Knowing part of the key

Printable View

Show 40 post(s) from this thread on one page

05-29-2009, 11:05 PM
new2bt3

Knowing part of the key

Heres a question,

Most of the time when the DSL companies set up the modem for the client or talk them through it over the phone (Usually 2WIRE modems with built in wifi) They have the people put in their 10 digit phone number in as the key.

With knowing this is there a way of speeding up the process of cracking the key with the pre-knowledge of the first 3 digits (Usually AreaCode)??? That is if they are using the default setup of the phone number. Is there a method of doing this for WEP?

I see how editing a dictionary file to prefix the first 3 digits for a WPA attack is possible but not sure about this for WEP.

This would not be a better attack as it would only shave off a minute of the, what would be a 3 or 4 minute attack as it were. But something new.
05-30-2009, 01:24 AM
sircrazy

you is trying to access your neighbors wifi and you think they might have the phone number password?

am I correct in this so I know a proper way to get your answer.
05-30-2009, 03:57 AM
Barry

Quote:

Originally Posted by new2bt3

Heres a question,

Most of the time when the DSL companies set up the modem for the client or talk them through it over the phone (Usually 2WIRE modems with built in wifi) They have the people put in their 10 digit phone number in as the key.

With knowing this is there a way of speeding up the process of cracking the key with the pre-knowledge of the first 3 digits (Usually AreaCode)??? That is if they are using the default setup of the phone number. Is there a method of doing this for WEP?

I see how editing a dictionary file to prefix the first 3 digits for a WPA attack is possible but not sure about this for WEP.

This would not be a better attack as it would only shave off a minute of the, what would be a 3 or 4 minute attack as it were. But something new.

Pretty sure there's a thread here about this very thing, actually I'm pretty sure it has almost the same thread title.
05-30-2009, 04:52 AM
imported_vvpalin

Um from what i remember reading 2wire comes with a default wep key, that also happens to be the password for the router.
05-30-2009, 04:03 PM
Wummi

why would you need this for WEP? does anyone really bruteforce WEP? why would someone?

also: GTFO the neighbors wifi ^^
05-30-2009, 05:30 PM
new2bt3

Quote:

Originally Posted by sircrazy

you is trying to access your neighbors wifi and you think they might have the phone number password?

Accusations of script kiddy theft are uncalled for as I can just as simply run airodump/aireplay/aircrack, or spoonwep, or airoscript, or autowep, or anyone of the other scripts to gain access to the key in under a few minutes.

No actually, I am not trying to steal the neighbors wifi. I know that through my experience, not only as working for one of the biggest DSL providers in the country, but from my IN THE WILD testing, that phone numbers are the password in about 75+% of what I have tested (here in Los Angeles at least)...

I was just wondering if there were anyone or anyway of using predictive key cracking methods while going at WEP? This would be easy to cat a dictionary file to prefix the first 3 digits of all words in the dictionary file for running an attack against WPA. But I am not talking about throwing a dictionary at WEP. Was think along the lines of the creation of new ideas and methods of how the code can be broken.

Thinking that if aircrack knew 3 of the 10 digits to to crack it might take a third of the time off of the cracking.. I am sure that if not now, that soon something can take advantage of predictive key cracking in this fashion.

Quote:

Originally Posted by Wummi

also: GTFO the neighbors wifi ^^

Please all the neighbors are running DSL which at best out here is 3meg down and 768kUP, and with the signal and distance from where I am at I would hardly be able to stream a youtube video. While here where I am staying I got a 10meg down 1.5meg up connection, And to tell you the truth the people who I am staying with right now have Cable Modem and even they have their WEP password set up as their phone number. Thats just what the providers out here tell people to do so they cant forget their key.. Alot of stupid people out here...
05-30-2009, 08:01 PM
Wummi

i still don't understand the use for this. whats the reason on reducing the WEP cracking time anyhow? aircrack with its voting system is pretty darn fast. the next best texas instruments calc would do it in a couple of minutes i guess.

as for WPA, that approach seems fine, cause you have to generate a wordlist anyhow

edit: whatever, after looking at the aircrack manpage:

Quote:

Static WEP cracking options:
-c
Search alpha-numeric characters only.
-t
Search binary coded decimal characters only.
-h
Search the numeric key for Fritz!BOX
-d <mask>
Specify mask of the key. For example: A1:XX:CF

this options should help, if you know something about the key format beforehand - you were looking for something like those options i guess
05-30-2009, 09:54 PM
Archangel-Amael

Quote:

Originally Posted by new2bt3

Accusations of script kiddy theft are uncalled for as I can just as simply run airodump/aireplay/aircrack, or spoonwep, or airoscript, or autowep, or anyone of the other scripts to gain access to the key in under a few minutes.

Don't get mad.
Remember that you are fighting an uphill battle. The only thing that people have to go off of is what you post.
To Wit:

Quote:

No actually, I am not trying to steal the neighbors wifi. I know that through my experience, not only as working for one of the biggest DSL providers in the country, but from my IN THE WILD testing, that phone numbers are the password in about 75+% of what I have tested (here in Los Angeles at least)...

See this section above, it makes you look like a script kiddie.
Why? Well that's easy, re-read what you wrote. Claims of "IN THE WILD testing" well that would generally be indicative of illegal activities. "75% of what you tested" What you tested should be your own equipment. As such 100% is the number you would want to have stated, since you would know the password.

Quote:

I was just wondering if there were anyone or anyway of using predictive key cracking methods while going at WEP? This would be easy to cat a dictionary file to prefix the first 3 digits of all words in the dictionary file for running an attack against WPA. But I am not talking about throwing a dictionary at WEP. Was think along the lines of the creation of new ideas and methods of how the code can be broken.

Every one and their dog knows that wep is broken. As such one should follow industry best practices and use something like wpa2 etc.

Quote:

Thinking that if aircrack knew 3 of the 10 digits to to crack it might take a third of the time off of the cracking.. I am sure that if not now, that soon something can take advantage of predictive key cracking in this fashion.

WEP has been cracked in under 5 minutes. What more could be asked for.
Leave WEP alone focus your energy elsewhere. It will be more productive as there really is no need to re-invent the wheel.
05-30-2009, 10:01 PM
imported_vvpalin

Quote:

Originally Posted by archangel.amael

See this section above, it makes you look like a script kiddie.
Why? Well that's easy, re-read what you wrote. Claims of "IN THE WILD testing" well that would generally be indicative of illegal activities. "75% of what you tested" What you tested should be your own equipment. As such 100% is the number you would want to have stated, since you would know the password.

I was 2 seconds away from reporting it and clicked back to make sure i got everything correct and low and behold you posted already lol
05-31-2009, 05:17 AM
Virchanza

Quote:

Originally Posted by archangel.amael

WEP has been cracked in under 5 minutes.

Once or twice I've had Aircrack-ng finish in the blink of an eye. As soon as I hit Return it just pops up Key Found! :)

And that's without talking about SpoonWEP :rolleyes:

Show 40 post(s) from this thread on one page