Alternative to massive wordlist in WPA crack

[imported_Yottabit]

So, a company hiring you expects you to effectively test their WPA passphrase via uneffective methods? If this is true, you should recalibrate their expectations.

Any company worth their weight would give you ample time to prepare, especially if they've given you written permission before hand. Again, I'm not questioning the legality of your actions, just the way you present yourself. Although, admittedly, I don't believe you. I'd assume that many others have the same suspicion.

Not that any of that matters. Just continue to not break the law and be thoughtful in how you use your words or risk being whacked by the ftard stick Or the clowns, watch out for the clowns

Fair enough . i understand this.

I'm not pentesting, I do advise when i am finished about changing to a more secure key. What i do is get calls after a technican has left for a while and the owners of the network don't know the details of the network, in most cases the wpa key. I then turn up ask them to sign on the dotted line and to see their equipment. I then make sure of the bssid i am attacking and start on my merry way

It is sometimes easy to guess from the bssid and what i am informed about the last technician. i usually use their own equipment to do it, mostly i just provide the software and the knowledge of how to use it and it takes roughly 1 night to do each time, which is why i don't bother going home and grabbing the disks i just leave it running overnight with a big warning posted to it in bold, underlined umpteen times don't touch, any who ignore will be fired and prosecuted,etc. i am, as i type, streamlining my bt3 with my word lists in a compressed format onto dvd with an option to uncompress on boot. It took me a while to work out how to do this which is why i didn't do this before.

[Talkie Toaster]

i am, as i type, streamlining my bt3 with my word lists in a compressed format onto dvd with an option to uncompress on boot. It took me a while to work out how to do this which is why i didn't do this before.

How far on are you with this project? are you going for a basic slax install with drivers and the aircrack-ng suite with loads of wordlists or trying to make something more advanced? I would be interested in a WPA specific DVD, can leave it in a client machine without worrying about them going through menus and breaking stuff!

I'm looking into a basic ad-hoc PXE boot cluster running aircrack to try speed up WPA, but i don't know if i should go for as simple as possible or try for some kind of uber-cluster with off-site access, more research needed though! i've got 5 pc's here so plenty free cpu cycles i could be using.

say if you attempt to crack a handshake for 6 days on the cluster and fail, then be able to tell the client that their network key could withstand 30 (6 days x 5 pc) days of 24/7 brute-forcing from 1 attacker with 1 pc with wordlists as good as yours.....

TT

[Revelati]

That track record is actually impressive. Or your friends are galactically stupid and use passwords like "icanhastehpr0n!"

Hehe, thanks. Most of my friends have no knowledge of network security and had fittingly crappy passwords. It would usually happen like this:

"Hey, ill bet you a 6pack that I can hack into your router!"

"Yeah right! you're on!"

At which point if it were WEP I would do it right in front of them. If it was WPA id ask for 24 hours.

The simplest password I ever encountered I didnt even run a dict attack on. I got it on my 3rd try just by knowing the person well enough. He was from Washington DC, and he is a big baseball fan. You get a cookie if you can guess that one yourself.

The hardest one was from a fratboy I knew (I know, its amazing) It took me 30 hours on my 64bit quadcore. I ran the greek alphabet as one of my first dicts but i came up empty so I went with a personalized generic list (much thanks to xploitz) and that didnt work. I was about to give up but I decided to run the greek alphabet again this time mangled with numeric prefixes and suffixes, and I woke up the next day with that beautiful "Key Found" on my screen. Turns out he had added the year of the founding of the frat onto the end of the greek numbers.

There have been a few that I have been unable to crack of course, but im definately drinking way more beer than I pay for. Not a bad entry into pentesting for profit

[imported_Yottabit]

i am not very far. i am downloading a new set of wordlists to add as i have some free space. it is just a standard bt3 disk iso otherwise. i was going to add a script to run before X server, on the specific boot option, just for this reason. i have created my current wordlist lzm modules. not tested them yet tho. two problems so far 1. where is the pre X server startup script? and 2. where is the bootmenu options so i can edit in a new one? apart from that it is easy.

that's cool maybe will start trying that. what happens when you run out of friends tho? no more free beers?

try for some kind of uber-cluster with off-site access, more research needed though! i've got 5 pc's here so plenty free cpu cycles i could be using.

netcat set to listen for a connection | bash script which pipe's to aircrack maybe? and then returns the wpa key of course.

[theberries]

nice...

[imported_Yottabit]

i have moved custom bt3 idea to a new thread as this one was off topic
hxxp://forums.remote-exploit.org/showthread.php?t=17814

[gpinitas]

revelati can you please help me by uploading the wordlist you created with the greek alphabet mangled with numeric prefixes and suffixes...
and also how can i mangle numeric prefixes and suffixes in a wordlist that i already have???
Thanks a lot!!!