Page 1 of 2 12 LastLast
Results 1 to 10 of 14

Thread: best tool for cracking wpa network

  1. #1
    Member
    Join Date
    Sep 2007
    Posts
    58

    Default best tool for cracking wpa network

    guys, what do you think is a better tool when hacking wpa networks, aircrack-ng or cowpatty or do you suggest any other, the reason I ask is b/c when cracking wpa keys the tool is as good as your dictionary list, but I was wondering if there's some tool that use the same methodology as ophcrack uses when cracking windows passwords which is rainbow tables of precomputed hashes, which it seems to be more efficient than just a plain brute forcing attack... I'd like to hear any opinions or suggestions

    thanks

  2. #2
    Very good friend of the forum killadaninja's Avatar
    Join Date
    Oct 2007
    Location
    London, United Kingdom.
    Posts
    526

    Default

    Both of the tools you mentioned can run tables.
    Sometimes I try to fit a 16-character string into an 8–byte space, on purpose.

  3. #3
    Just burned his ISO tscott's Avatar
    Join Date
    Dec 2008
    Posts
    10

    Default

    I use aircrack-ng. You can use John the Ripper to create your own dictionary list and pipe it into aircrack too.

  4. #4
    Member
    Join Date
    Sep 2007
    Posts
    58

    Default

    are the same rainbow table used by ophcrack can be use for aircrack-ng? or does it have to be a specific rainbow table for aircrack-ng?

  5. #5
    Moderator theprez98's Avatar
    Join Date
    Jan 2010
    Location
    Maryland
    Posts
    2,533

    Default

    Quote Originally Posted by mia_tech View Post
    are the same rainbow table used by ophcrack can be use for aircrack-ng? or does it have to be a specific rainbow table for aircrack-ng?
    Because the SSID is salted into the hash, you need a specific rainbow table that is unique to the SSID of the WPA network you're trying to crack. So if the SSID isn't "common" you'll have to make your own table.
    "\x74\x68\x65\x70\x72\x65\x7a\x39\x38";

  6. #6
    Member
    Join Date
    Sep 2007
    Posts
    58

    Default

    correct me if I'm wrong, the point to make the table based on the ssid is that we are assuming that the wpa key is some how related or based on the ssid name?

  7. #7
    Senior Member
    Join Date
    Apr 2008
    Posts
    2,008

    Default

    Quote Originally Posted by mia_tech View Post
    correct me if I'm wrong, the point to make the table based on the ssid is that we are assuming that the wpa key is some how related or based on the ssid name?
    Not the key itself, but the hash of it will be salted with the ESSID of the AP. This is why a dictionary based attack, which will hash each of the tested words automatically before trying them against the handshake, will work with any normal wordlist while a rainbow table that includes pre-hashed character combinations will not work unless it is compiled for that specific ESSID.
    -Monkeys are like nature's humans.

  8. #8
    Member
    Join Date
    Sep 2007
    Posts
    58

    Default

    ok, now the big question, how could I go about making a rainbow table for a specific ssid?

  9. #9
    Senior Member
    Join Date
    Apr 2008
    Posts
    2,008

    Default

    Quote Originally Posted by mia_tech View Post
    ok, now the big question, how could I go about making a rainbow table for a specific ssid?
    For example using airolib-ng. Use the search function for more specific instructions as this has been covered multiple times. Also it is good to keep in mind that the combined time it takes to first generate a rainbow table and then run it against the handshake will exceed the time it takes to simply use a dictionary based attack in the first place.
    -Monkeys are like nature's humans.

  10. #10
    Member
    Join Date
    Sep 2007
    Posts
    58

    Default

    Quote Originally Posted by =Tron= View Post
    For example using airolib-ng. Use the search function for more specific instructions as this has been covered multiple times. Also it is good to keep in mind that the combined time it takes to first generate a rainbow table and then run it against the handshake will exceed the time it takes to simply use a dictionary based attack in the first place.
    what are you saying, that is not worth the hassle of creating a rainbow table, and just stick to dictionary based attack?

Page 1 of 2 12 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •