Page 2 of 2 FirstFirst 12
Results 11 to 17 of 17

Thread: Alternative to massive wordlist in WPA crack

  1. #11
    Junior Member imported_Yottabit's Avatar
    Join Date
    Oct 2008
    Posts
    26

    Default

    Quote Originally Posted by theberries View Post
    So, a company hiring you expects you to effectively test their WPA passphrase via uneffective methods? If this is true, you should recalibrate their expectations.

    Any company worth their weight would give you ample time to prepare, especially if they've given you written permission before hand. Again, I'm not questioning the legality of your actions, just the way you present yourself. Although, admittedly, I don't believe you. I'd assume that many others have the same suspicion.

    Not that any of that matters. Just continue to not break the law and be thoughtful in how you use your words or risk being whacked by the ftard stick Or the clowns, watch out for the clowns
    Fair enough . i understand this.

    I'm not pentesting, I do advise when i am finished about changing to a more secure key. What i do is get calls after a technican has left for a while and the owners of the network don't know the details of the network, in most cases the wpa key. I then turn up ask them to sign on the dotted line and to see their equipment. I then make sure of the bssid i am attacking and start on my merry way

    It is sometimes easy to guess from the bssid and what i am informed about the last technician. i usually use their own equipment to do it, mostly i just provide the software and the knowledge of how to use it and it takes roughly 1 night to do each time, which is why i don't bother going home and grabbing the disks i just leave it running overnight with a big warning posted to it in bold, underlined umpteen times don't touch, any who ignore will be fired and prosecuted,etc. i am, as i type, streamlining my bt3 with my word lists in a compressed format onto dvd with an option to uncompress on boot. It took me a while to work out how to do this which is why i didn't do this before.
    if a solution to a problem is stupid and works, it is not stupid.

    "Nowadays, security guys break the Mac every single day. Every single day, they come out with a total exploit, your machine can be taken over totally. I dare anybody to do that once a month on the Windows machine." - Bill Gates :rolleyes:

  2. #12
    Senior Member Talkie Toaster's Avatar
    Join Date
    Jun 2008
    Location
    Scotland
    Posts
    131

    Default

    Quote Originally Posted by Yottabit View Post
    i am, as i type, streamlining my bt3 with my word lists in a compressed format onto dvd with an option to uncompress on boot. It took me a while to work out how to do this which is why i didn't do this before.
    How far on are you with this project? are you going for a basic slax install with drivers and the aircrack-ng suite with loads of wordlists or trying to make something more advanced? I would be interested in a WPA specific DVD, can leave it in a client machine without worrying about them going through menus and breaking stuff!

    I'm looking into a basic ad-hoc PXE boot cluster running aircrack to try speed up WPA, but i don't know if i should go for as simple as possible or try for some kind of uber-cluster with off-site access, more research needed though! i've got 5 pc's here so plenty free cpu cycles i could be using.

    say if you attempt to crack a handshake for 6 days on the cluster and fail, then be able to tell the client that their network key could withstand 30 (6 days x 5 pc) days of 24/7 brute-forcing from 1 attacker with 1 pc with wordlists as good as yours.....

    TT
    Programming today is a race between software engineers striving to build bigger and better idiot-proof programs, and the Universe trying to produce bigger and better idiots. So far, the Universe is winning.

  3. #13
    Member
    Join Date
    Sep 2008
    Posts
    146

    Default

    Quote Originally Posted by theberries View Post
    That track record is actually impressive. Or your friends are galactically stupid and use passwords like "icanhastehpr0n!"
    Hehe, thanks. Most of my friends have no knowledge of network security and had fittingly crappy passwords. It would usually happen like this:

    "Hey, ill bet you a 6pack that I can hack into your router!"

    "Yeah right! you're on!"

    At which point if it were WEP I would do it right in front of them. If it was WPA id ask for 24 hours.

    The simplest password I ever encountered I didnt even run a dict attack on. I got it on my 3rd try just by knowing the person well enough. He was from Washington DC, and he is a big baseball fan. You get a cookie if you can guess that one yourself.

    The hardest one was from a fratboy I knew (I know, its amazing) It took me 30 hours on my 64bit quadcore. I ran the greek alphabet as one of my first dicts but i came up empty so I went with a personalized generic list (much thanks to xploitz) and that didnt work. I was about to give up but I decided to run the greek alphabet again this time mangled with numeric prefixes and suffixes, and I woke up the next day with that beautiful "Key Found" on my screen. Turns out he had added the year of the founding of the frat onto the end of the greek numbers.

    There have been a few that I have been unable to crack of course, but im definately drinking way more beer than I pay for. Not a bad entry into pentesting for profit
    Morpheus: "You take the blue pill - the story ends, you wake up in your bed and believe whatever you want to believe. You take the red pill - you stay in Wonderland and I show you how deep the rabbit-hole goes."

    Neo: "What if I take both?"

    Morpheus: "Don't do that! You end up like Nick Nolte!"

  4. #14
    Junior Member imported_Yottabit's Avatar
    Join Date
    Oct 2008
    Posts
    26

    Question

    i am not very far. i am downloading a new set of wordlists to add as i have some free space. it is just a standard bt3 disk iso otherwise. i was going to add a script to run before X server, on the specific boot option, just for this reason. i have created my current wordlist lzm modules. not tested them yet tho. two problems so far 1. where is the pre X server startup script? and 2. where is the bootmenu options so i can edit in a new one? apart from that it is easy.

    that's cool maybe will start trying that. what happens when you run out of friends tho? no more free beers?

    try for some kind of uber-cluster with off-site access, more research needed though! i've got 5 pc's here so plenty free cpu cycles i could be using.
    netcat set to listen for a connection | bash script which pipe's to aircrack maybe? and then returns the wpa key of course.
    if a solution to a problem is stupid and works, it is not stupid.

    "Nowadays, security guys break the Mac every single day. Every single day, they come out with a total exploit, your machine can be taken over totally. I dare anybody to do that once a month on the Windows machine." - Bill Gates :rolleyes:

  5. #15
    Member
    Join Date
    Jan 2008
    Posts
    194

    Default

    nice...

  6. #16
    Junior Member imported_Yottabit's Avatar
    Join Date
    Oct 2008
    Posts
    26

    Default

    i have moved custom bt3 idea to a new thread as this one was off topic
    hxxp://forums.remote-exploit.org/showthread.php?t=17814
    if a solution to a problem is stupid and works, it is not stupid.

    "Nowadays, security guys break the Mac every single day. Every single day, they come out with a total exploit, your machine can be taken over totally. I dare anybody to do that once a month on the Windows machine." - Bill Gates :rolleyes:

  7. #17
    Just burned his ISO
    Join Date
    Jan 2009
    Posts
    1

    Default

    revelati can you please help me by uploading the wordlist you created with the greek alphabet mangled with numeric prefixes and suffixes...
    and also how can i mangle numeric prefixes and suffixes in a wordlist that i already have???
    Thanks a lot!!!

Page 2 of 2 FirstFirst 12

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •