest Browse all 7673

Problems with WPA rejection of candidates

$
0
0
Hello, first time here.

I'm having some issues with the WPA algorithm rejecting all my candidate passwords before applying any rules (that would make them valid >len8 candidates)

I'm competing with my roommate, and we decided to start with 5 short passwords (8 characters), and so far he's ahead with python scripts to generate dictionaries + aircrack...

Here is some code + output to demonstrate what is happening. You can see that the append rule produces 4 valid results out of 5. Yet hashcat seems to evaluate the candidates based on the lenght of the base word... I would expect it to reject 5 out of the 25 candidates, but it just goes ham.

Code:
C:\me\hackhim>echo 1234567| hashcat -r .\rules\append.rule --stdout
1234567
12345671
1234567123
12345672
123456712

C:\me\hackhim>echo 1234567| hashcat -r .\rules\append.rule -m 2500 .\captures\catAll.hccap
hashcat (v3.10) starting...

OpenCL Platform #1: Intel(R) Corporation
========================================
- Device #1: Intel(R) HD Graphics 4600, 407/1629 MB allocatable, 20MCU
- Device #2: Intel(R) Core(TM) i7-4720HQ CPU @ 2.60GHz, skipped

OpenCL Platform #2: NVIDIA Corporation
======================================
- Device #3: GeForce GTX 960M, 512/2048 MB allocatable, 5MCU
- Device #3: WARNING! Kernel exec timeout is not disabled, it might cause you errors of code 702
             See the wiki on how to disable it: https://hashcat.net/wiki/doku.php?id=timeout_patch

WARN: nvmlDeviceGetFanSpeed() 3 Not Supported

Hashes: 5 hashes; 5 unique digests, 5 unique salts
Bitmaps: 16 bits, 65536 entries, 0x0000ffff mask, 262144 bytes, 5/13 rotates
Rules: 5
Applicable Optimizers:
* Zero-Byte
* Slow-Hash-SIMD
Watchdog: Temperature abort trigger set to 90c
Watchdog: Temperature retain trigger set to 75c

Starting attack in stdin mode...


Session.Name...: hashcat
Status.........: Exhausted
Rules.Type.....: File (.\rules\append.rule)
Input.Mode.....: Pipe
Hash.Target....: File (.\captures\catAll.hccap)
Hash.Type......: WPA/WPA2
Time.Started...: 0 secs
Speed.Dev.#1...:        0 H/s (0.00ms)
Speed.Dev.#3...:        0 H/s (0.00ms)
Speed.Dev.#*...:        0 H/s
Recovered......: 0/5 (0.00%) Digests, 0/5 (0.00%) Salts
Progress.......: 25
Rejected.......: 25

Started: Wed Sep 07 06:01:00 2016
Stopped: Wed Sep 07 06:01:07 2016

C:\me\hackhim>

Works like a charm for len>=8 base words, and I've tested it on my own handshakes, so I know it's working.

Also, on the same bucket of problems, here is another error that I've found:

(at least) On hashcat v3.10, rejection rules are not working on the 'slow algorithm' which is WPA, contrary to what is stated on the rule-based attack page... Proof :

Code:
C:\me\hackhim>echo ^<C > small.rule

C:\me\hackhim>type small.rule
<C

C:\me\hackhim>echo 12345678| hashcat -r .\small.rule -m 2500 .\captures\catAll.hccap
hashcat (v3.10) starting...

WARNING: Cannot convert rule for use on OpenCL device in file .\small.rule on line 1: <C


ERROR: No valid rules left


C:\me\hackhim>



I managed to get a dirty workaround for these problems by piping hashcat into itself, which fells pretty dumb.

And then I tried something more complex, a combination attack (which doesnt accept rules for god knows what reason), piped into my rule set, piped into the actual hash cracking. It didn't work, and I got presented with a pretty... well, see for yourself:

Code:
C:\me\hackhim>hashcat -a 1 --stdout -j c -k c guesses.dic guesses.dic | hashcat --stdout -r small.rule -r .\rules\append.rule | hashcat -m 2500 .\captures\catAll.hccap


ERROR: C:\Program Files\hashcat-3.10/stdout.induct: Permission denied

hashcat (v3.10) starting...
And then it exhausts without processing a single word...


Sorry for the huge dump of complaints, it's just that all this is giving me a hard time in something that is already challenging... Thanks a bunch for any help :/

Viewing all articles
Browse latest Browse all 7673

Trending Articles