Dictonary file problem

[johnyt]

Hi I made a large dictionary file 36GB ish using this command:

/pentest/password/crunch 8 8 1234567890abcdef &> /mnt/sdd1/8hex

After that was finsihed I did the old WPA handshake grabbing but when it came to running this command:

aircrack-ng -w /mnt/sdd1/8hex -b 00:00:00:00:00:00 psk*.cap

All I get is:

Empty Dictionary
Empty Dictionary
Opening PSK-01.cap
Opening PSK-02.cap
Please specify a dictionary (Option -w)

I created a smaller dictionary with just 2 didgits and that worked fine ( well it ran through ) So is there something i need to do when handling large files like my 36Gb dictionary?

[level]

Quoted from the aircrack-ng tutorial:

Next, we look at cracking WEP with a dictionary. In order to do this, we need dictionary files with ascii or hexadecimal keys to try. Remember, a single file can only have ascii or hexadecimal keys in it, not both.

Example 64 bit hexadecimal key: “12:34:56:78:90” (Note the ”:” between each two characters.)

[johnyt]

I'm sorry but I don't quite follow. I'm not trying a WEP attack, I'm trying a WPA.

I have set a WPA password on my router to ffffffff and out of interest I wanted to see how long it would take to go from 00000000 to ffffffff in a brute force attack. A few hours? A few days?

I have no real practical use for this I just want to see if I could get it to work

[level]

You can't do a plain dictionary attack with WPA. You need to include the SSID. Check out the tutorials over at the aircrack-ng site.

[johnyt]

Yes i have included the ssid if you see in my oririnal post i wrote -b 00:00:00:00:00:00 I just put the zeros in to hide my real ssid. And like I said before I tried it with a 2 didgit version using the exact same methods and it worked. I have followed the guides exactly by setting my adaptor to monitor mode, de-authing my other station and recording the hand shake but the last command fails and only fails with the 36gb file I made earlyer.

I have even followed this guys tutorial http://forums.remote-exploit.org/showthread.php?t=8230 and it's exactly how I've been doing it and how the guides say its done also.

I'm thinking the problem is more to do with the way Im creating the dictonary file in the first place. aircrack-ng is telling me the dictionary file is empty which makes me think its not been finalized properly or something. k-write fails to open the file also. But if i start the crunch command then halt it almost within a few seconds k-wite can read the incomplete file with ease. This is beating me and I dont like it

[Thorn]

Is the dictionary file unicode type, where the lines end in a LF, or is it MS-DOS type where the lines end in LR/CR? That can make a huge difference.

[johnyt]

To be honest I have no idea. This is the exact command I used to create the dictionary in BT3 beta:

/pentest/password/crunch 8 8 1234567890abcdef &> /mnt/sdd1/8hex

I've deleted the file now but it would only take 25 - 30 mins to create another using the same method. You mentioned LF & LR/CR, which is the correct format and how would I make sure I am creating the correct one? I did notice that the file I created was an unknown file type in windows and had no extension ( eg .txt ) but I have no use for it in windows. In BT3beta the file is associated with k-write but won't open. I guess 36gb is too much for k-write to handle.

Thanks for the info so far. Hope I can get this cracked some day ( no pun intended )

[Thorn]

To be honest I have no idea. This is the exact command I used to create the dictionary in BT3 beta:

/pentest/password/crunch 8 8 1234567890abcdef &> /mnt/sdd1/8hex

I've deleted the file now but it would only take 25 - 30 mins to create another using the same method. You mentioned LF & LR/CR, which is the correct format and how would I make sure I am creating the correct one? I did notice that the file I created was an unknown file type in windows and had no extension ( eg .txt ) but I have no use for it in windows. In BT3beta the file is associated with k-write but won't open. I guess 36gb is too much for k-write to handle.

Thanks for the info so far. Hope I can get this cracked some day ( no pun intended )

Since you're using a Linux program, the result is probably unicode. To verify this, just look at the file in a hex editor. If a line ends in just an LF (0A), that isn't the problem. If a line ends in a pair of LF and CR together (0A 0D), then it's an issue.

If that is the case, you'll have to look as the man page for the crunch program to see if the output can be adjusted.

LF = Hex 0A, Decimal 10
CR = Hex 0D, Decimal 13

[DaKahuna]

Since you're using a Linux program, the result is probably unicode. To verify this, just look at the file in a hex editor. If a line ends in just an LF (0A), that isn't the problem. If a line ends in a pair of LF and CR together (0A 0D), then it's an issue.

If that is the case, you'll have to look as the man page for the crunch program to see if the output can be adjusted.

LF = Hex 0A, Decimal 10
CR = Hex 0D, Decimal 13

Thorn is correct but for n00bs I find it easier to tell them to look at the file in vi. If it is unicode there will be nothing shown at the end of the line. However, if it is MS-DOS file type in VI you will see a blue ^M at the end of each line. If that is the case then run dos2linux, which will change a MS-DOS file to unicode.

[johnyt]

Hi ok I have created just a 2 digit version using te same crunch method and loaded it into khexedit. It looks fine to me with just 0A ending each 2 digit. Only problem i have now is that I cant find any thing that will open up my 36gb file. It loads to about 5% then just gives up. The light on my usb stick goes crazy so is it trying to temparily load it there causing me a problem?