Printable View
Hi all
I have grabbed the handshake form my WPA encripted network and now want to try and bruteforce it. Whats the best method to crack the 8 uppercase letter password?
If i was to create a wordlist with all the possible combinations this would be a massive file and would take a long time to generate so is there another way? Crunch??
If there is could you please explain how to do it/code as im fairly new to linux but keen to learn.
Thanks for any advice.
crunch can generate all possible combinations of your 8 character password. If you were to try to save crunch's output to a file the file size will be: 1750GB.
(x^y) * (y+1) = size in bytes
x is the length of the string 8
y is the length of the character set 26
(8^26) * (8+1) = 1750GB
You probably want to pipe crunch's output to aircrack like the following untested command:
/pentest/passwords/crunch/crunch 8 8 -f /pentest/passwords/crunch/charset.lst ualpha -u | aircrack-ng -e test -w - /pentest/wireless/aircrack-ng/test/wpa.cap
Good Luck
You probably want to find another way of cracking that WPA passphrase. There are 302231454903657293676544 possible combinations.:)
Regards
Uh, uh... What other way do you know for cracking WPA but bruteforce ?Quote:
Originally Posted by erhardm
Yep - only one way to crack WPA. On my box running 2x Nvidia 465 cards and 295 million passwords in the DB I can punch through the precomputed PMKs in under 5 minute. If the pass-phrase is in the DB then its trivial otherwise your stuck brute forcing with character sets which I haven't been able to get above 50000 PMKs.
how bout the traditional way... Dictionary attackQuote:
Uh, uh... What other way do you know for cracking WPA but bruteforce ?
To pipe crunch through aircrack would be a ridiculous waste of life. Even if you piped crunch through pyrit to take advantage of gpu technology it really still wouldn't be a rational option, unless you were brute forcing something like a combination of 8 numbers. My rig performs at right below 150,000 PMKs and even trying to brute force an 8 character password would still be unbelievably time consuming.
I recommend creating a really strong wordlist. If you can, make the list relevant to the target. look into a tool called cupp
precomputed data is good too, but from what I understand each password is salted by the essid of the access point so each password needs to be precomputed for each essid.
What are you running that gives you 150000 pmks? I have 2 465s and get 50k but dont do any overclocking. Are you running 6 of these things or do I need to reconfigure my setup. I know the 500 nvidia card series is pretty bad ass and was thinking of getting a couple of those.
I am such a pyrit fanboy now.
by the way there are some good crunch commands that can get you good results.
crunch gets me about 25% of my successful cracks and pyrit DB get the rest.
Quote:
Originally Posted by 2901119
im running 2 stock hd 6970s with calpp. They're nice but I wish i would have waited and gotten the 6990s. I originally picked up a gtx 580 but was only getting like 38,000 PMKs so I returned it. Care to share those crunch commands?
Ok so my setup is not capable of running speeds anywhere near mentioned in some of the posts so it would take a loooong time to crack the password!!!
Not sure if this is against forum rules, but could i send my handshake to someone on here who is able to run pyrit and see if they can crack it?
Thanks again
If it's your network why don't you just append the passphrase in a dictionary file and I'm sure your cracking would be successfulQuote:
Originally Posted by woody565
If you want to test your WPA against a superior dictionary attack, use Purehate's cracker: http://tools.question-defense.com/
Regards