Page 1 of 2 12 LastLast
Results 1 to 10 of 17

Thread: brute force vs dictionary attacks

  1. #1
    Junior Member
    Join Date
    Mar 2010
    Posts
    47

    Default brute force vs dictionary attacks

    Dear All
    i am in the middle of trying to break into my bt homehub 2 router using SPA2 psk.
    i have successfully got a handshake.
    however i am having problems as the key that it comes with is by default a random 8 character upper case letters and numbers.
    my questions are as follows:
    1)when brute forcing do i need a dictionary file?
    2)will the cracking program (aircrack or equivilent) have an option of only trying 8 character passwords?
    many thanks
    Yoma

  2. #2
    Member CKing's Avatar
    Join Date
    Mar 2010
    Location
    downtown, riverfront
    Posts
    83

    Default Re: brute force vs dictionary attacks

    You don't need a dictionary for a brute force attack. I would suggest using crunch to pipe the combinations to pyrit or aircrack IF an attack like this was feasible. 36 possible chars at 8 chars long results in 2 821 109 907 456 possible combinations. I would suggest having a friend set the WPA PSK password to something out of the dictionary. Then you can try every word out of the dictionary to find the password.
    A true gentleman, a good hearty guy.

  3. #3
    My life is this forum Snayler's Avatar
    Join Date
    Jan 2010
    Posts
    1,418

    Default Re: brute force vs dictionary attacks

    I believe those passwords are hexadecimal. Meaning that we would have 4 294 967 296 possible combinations (16char^8).

  4. #4
    Member CKing's Avatar
    Join Date
    Mar 2010
    Location
    downtown, riverfront
    Posts
    83

    Default Re: brute force vs dictionary attacks

    Quote Originally Posted by Snayler View Post
    I believe those passwords are hexadecimal. Meaning that we would have 4 294 967 296 possible combinations (16char^8).
    Google seems to agree. Looks like an sha-1 is used to derive the key from the serial number. I stand corrected, 4 billion passwords would be feasible for a well equipped modern computer.
    A true gentleman, a good hearty guy.

  5. #5
    Developer
    Join Date
    Mar 2007
    Posts
    6,124

    Default Re: brute force vs dictionary attacks

    Quote Originally Posted by CKing View Post
    Google seems to agree. Looks like an sha-1 is used to derive the key from the serial number. I stand corrected, 4 billion passwords would be feasible for a well equipped modern computer.
    At 100,000 keys per second it would still take 11 hours to do a 8 char hex bruteforce, So assuming a modern day cpu can do 3000-4000 keys per second I am not sure I would consider that feasible.

  6. #6
    Member CKing's Avatar
    Join Date
    Mar 2010
    Location
    downtown, riverfront
    Posts
    83

    Default Re: brute force vs dictionary attacks

    Quote Originally Posted by purehate View Post
    At 100,000 keys per second it would still take 11 hours to do a 8 char hex bruteforce, So assuming a modern day cpu can do 3000-4000 keys per second I am not sure I would consider that feasible.
    What if we were to throw a gtx 295 or similar into the mix? My ballpark estimate is 2 to 2 1/2 days. I consider that feasible considering that this is a standard setup that most people accept as secure(their website makes the claim that its "almost impossible to crack") My viewpoint is that any gamer skiddie with a decent gpu can move to his new flat and have almost guaranteed access to one of these default setups, since I gather that this is fairly common AP across the pond(would the op like to enlighten us?) I would actually consider this a fairly significant security risk.

    sources
    The New BT Home Hub
    A true gentleman, a good hearty guy.

  7. #7
    Junior Member
    Join Date
    Mar 2010
    Posts
    47

    Default Re: brute force vs dictionary attacks

    Quote Originally Posted by CKing View Post
    since I gather that this is fairly common AP across the pond(would the op like to enlighten us?) I would actually consider this a fairly significant security risk.
    yes this is an incredibly common AP here over the pond infact in my average housing area HALF of all AP are BT homehubs.
    all with wpa encryption.

    the time it would take is feasable but how do i pipe crunch to aircrack and how would i tell it to produce only 8 character hex keys?

    the key is the default one on the homehub, in this case i feel i dont need to get a friend to set it as i can remain unbiased.


    cheers
    Yoma

  8. #8
    Member CKing's Avatar
    Join Date
    Mar 2010
    Location
    downtown, riverfront
    Posts
    83

    Default Re: brute force vs dictionary attacks

    I dont suggest aircrack, what sort of hardware are you running? A powerful GPU will be the only thing making this attack feasible. In any case the crunch command would look something like this:
    Code:
    ./crunch 8 8 1234567890ABCDEF
    This will create all 8 char passwords with hex chars.
    A true gentleman, a good hearty guy.

  9. #9
    Just burned his ISO
    Join Date
    Aug 2010
    Posts
    4

    Default Re: brute force vs dictionary attacks

    ./crunch 8 8 1234567890ABCDEF

    EXACTLY what I'm looking for! TY!



    But how exactly would you use this? Just put this where you would normal, say, use JTR?

  10. #10
    Junior Member
    Join Date
    Mar 2010
    Posts
    47

    Default Re: brute force vs dictionary attacks

    i am using hardware that will take 52 hours to crack the key!
    which is not a problem as the laptop in question can just sit in the corner working away.
    however would i have to first generate a wordslist using crunch or can i get crunch to basically directly feed the keys into aircrack without the need for the use of a large dictionary?
    how big would this dictionary be?
    cheers
    yoma

Page 1 of 2 12 LastLast

Similar Threads

  1. Brute force a .cap
    By grahamb314 in forum OLD Newbie Area
    Replies: 2
    Last Post: 01-02-2010, 02:49 PM
  2. BT4 Brute Force...
    By xPhantom in forum OLD Newbie Area
    Replies: 11
    Last Post: 12-16-2009, 07:52 PM
  3. SSH Brute Force
    By hhmatt in forum OLD BackTrack 4 Software Related Issues
    Replies: 3
    Last Post: 12-15-2009, 11:35 PM
  4. Dictionary Generator & SSH Brute Force
    By bjm2q in forum OLD Newbie Area
    Replies: 21
    Last Post: 05-18-2008, 06:09 AM
  5. Looking for a brute force generator
    By hackproof in forum OLD Newbie Area
    Replies: 7
    Last Post: 01-08-2008, 05:34 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •