Page 1 of 2 12 LastLast
Results 1 to 10 of 11

Thread: Question about wordlists and aircrack-ng

  1. #1
    Just burned his ISO
    Join Date
    Oct 2009
    Posts
    3

    Default Question about wordlists and aircrack-ng

    I had two questions and I don't know if I should be asking them in different forums/threads so if there's a problem just let me know.

    1) My first question is regarding wordlists. My goal was to learn enough about to networking/linux/aircrack-ng to break into my own wireless network and use it. After a few weeks I've finally been able to get to the point in aircrack where I've captured the 4-way handshake but I can't figure out how to crack it.

    Now, the router's password is badtimes12 which of course isn't in the sample 'password.lst' that comes with aircrack. When I edit password.lst and added 'badtimes12' it "cracked" the password and says "key found" so I know my procedures/commands are correct.

    What I don't understand is how can you get a wordlist big enough to have not only every word, but every combination of words and numbers. Can anyone explain how wordlists work or how to get mine to work?

    I tried downloading wordlists that had every word in the dictionary in them. They included 'bad' and 'times' seperately but even when I added 'badtimes' it didn't work, it needs the exact password ("badtimes12") to work. How is it possible to even have a wordlist big enough to crack simple passwords like 'badtimes12'?

    I understand that wordlists can be as big as you want. But you would need a wordlist that is 500GB just be able to crack a 10-character password that is generated randomly. Take "e5o3!_3.@*" for instance; does this mean that password is uncrackable? Do professional hackers really keep a 500GB file around for cracking passwords or is there an easier way?

    Are there programs you just feed the psk.cap file and it cracks it?

    2)The first question was more conceptual but this is kind of a troubleshooting one.

    Everything I've tried from aircrack-ng has worked, including the injection test, except when I enter

    aireplay-ng -0 1 -a 00:14:6C:7E:40:80 -c 00:0F:B5:FD:FB:C2 ath0

    to do deauthentication. (Those MAC's are from the aircrack wiki) It tells me that I have "0 | 0 ACK", the troubleshooter says that means none of the packets being sent to the associated client are being heard. I was doing it to my other computer in the house so I know it's not too far, and I've gone through the rest of the troubleshooter and can't find the problem. My wireless card is an AR5007EG. Any suggestions?

  2. #2
    Just burned his ISO
    Join Date
    Sep 2009
    Posts
    4

    Default

    Be careful of putting your actual network information on forums its generally not a good practice.

    To address your post: Sounds like you are trying to go full brute force, not using a wordlist. Which means it'll take much much longer. Although I've never done it, I think you can pair up JTR with aircrack-ng to try and accomplish a more powerful wpa crack

  3. #3
    Just burned his ISO
    Join Date
    Oct 2009
    Posts
    3

    Default

    Can you explain how JTR works differently than a wordlist?

    And the passwords have sinced changed.

  4. #4
    Super Moderator Archangel-Amael's Avatar
    Join Date
    Jan 2010
    Location
    Somewhere
    Posts
    8,012

    Default

    Quote Originally Posted by glorifiedaccountant View Post
    Can you explain how JTR works differently than a wordlist?

    And the passwords have sinced changed.

    John the Ripper documentation
    To be successful here you should read all of the following.
    ForumRules
    ForumFAQ
    If you are new to Back|Track
    Back|Track Wiki
    Failure to do so will probably get your threads deleted or worse.

  5. #5
    Developer
    Join Date
    Mar 2007
    Posts
    6,126

    Default

    what you are trying to do is almost impossible. WPA is still secure as long as you meet the industry standard for a secure password. Most wpa auditing would be done with 1 - 5 gig lists depending on hardware. If the clients AP passed that it would be considered secure from 97% of badguys. Just do the math and see how many keys persecond you are cracking, with out gpu power I assume it 2000-3000 per second so you can easily do the math and see it would be over a year just to bruteforce a lowercase 8 char. Password.

  6. #6
    Just burned his ISO
    Join Date
    Oct 2009
    Posts
    3

    Default

    So assuming I don't enlist the help of my GPU, you just plain can't crack a WPA AP with a strong password at all? Or it just can't be done using wordlists?

  7. #7
    Just burned his ISO
    Join Date
    Oct 2009
    Posts
    9

    Default

    lastbit.com/pswcalc.asp

  8. #8
    Developer
    Join Date
    Mar 2007
    Posts
    6,126

    Default

    Quote Originally Posted by glorifiedaccountant View Post
    So assuming I don't enlist the help of my GPU, you just plain can't crack a WPA AP with a strong password at all? Or it just can't be done using wordlists?
    Pretty much yeah. If your password is like: Iams0l33titzIns4n3 You can pretty much rest easy its secure.

  9. #9
    Just burned his ISO
    Join Date
    Oct 2009
    Posts
    4

    Default

    What about CIA, NSA, FBI, and those types of guys? I heard that manufacturers cannot sell a network product in America if there isn't a backdoor password on the device, and that password has to be given up to pass SEC or one of those agency's, allowing it to be legally sold in the U.S.

  10. #10
    Developer balding_parrot's Avatar
    Join Date
    May 2007
    Posts
    3,399

    Default

    Quote Originally Posted by IHaveNoIdea View Post
    What about CIA, NSA, FBI, and those types of guys? I heard that manufacturers cannot sell a network product in America if there isn't a backdoor password on the device, and that password has to be given up to pass SEC or one of those agency's, allowing it to be legally sold in the U.S.
    Do you have any references to back up this claim ?

Page 1 of 2 12 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •