Page 2 of 3 FirstFirst 123 LastLast
Results 11 to 20 of 24

Thread: Can aircrack do brute force on WPA

  1. #11
    Senior Member
    Join Date
    Apr 2008
    Posts
    2,008

    Default

    Quote Originally Posted by theberries View Post
    Ok, well if that's the intention then cool. Can anyone give me any experience they've had with trying every combination of a possible 63 character passphrase against a handshake? Hell, how about even an 8 character passphrase? How long did it take?

    The reason I ask is that I don't even consider that a possibility. Perhaps there's a method I'm not aware of. I mean, there's a reason dictionary files exist. Or am I just 'tarding this up?
    No This would naturally not be a method to recommend, or even consider practically feasible as you say, but once again this is not the question the OP asked.
    -Monkeys are like nature's humans.

  2. #12
    Member
    Join Date
    Jan 2008
    Posts
    194

    Default

    Quote Originally Posted by =Tron= View Post
    No This would naturally not be a method to recommend, or even consider practically feasible as you say, but once again this is not the question the OP asked.
    Understood. Thank you for the clarification.

  3. #13
    Just burned his ISO
    Join Date
    Sep 2008
    Posts
    1

    Default

    I think a key point is being lost here, and that is the purpose of dictionaries in security validation/scanning. People have a tendency to use common sequences of letters when selecting passwords. So, we have our favorite dictionary of 20k most-commonly-misused words, and, on a regular basis, we check the authentication mechanism to see if folks are being 'random' enough.

    A brute force attack is just what good codes/passphrases are supposed to thwart.

    Now, I can understand what OP was feeling. Most security professionals guard these dictionaries like the Crown Jewels, and getting this slick tool without a dictionary can feel a bit like getting a fast car with no fuel.

  4. #14
    Just burned his ISO
    Join Date
    Aug 2007
    Posts
    22

    Default

    I have a couple of things to say :

    1. From a practical purpose brute force cracking is only good up until 7-8 characters (assuming the standard upper/lower case alphabet + digits) with currently available computing power. Over 8 characters and the permutations of letters and numbers becomes too large to crack in a reasonable amount of time.

    2. The reason I would like bruteforce added to this tool is that many times people use short words with a number or two added to the end (for example: fred25)...a brute force cracker that tries every possible combinations of letters/digits would be able to suss this out while no dictionary file is going to have that.

    If people want a truly secure password it has to contain letters, digits and characters (ex. !) and be 8 characters or more. I just think that aircrack is missing a vital tool for cracking passwords by excluding a brute force method.

    From my limited coding back in school this shouldn't be all that difficult to add to this program.

    Unfortunately I'm not a code ninja so that's why I'm asking if anyone else had a method to accomplish this.

  5. #15
    Senior Member
    Join Date
    Apr 2008
    Posts
    2,008

    Default

    Quote Originally Posted by spyder View Post
    2. The reason I would like bruteforce added to this tool is that many times people use short words with a number or two added to the end (for example: fred25)...a brute force cracker that tries every possible combinations of letters/digits would be able to suss this out while no dictionary file is going to have that.
    For this purpose the advice given by m1cha3l would be your best choice. Personally I would pipe john into aircrack-ng as it packs the abilities that you are looking for.
    -Monkeys are like nature's humans.

  6. #16
    Just burned his ISO
    Join Date
    Aug 2007
    Posts
    22

    Default

    Quote Originally Posted by =Tron= View Post
    For this purpose the advice given by m1cha3l would be your best choice. Personally I would pipe john into aircrack-ng as it packs the abilities that you are looking for.
    Thanks that works!

  7. #17
    Just burned his ISO
    Join Date
    Sep 2008
    Posts
    17

    Default minimum passphrase length?

    wait a minute? is the minimum length of a WPA passphrase really 8 characters?

    If thats the case, that would explain why aircrack-ng is not even trying any of the passwords in my wordlist (generated by a program I made which currently only makes a wordlist of all possible combinations of lowercase letters up to 4 length)

    So I'll have to revise my program and make it start with 8 characters right?

    and probably end after all the 8 character combinations are done! since even 9 is way too many combinations!

    It took my machine about a minute to generate all the possible passwords with length 1-4, with a resulting 2.24MB file...

    I wonder how long it will take to generate a word list with all combinations of 8 characters...

    NO WAY will I do full ascii... only lowercase letters + uppercase + digits

    And I'm agreeing with spyder... USUALLY people make passwords easy for them to remember, so a password with only letters and numbers that is 8 characters or less is common...

    So a brute force attack makes sense, an 8 character password can be cracked in a feasible amount of time... If a good password is in place however no matter what dictionary you have, or how deep your bruteforce dictionary goes, You just aren't going to get the password...

    Getting the password for WPA depends on the password not being such a great password!

    here was my wordlist that my app generated incase anyone wants to confirm that passwords less than 8 characters are in fact not even tried...
    rapidshare.com/files/149433070/dict.txt.html

    the app is a windows app since I don't know how to code for linux yet, but I did make sure it only separates a new line with a line feed (\n or 0x0A)
    instead of a carriage return and line feed (\r\n or 0x0A0D)
    since \n is the linux way to seperate lines, and \r\n is the windows way (i think just \r for mac but thats irrelevant)

    spyder what did you type exactly to get 'john' to pipe the generated passphrases to aircrack-ng?

    john is an app right? well it doesn't seem to be included with backtrack 3 since typing it says command not found! What is john?

  8. #18
    Very good friend of the forum hhmatt's Avatar
    Join Date
    Jan 2010
    Posts
    660

    Default

    Yes WPA passphrases are minimum 8 character.

    Have you checked out WPA rainbow tables?
    You should be able to find them here:
    http://www.churchofwifi.org/


    John the Ripper is what he is referring to.
    http://backtrack.offensive-security....hp?title=Tools

    It is listed here but I don't know if it was carried over to BT3final

  9. #19
    Member
    Join Date
    Jan 2008
    Posts
    194

    Default

    The password requirements for WPA are actually 8 to 63 characters. However, remember that all these passwords will need to be used against the ssid to create the hash. So you really have tw factors involved: the actual passphrase and the ssid. WPA rainbow tables linked by hhmatt81 is a good start. Here is another link with some history behind WPA rainbow tables:

    renderlab.net/projects/WPA-tables/

  10. #20
    Senior Member
    Join Date
    Apr 2008
    Posts
    2,008

    Default

    Quote Originally Posted by steve8x View Post
    john is an app right? well it doesn't seem to be included with backtrack 3 since typing it says command not found! What is john?
    Quote Originally Posted by hhmatt81 View Post
    John the Ripper is what he is referring to.
    http://backtrack.offensive-security....hp?title=Tools

    It is listed here but I don't know if it was carried over to BT3final
    John the ripper is included in BT3F. You will need to issue the john command from within its installation directory (/usr/local/john if I remember correctly).
    -Monkeys are like nature's humans.

Page 2 of 3 FirstFirst 123 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •