Can aircrack do brute force on WPA
May be a newb question but all I see is an option to supply a dictionary file. Is there a way to brute force against the handshake I've gotten. (WPA-TKIP)
Testing my wireless AP so I know what the PW is but since dictionary files would need the exact phrase I don't see that as being very helpful with so many permutations of words.
Thanks - Spyder
the only way i know that you could use aircrack to brute force a password would be to pipe the output of a password generator into aircrack.
the time it would take you to do this however makes it next to pointlessCode:[generator here] | aircrack-ng -w - -b [AP MAC] psk*.cap
much better to do research on your target and compile a special dictionary
"At least black people knew when they where slaves" Doug stanhope
spyder I was just thinking of the same thing! yes brute force attacks take long.. but think of if the password is a small little word with some numbers in it
like "leet123"
or something similar... than brute forcing wouldn't actually take that long!
+ if combined with a hash table you could test more keys per second and really get it fast!
aircrack-ng should really have this functionality built in, as WEP cracking is done by brute force (except it uses IV's to get in the ballpark so to speak, which in WPA can't be done because of the way its more secure)
One thing we could do maybe is code a nice little app which generates a brute force dictionary/wordlist
you could tell the program what to include like uppercase (A-Z) lowercase (a-z) and numbers(0-9)
and it would generate a wordlist...
example starting with one char
a
b
c
d
...
x
y
z
aa
ab
ac
ad
...
ax
ay
az
ba
bb
bc
etc.. etc.. etc... (the "..." was where I skipped so as to not write a huge long thing)
the only issue I see with this though is depending on how many characters you make the max length, the dictionary file generated would be HUGE! So it being incorporated into aircrack-ng would be alot better...
Your thoughts?
Yay I Can Post Now :)
http://www.popeax.com/SlaxRox.jpeg
Uh, well...that's kinda what "brute force" means doesn't it? You "brute force" the password out? Only way to crack WPA is by way of brute forcing it (unless every security doc I read has been holding out on me). So, yes, you need a dictionary file. You could then look into airolib which there are some nice tutorials on.
i think what the OP meant is was there a way to run through every combination of password rather than using a password list.
"At least black people knew when they where slaves" Doug stanhope
Sorry, but that makes zero sense to me.Originally Posted by m1cha3l
why does this make no sense?
"At least black people knew when they where slaves" Doug stanhope
So, I assume you mean taking a program and having it spit out every possible combination of numbers, letters, and special characters. Great. Starting with what? 0? Seems terribly ineffecient to me.
Don't get me wrong, I could be wrong here, but trying "every possible combination" of what could be a string of 26+ letters/numbers/characters isn't for those with the lack of a 100+ unit ps3 cluster.
I'm pretty sure that's NOT what the OP was asking.
The OP is mentioning that he wants to bruteforce the WPA passphrase. This would imply exactly what micha3l is saying, trying every single combination of the 8-63 characters long passphrase. Remember, the OP is not talking about efficiency but rather the possibility doing this using aircrack-ng.
-Monkeys are like nature's humans.
Ok, well if that's the intention then cool. Can anyone give me any experience they've had with trying every combination of a possible 63 character passphrase against a handshake? Hell, how about even an 8 character passphrase? How long did it take?
The reason I ask is that I don't even consider that a possibility. Perhaps there's a method I'm not aware of. I mean, there's a reason dictionary files exist. Or am I just 'tarding this up?
Posting Permissions
