Results 1 to 9 of 9

Thread: Best method to crack router password?

  1. #1
    Just burned his ISO
    Join Date
    Nov 2008
    Posts
    8

    Default Best method to crack router password?

    I've been monkeying around with my router and Backtrack for the last few days, seeing how long it takes from various distances, what usernames & passwords I can snoop, etcetera.

    My router is a WRT54G flashed with DD-WRT firmware, and I set the username to the default of "root" and the password to "p4s$w#rd". I'm wondering what the best method would be to find it, without previous knowledge.

    I understand Hydra can use a word list, but I'm unaware of how to generate one.

    Also, are their any packages that use ranges, a la nmap? It'd be handy to be able to do 1-zzzzz to guess all five-character alphanumeric passwords.

  2. #2

  3. #3
    Just burned his ISO
    Join Date
    Nov 2008
    Posts
    8

    Default

    Thanks for the link. However, I checked /pentest/password/ to no avail, under BackTrack 3 there's no dictionaries subfolder.

  4. #4
    Developer
    Join Date
    Mar 2007
    Posts
    6,124

    Default

    There are tons of dictionaries on the net. It should be trivial to find some.

  5. #5
    My life is this forum Barry's Avatar
    Join Date
    Jan 2010
    Posts
    3,817

    Default

    Quote Originally Posted by pureh@te View Post
    There are tons of dictionaries on the net. It should be trivial to find some.
    There's several links to them posted here on the forums.
    Of course, if you really wanted to have some fun, go to Wal-Mart late at night and ask the greeter if they could help you find trashbags, roll of carpet, rope, quicklime, clorox and a shovel. See if they give you any strange looks. --Streaker69

  6. #6
    Just burned his ISO
    Join Date
    Nov 2008
    Posts
    8

    Default

    I'm having issues finding dictionaries that go in an order I'd like.

    Since I figure it'll take far too long to find an alphanumeric plus symbol password, I've changed the password to "password1" as while not being terribly short, it's a dictionary word plus a number.

    I'd like to find a word list that does alphabetic first, then alphanumeric, then alphanumeric plus symbols. The dictionary I'm using now does everything simultaneously, and it took over three hours to get past A with a 170MB dictionary.

    Edit: Nevermind. I did some searching and found some dictionaries. Thanks for pointing me in the right direction.

  7. #7
    Member
    Join Date
    Feb 2010
    Location
    Root
    Posts
    121

    Default

    pureh@te! Dig the tunes! Nice vid

  8. #8
    My life is this forum thorin's Avatar
    Join Date
    Jan 2010
    Posts
    2,629

    Default

    Quote Originally Posted by Vari4ble View Post
    I'm having issues finding dictionaries that go in an order I'd like.

    Since I figure it'll take far too long to find an alphanumeric plus symbol password, I've changed the password to "password1" as while not being terribly short, it's a dictionary word plus a number.

    I'd like to find a word list that does alphabetic first, then alphanumeric, then alphanumeric plus symbols. The dictionary I'm using now does everything simultaneously, and it took over three hours to get past A with a 170MB dictionary.

    Edit: Nevermind. I did some searching and found some dictionaries. Thanks for pointing me in the right direction.
    What are you hoping to learn/prove from doing this? Do you really think all those dictionaries exist online because they don't work? Do you somehow not believe that password policies exist for a reason?

    Just crunch the numbers. The dictionary to store all 9 character passwords with all printable characters in is basically impossible to store:
    95^8 = 6.63420431 × 10^15 (w/ special chars [ascii 32-47, 58-64, 91-96, 123-126]) {6,178,584.24 GigaBytes}
    etc... (ascii 0-31 haven't been included)
    or would take too long to compute on the fly. So unless you have the solution to free & clean energy and aren't sharing AND the CIA/NSA etc know you're hiding it, you have nothing to worry about, apply standard password policies and save yourself a lot of wasted time.
    I'm a compulsive post editor, you might wanna wait until my post has been online for 5-10 mins before quoting it as it will likely change.

    I know I seem harsh in some of my replies. SORRY! But if you're doing something illegal or posting something that seems to be obvious BS I'm going to call you on it.

  9. #9
    Just burned his ISO
    Join Date
    Nov 2008
    Posts
    8

    Default

    Quote Originally Posted by thorin View Post
    What are you hoping to learn/prove from doing this? Do you really think all those dictionaries exist online because they don't work? Do you somehow not believe that password policies exist for a reason?

    Just crunch the numbers. The dictionary to store all 9 character passwords with all printable characters in is basically impossible to store:
    or would take too long to compute on the fly. So unless you have the solution to free & clean energy and aren't sharing AND the CIA/NSA etc know you're hiding it, you have nothing to worry about, apply standard password policies and save yourself a lot of wasted time.
    I'm just saying it'd be nice to find a dictionary that would try simpler passwords before more complex ones, as with "password1" it's a dictionary word with a numeric suffix. The English word dictionary I looked at last night was.. 440 kB. A dictionary that checked those same words with one-digit suffixes would be a little over four megabytes, still quite small.

    It's only when you start getting into letter replacement that things get massive, it would seem.

    Also, the end goal here is: A friend of mine has invited me to see how secure his WEP network is, with a dictionary-word-based router password.

    I just think it's a waste of time to begin with alphanumeric plus symbols when many networks will merely use lower-case alphabetic passwords.

    Certainly it's faster to go through dictionary words and then try them with numerical suffixes, versus a brute-force.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •