Recently I have tried my hand at breaking different types of wireless encryption using Backtrack 3 Final.
I followed Xploitz tutorial and have a couple of questions, firstly, is there a way to brute force the collected packets instead of a dictionary attack, do I actually need to be near the AP to do the cracking after I have collected the packets and finally, is there a way to get the hash and then use something like online rainbow tables to test it?
Thanks for any insight that is offered,
Of course, if you really wanted to have some fun, go to Wal-Mart late at night and ask the greeter if they could help you find trashbags, roll of carpet, rope, quicklime, clorox and a shovel. See if they give you any strange looks. --Streaker69
And as Barry said, using the search function would have gotten you the answer to these question in less time than it took me to type it out.
-Monkeys are like nature's humans.
The distributed password recovery from Ercomsoft can brute wpa, however brute forcing wpa without knowing character case and how long the pass is, is pretty much pointless, your better off dict attacking it. I think wpa will be compomised using a diffrent technique soon though.
Sometimes I try to fit a 16-character string into an 8–byte space, on purpose.
2 words, client attacks
why not just go after the clients, figuring you have some connected. Check out Mister X's presentation at defcon, on how to use airbase-ng, which is now included in the aircrack suite.
Actually make sure you update aircrack-ng in BT3 because you may be missing a couple of the new attacks such as cafe latte, airbase-ng, airdecloak-ng, airtun-ng and easside-ng. make sure you pick up aircrack-ng-svn-trunk-current.tar.gz as well.