Page 1 of 2 12 LastLast
Results 1 to 10 of 24

Thread: Can aircrack do brute force on WPA

Hybrid View

  1. #1
    Just burned his ISO
    Join Date
    Aug 2007
    Posts
    22

    Question Can aircrack do brute force on WPA

    May be a newb question but all I see is an option to supply a dictionary file. Is there a way to brute force against the handshake I've gotten. (WPA-TKIP)

    Testing my wireless AP so I know what the PW is but since dictionary files would need the exact phrase I don't see that as being very helpful with so many permutations of words.

    Thanks - Spyder

  2. #2
    Member m1cha3l's Avatar
    Join Date
    May 2008
    Posts
    208

    Default

    the only way i know that you could use aircrack to brute force a password would be to pipe the output of a password generator into aircrack.

    Code:
    [generator here] | aircrack-ng -w - -b [AP MAC] psk*.cap
    the time it would take you to do this however makes it next to pointless

    much better to do research on your target and compile a special dictionary
    "At least black people knew when they where slaves" Doug stanhope

  3. #3
    Just burned his ISO
    Join Date
    Sep 2008
    Posts
    17

    Default

    spyder I was just thinking of the same thing! yes brute force attacks take long.. but think of if the password is a small little word with some numbers in it

    like "leet123"

    or something similar... than brute forcing wouldn't actually take that long!

    + if combined with a hash table you could test more keys per second and really get it fast!

    aircrack-ng should really have this functionality built in, as WEP cracking is done by brute force (except it uses IV's to get in the ballpark so to speak, which in WPA can't be done because of the way its more secure)

    One thing we could do maybe is code a nice little app which generates a brute force dictionary/wordlist

    you could tell the program what to include like uppercase (A-Z) lowercase (a-z) and numbers(0-9)

    and it would generate a wordlist...

    example starting with one char

    a
    b
    c
    d
    ...
    x
    y
    z
    aa
    ab
    ac
    ad
    ...
    ax
    ay
    az
    ba
    bb
    bc

    etc.. etc.. etc... (the "..." was where I skipped so as to not write a huge long thing )

    the only issue I see with this though is depending on how many characters you make the max length, the dictionary file generated would be HUGE! So it being incorporated into aircrack-ng would be alot better...

    Your thoughts?

  4. #4
    Member
    Join Date
    Jan 2008
    Posts
    194

    Default

    Uh, well...that's kinda what "brute force" means doesn't it? You "brute force" the password out? Only way to crack WPA is by way of brute forcing it (unless every security doc I read has been holding out on me). So, yes, you need a dictionary file. You could then look into airolib which there are some nice tutorials on.

  5. #5
    Member m1cha3l's Avatar
    Join Date
    May 2008
    Posts
    208

    Default

    i think what the OP meant is was there a way to run through every combination of password rather than using a password list.
    "At least black people knew when they where slaves" Doug stanhope

  6. #6
    Member
    Join Date
    Jan 2008
    Posts
    194

    Default

    Quote Originally Posted by m1cha3l View Post
    i think what the OP meant is was there a way to run through every combination of password rather than using a password list.
    Sorry, but that makes zero sense to me.

  7. #7
    Member m1cha3l's Avatar
    Join Date
    May 2008
    Posts
    208

    Default

    why does this make no sense?
    "At least black people knew when they where slaves" Doug stanhope

  8. #8
    Just burned his ISO
    Join Date
    Sep 2008
    Posts
    5

    Default

    Quote Originally Posted by theberries View Post
    Sorry, but that makes zero sense to me.
    The sense would be that you wouldnt keep the 100GB big libs with passwords. Only one password - the last one, you've tested. And then you add 1 to it to get the next pswd and replace the last one.

    Quote Originally Posted by theberries View Post
    So, I assume you mean taking a program and having it spit out every possible combination of numbers, letters, and special characters. Great. Starting with what? 0? Seems terribly ineffecient to me.
    Once you've got some hints about the possible pswd, you could try narrowing down the possibilities (some ISP's set up their routers with 8-char+numbers pswd's only... Sky? :PPP)

  9. #9
    Junior Member Jano's Avatar
    Join Date
    Jan 2010
    Posts
    26

    Default

    Hi,

    - I use with good results Airolib-ng.
    - I downbload Rainbow-Table from Shmoo Group: This for for use hash tables in Airolib-ng (cowpatty format)
    1) Download wpa_psk-h1kari_renderman
    2) Uncompres and extract .tar file
    Code:
    lzma -d /wpa_psk-h1kari_renderman/wpa_tables.tar.lzma
    tar -xf wpa_tables.tar
    3) Create Hash table for Airolib-ng
    Code:
    airolib-ng NETGEAR_TABLE --import cowpatty /media/Maxtor-1T/wpa_psk-h1kari_renderman/xag-0/NETGEAR
    Bye jano
    Wireless: ALFA-AWUS036H, AWUS050NH, D-Link DWL-G650, D-Link DWL-G122, ZyXel G220, Linksys WUB54GR, Intel PRO/Wireless 3945ABG

  10. #10
    Member
    Join Date
    Jan 2008
    Posts
    194

    Default

    Quote Originally Posted by m1cha3l View Post
    i think what the OP meant is was there a way to run through every combination of password rather than using a password list.
    So, I assume you mean taking a program and having it spit out every possible combination of numbers, letters, and special characters. Great. Starting with what? 0? Seems terribly ineffecient to me.

    Don't get me wrong, I could be wrong here, but trying "every possible combination" of what could be a string of 26+ letters/numbers/characters isn't for those with the lack of a 100+ unit ps3 cluster.

    I'm pretty sure that's NOT what the OP was asking.

Page 1 of 2 12 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •