0

I'm playing around with Kali and am looking to crack my WPA2 default password.

I started generating 10 character passwords with a charset of solely digits and upper alpha lastnight and after 10 mins, I had a 40gb text file and the first character was still "A".

It was generating a lot of redundancy so I thought if I could find some patterns in the auto-generated default ISP password then I could greatly reduce my scope of combinations.

In my research I noticed that all the passwords were 10 characters with a combination of 3-6 digits and 3-6 upper alpha.

So if I implement these rules, I could greatly reduce my scope and only be generating combinations that are relevant.

I've tried John the ripper and maskprocessor but I don't see rules for constructing combinations like this?

Are there other tools that allow these types of rules or perhaps features I'm unaware of in the tools mentioned?

Edward
  • 3
  • 2
  • Hashcat supports this; you could also use crunch or your own script to generate the proper characters and pipe/load the output into one of the tools you've tried. – multithr3at3d May 07 '19 at 23:38

1 Answers1

1

Don't generate candidates external to the cracking tool if you can help it. Instead, let the cracking tool generate the candidates for you on-chip. This is much faster for faster hashes (but makes less of a difference for slow ones like bcrypt or WPA2).

If you have complex composition requirements, you can generate a list of masks instead (which can also be used on-chip in most attacks).

Royce Williams
  • 9,128
  • 1
  • 31
  • 55