Page 1 of 3 123 LastLast
Results 1 to 10 of 24

Thread: Can aircrack do brute force on WPA

  1. #1
    Just burned his ISO
    Join Date
    Aug 2007
    Posts
    22

    Question Can aircrack do brute force on WPA

    May be a newb question but all I see is an option to supply a dictionary file. Is there a way to brute force against the handshake I've gotten. (WPA-TKIP)

    Testing my wireless AP so I know what the PW is but since dictionary files would need the exact phrase I don't see that as being very helpful with so many permutations of words.

    Thanks - Spyder

  2. #2
    Member m1cha3l's Avatar
    Join Date
    May 2008
    Posts
    208

    Default

    the only way i know that you could use aircrack to brute force a password would be to pipe the output of a password generator into aircrack.

    Code:
    [generator here] | aircrack-ng -w - -b [AP MAC] psk*.cap
    the time it would take you to do this however makes it next to pointless

    much better to do research on your target and compile a special dictionary
    "At least black people knew when they where slaves" Doug stanhope

  3. #3
    Just burned his ISO
    Join Date
    Sep 2008
    Posts
    17

    Default

    spyder I was just thinking of the same thing! yes brute force attacks take long.. but think of if the password is a small little word with some numbers in it

    like "leet123"

    or something similar... than brute forcing wouldn't actually take that long!

    + if combined with a hash table you could test more keys per second and really get it fast!

    aircrack-ng should really have this functionality built in, as WEP cracking is done by brute force (except it uses IV's to get in the ballpark so to speak, which in WPA can't be done because of the way its more secure)

    One thing we could do maybe is code a nice little app which generates a brute force dictionary/wordlist

    you could tell the program what to include like uppercase (A-Z) lowercase (a-z) and numbers(0-9)

    and it would generate a wordlist...

    example starting with one char

    a
    b
    c
    d
    ...
    x
    y
    z
    aa
    ab
    ac
    ad
    ...
    ax
    ay
    az
    ba
    bb
    bc

    etc.. etc.. etc... (the "..." was where I skipped so as to not write a huge long thing )

    the only issue I see with this though is depending on how many characters you make the max length, the dictionary file generated would be HUGE! So it being incorporated into aircrack-ng would be alot better...

    Your thoughts?

  4. #4
    Member
    Join Date
    Jan 2008
    Posts
    194

    Default

    Uh, well...that's kinda what "brute force" means doesn't it? You "brute force" the password out? Only way to crack WPA is by way of brute forcing it (unless every security doc I read has been holding out on me). So, yes, you need a dictionary file. You could then look into airolib which there are some nice tutorials on.

  5. #5
    Member m1cha3l's Avatar
    Join Date
    May 2008
    Posts
    208

    Default

    i think what the OP meant is was there a way to run through every combination of password rather than using a password list.
    "At least black people knew when they where slaves" Doug stanhope

  6. #6
    Member
    Join Date
    Jan 2008
    Posts
    194

    Default

    Quote Originally Posted by m1cha3l View Post
    i think what the OP meant is was there a way to run through every combination of password rather than using a password list.
    Sorry, but that makes zero sense to me.

  7. #7
    Member m1cha3l's Avatar
    Join Date
    May 2008
    Posts
    208

    Default

    why does this make no sense?
    "At least black people knew when they where slaves" Doug stanhope

  8. #8
    Member
    Join Date
    Jan 2008
    Posts
    194

    Default

    Quote Originally Posted by m1cha3l View Post
    i think what the OP meant is was there a way to run through every combination of password rather than using a password list.
    So, I assume you mean taking a program and having it spit out every possible combination of numbers, letters, and special characters. Great. Starting with what? 0? Seems terribly ineffecient to me.

    Don't get me wrong, I could be wrong here, but trying "every possible combination" of what could be a string of 26+ letters/numbers/characters isn't for those with the lack of a 100+ unit ps3 cluster.

    I'm pretty sure that's NOT what the OP was asking.

  9. #9
    Senior Member
    Join Date
    Apr 2008
    Posts
    2,008

    Default

    Quote Originally Posted by theberries View Post
    So, I assume you mean taking a program and having it spit out every possible combination of numbers, letters, and special characters. Great. Starting with what? 0? Seems terribly ineffecient to me.

    Don't get me wrong, I could be wrong here, but trying "every possible combination" of what could be a string of 26+ letters/numbers/characters isn't for those with the lack of a 100+ unit ps3 cluster.

    I'm pretty sure that's NOT what the OP was asking.
    The OP is mentioning that he wants to bruteforce the WPA passphrase. This would imply exactly what micha3l is saying, trying every single combination of the 8-63 characters long passphrase. Remember, the OP is not talking about efficiency but rather the possibility doing this using aircrack-ng.
    -Monkeys are like nature's humans.

  10. #10
    Member
    Join Date
    Jan 2008
    Posts
    194

    Default

    Quote Originally Posted by =Tron= View Post
    The OP is mentioning that he wants to bruteforce the WPA passphrase. This would imply exactly what micha3l is saying, trying every single combination of the 8-63 characters long passphrase. Remember, the OP is not talking about efficiency but rather the possibility doing this using aircrack-ng.
    Ok, well if that's the intention then cool. Can anyone give me any experience they've had with trying every combination of a possible 63 character passphrase against a handshake? Hell, how about even an 8 character passphrase? How long did it take?

    The reason I ask is that I don't even consider that a possibility. Perhaps there's a method I'm not aware of. I mean, there's a reason dictionary files exist. Or am I just 'tarding this up?

Page 1 of 3 123 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •