Couple of Questions...

[n.Tesla]

First off, I am not familiar with most of the stuff regarding Linux, and metasploit so no flaming. In other words, I am new to this stuff...
I have a couple of questions, if you can answer, I would appreciate it.

Now my questions:

Is it actually possible to use exploits available in metasploit to target xp machines which are fully patched and be successful? I mean things like a remote shell and stuff...

Is Dictionary attack the only possible way to crack WPA? If it is, then isn't it a bit unreliable because you can use character like %&# with óê because then it will be impossible to crack, no?

Thanks

[imported_wyze]

!n00b_threat_level

Read/Search/Self Educate

[Thorn]

Is Dictionary attack the only possible way to crack WPA? If it is, then isn't it a bit unreliable because you can use character like %&# with óê because then it will be impossible to crack, no?

Yes, using a Dictionary/Rainbow attack is the only way to break WPA, and the technique is only good against weak passwords. Strong passwords make WPA essentially uncrackable. This is a good thing.

This isn't just true of WPA. Many modern password schemes are only breakable by weak passwords. Realistically, you're never going to crack a random password/passphrase via a dictionary attack unless it's been used in something that is inherently weak, like WEP or LM.

[hhmatt]

Yes, using a Dictionary/Rainbow attack is the only way to break WPA, and the technique is only good against weak passwords. Strong passwords make WPA essentially uncrackable. This is a good thing.

Damn right.

This isn't just true of WPA. Many modern password schemes are only breakable by weak passwords. Realistically, you're never going to crack a random password/passphrase via a dictionary attack unless it's been used in something that is inherently weak, like WEP or LM.

Yes its really just the encryption implementation or the encryption itself that makes the password weak. There probably isn't much wrong with WEP's encryption its just implemented poorly.

Don't LM hashes have to be sent through a rainbow table since you can't reverse engineer the entire hash? NTLM hashes can still be run through a rainbow table and be cracked its just a much larger table. There's a website that you can put hashes into and it will run the hash against the database and return your hashed password, I just forget the name of it offhand. This includes many different encryption schemes such as RC and MD as well.

I guess a Brute force attack on random password's is your best bet next to rainbow tables but this all depends on the time you have to crack it. The longer the password the greater amount of time is required and it increases exponetially.

[ShadowKill]

....Is it actually possible to use exploits available in metasploit to target xp machines which are fully patched and be successful? I mean things like a remote shell and stuff....

That's a pretty broad question but specifically, if the system is patched according to all of the exploits that metasploit utilizes then of course it won't work. You can, however, add your own exploits to metasploit if you know, or suspect, that the system you are targetting may be vulnerable to that specific exploit. This will take some coding knowledge, of Ruby and in general, but it is far from impossible.