Re: free online wpa cracker project idea
GingerP, A guy with extensive php knowledge would be invaluable on the team as mine is rusty at best. I'll put a pcap parser on the top of my todo list if I know someone is going to be putting it to good use. Since this project has clearly been given new life I feel I should do a status recap:
ToDo:
1) Get a script or python program going for volunteers to donate cpu power. This could be based on Sorbo's if he wants to join, or mine or a python one from scratch. It should include: gpu use option, some way of preventing people from doing the same work as others, some way of checking that clients did do the work. In the future, an option to upload handshakes from the script would be nice.
2) Server side checking that clients upload correct results prereq;pcap parser
3) Pcap parser
4) Option to select wordlist to try when uploading handshakes
5) Project homepage to track progress (googlecode)
6) More wordlists for default passwords (have Thomson, need all others)
Probably some stuff I'm forgetting
Volunteers - skills
GingerP - PHP
SecUpwN - cpu, ???
christ044 - bash, wordlists, cryptanalysis
maybe Sorbo - self evident competence in PHP and bash
Just want to say thanks to anyone willing to offer their help for this project, I honestly thought this project was a lost cause due to lack of support but its looking like were gonna pull through and create a really great service.
Re: free online wpa cracker project idea
Quote:
Originally Posted by
CKing
GingerP, A guy with extensive php knowledge would be invaluable on the team as mine is rusty at best. I'll put a pcap parser on the top of my todo list if I know someone is going to be putting it to good use. Since this project has clearly been given new life I feel I should do a status recap:
ToDo:
1) Get a script or python program going for volunteers to donate cpu power. This could be based on Sorbo's if he wants to join, or mine or a python one from scratch. It should include: gpu use option, some way of preventing people from doing the same work as others, some way of checking that clients did do the work. In the future, an option to upload handshakes from the script would be nice.
2) Server side checking that clients upload correct results prereq;pcap parser
3) Pcap parser
4) Option to select wordlist to try when uploading handshakes
5) Project homepage to track progress (googlecode)
6) More wordlists for default passwords (have Thomson, need all others)
Probably some stuff I'm forgetting
Volunteers - skills
GingerP - PHP
SecUpwN - cpu, ???
christ044 - bash, wordlists, cryptanalysis
maybe Sorbo - self evident competence in PHP and bash
Just want to say thanks to anyone willing to offer their help for this project, I honestly thought this project was a lost cause due to lack of support but its looking like were gonna pull through and create a really great service.
1) To prevent more than one CPU doing the same job I shall program that in PHP so it only serves the same PCAP file once, unless; The CPU used didn't return a correct key. If that is the case then I shall order all the results by number of attempts by CPUs in ascending order and return one file. This allows fair usage of CPUs.
4 & 6) The Word lists can be an option on the submit form and the word lists can be hosted on the server where the CPU can download the word list if they haven't cache it.
I've start working on it site later today and shall upload every at wpa.runningbackwards.co.uk
Thank-you for having me on your team
GingerP
Re: free online wpa cracker project idea
Quote:
Re: free online wpa cracker project idea
Give up, or check HERE.
That doesn't help in any way shape or form.
Anyways, "The more you put in, the more you get out." - Richard Reeves. And we are putting lots in so it WILL pay off.
And mods, what is the point of having to approve posts if your going to let any post though that does nothing worth wild?
Re: free online wpa cracker project idea
This is going to be a lot of hard work but it seems like you guys are off to a good start. just dont be disappointed if it fails.
Re: free online wpa cracker project idea
Quote:
Originally Posted by
GingerP
That doesn't help in any way shape or form.
Anyways, "The more you put in, the more you get out." - Richard Reeves. And we are putting lots in so it WILL pay off.
And mods, what is the point of having to approve posts if your going to let any post though that does nothing worth wild?
The post approval process is only for a users first 15 posts. I agree that post was not necessary and I have removed it. In the future, when you have a "user" issue, please PM a moderator for assistance and if that doesn't work PM me.
Re: free online wpa cracker project idea
Okay, post was not called for I should know better, I heard and see the trouble Pure_hate went through/is going through, doing something that takes less work and WITH MORE resources, hence my headache PROFANITY, but whatever guess time`s change hey, I am not a negative person at all and I really hope you effort pays off, was just expressing my opinion (which is what forums are here for) granted not in the best way, but I bet you in the end you will agree with me, I hope you prove me wrong.
Re: free online wpa cracker project idea
Whoo-yeah, awesome to see the project starting off into the wild! :cool:
Now let me throw in some of my own thoughts:
To point #5, the project homepage to track progress (googlecode): It seems as if GingerP already created a project website for our Online WPA Cracker. The site itself looks neat (even the team has already been mentioned), but I'd suggest to get a domain that's a little better memorable as well as a name that makes our project stand out.
And here's what I could contribute so far (to be added to the mentioned list from CKing):
SecUpwN - cpu (once my new comp arrives), wordlists, mind power and creative juices.
Speaking of wordlists: The idea of the different wordlists residing online is great. Right now I keep generating and modifying my own list(s), filesize and words keep increasing constantly. Cutting right down to my point: I'd still like to be able to run the cracking process with some type of batch processing OFFLINE on my own computers. Once being online, the script/tool/program should be able to upload any found passes to the website.
Which brings me to my next point: If we SHOULD be letting users download handshakes independently and enable them to type found passes into a box (see Sorbo's site), we should implement some type mechanism that passwords typed by hand are checked against the handshakes, thus eliminating false results and/or unnecessary cracking.
I'm always open to constructive criticism. Let me know your thoughts on these things.
Thanks to everyone who contributed so far, keep rollin'!
SecUpwN
Re: free online wpa cracker project idea
My view on this idea is simply that I have the hardware ( 1 workstation with 1 Cuda GPU, 5 servers with 4 Cuda GPU's each, everything networked, I have BT, and I have the skills to do it myself.
By uploading to anyone/anything else I risk someone in "the loop" whom I have not vetted and I really couldn't afford the risk.
The cost to you, I think, is far beyond what you anticipate relative to the number of people who will be using your "service" ( if even sampled only once by some). I think, for practice/knowledge generation, with only people you personally know and trust having access it's a good project.
The concept of access resulting from number of posts is not a good idea. I've seen many people making many posts and having both nothing to contribute and demonstrating either a lack of knowledge or a malicious intent.
I still like the concept, but as I said, only for those you actually know.
Re: free online wpa cracker project idea
You're all looking at cracking the wrong way. Brute force is the LAST resort. WPA has several interesting vulnerabilities that don't involve brute forcing...among them Hole 192 and the Beck-Tews TKIP crack. Yes, brute forcing will never be retired as a password cracking strategy, but let's face it- it's just setting your computer to guess for you. Let's focus on real cracking applications, then brute force.
Re: free online wpa cracker project idea
Quote:
Originally Posted by
AlphaandOmega
My view on this idea is simply that I have the hardware ( 1 workstation with 1 Cuda GPU, 5 servers with 4 Cuda GPU's each, everything networked, I have BT, and I have the skills to do it myself.
Good for you, do as YOU wish and do it yourself. Your post is no addition at all to OUR project. We are aware that something big as this can fail, but man.. someone's gotta try it! So either you keep productive juices flowing, or just friggin' keep your mouth shut, 'cause statements as yours just brings people down.
Quote:
Originally Posted by
AlphaandOmega
By uploading to anyone/anything else I risk someone in "the loop" whom I have not vetted and I really couldn't afford the risk.
As for this "risk"-issue: I've been looking a long time online for a tool purehate introduced a while ago. It's called "BSSID-MUNGE" and enables users to scramble every information that makes handshakes traceable. Unfortunately though, the link to the tool is outdated and the developer obviously doesn't respond to mails. Does anyone here have a backup of that tool? Cutting to the point: What if our project would incorporate such tool into the online service? Say, once a user uploads a handshake, all information within the handshake is scrambled and in turn the uploader receives the new completely random ESSID and BSSID of his handshake? Looks like a good possibility to wipe these concerns.
Quote:
Originally Posted by
Sys7emR00t
You're all looking at cracking the wrong way. Brute force is the LAST resort.
Mate, you clearly didn't get the point. Please read the thread again, who's talking about brute forcing here? Noone. A wordlist attack is NOT brute forcing at all. Think before you type.
SecUpwN
