Originally Posted by Pureline
Have a look around the forums. There's a few hundred threads about this.
Cracking WPA2
Hey,
Recently I have tried my hand at breaking different types of wireless encryption using Backtrack 3 Final.
I followed Xploitz tutorial and have a couple of questions, firstly, is there a way to brute force the collected packets instead of a dictionary attack, do I actually need to be near the AP to do the cracking after I have collected the packets and finally, is there a way to get the hash and then use something like online rainbow tables to test it?
Thanks for any insight that is offered,
Dave
Have a look around the forums. There's a few hundred threads about this.
Of course, if you really wanted to have some fun, go to Wal-Mart late at night and ask the greeter if they could help you find trashbags, roll of carpet, rope, quicklime, clorox and a shovel. See if they give you any strange looks. --Streaker69
1. No.
2. No.
3. No.
What Barry said.
Thorn
Stop the TSA now! Boycott the airlines.
It is possible to use bruteforce instead of a dictionary attack, for example pipe john into aircrack-ng. In most (read all) instances I would however not recommend this over using a dictionary. No you do not need to be near the AP after capturing the handshake. The hash will be salted with the ESSID of the Ap why a pre-generated rainbow table will not work unless it was computed especially for cracking WPA with that same essid.
And as Barry said, using the search function would have gotten you the answer to these question in less time than it took me to type it out.
-Monkeys are like nature's humans.
Good point, technically it is possible to bruteforce. But unless the passphrase is the same as streaker's luggage combination (123), it would be an exercise in masochistic behavior.
Thorn
Stop the TSA now! Boycott the airlines.
I'd rather sit on a jar than try that.
Of course, if you really wanted to have some fun, go to Wal-Mart late at night and ask the greeter if they could help you find trashbags, roll of carpet, rope, quicklime, clorox and a shovel. See if they give you any strange looks. --Streaker69
Don't you have snow to shovel?I'd rather sit on a jar than try that.
A third party security audit is the IT equivalent of a colonoscopy. It's long, intrusive, very uncomfortable, and when it's done, you'll have seen things you really didn't want to see, and you'll never forget that you've had one.
Nope, we still don't have any. Had a pretty good ice storm the day before yesterday though. It's mostly melted now.
Of course, if you really wanted to have some fun, go to Wal-Mart late at night and ask the greeter if they could help you find trashbags, roll of carpet, rope, quicklime, clorox and a shovel. See if they give you any strange looks. --Streaker69
The distributed password recovery from Ercomsoft can brute wpa, however brute forcing wpa without knowing character case and how long the pass is, is pretty much pointless, your better off dict attacking it. I think wpa will be compomised using a diffrent technique soon though.
Sometimes I try to fit a 16-character string into an 8–byte space, on purpose.
2 words, client attacks
why not just go after the clients, figuring you have some connected. Check out Mister X's presentation at defcon, on how to use airbase-ng, which is now included in the aircrack suite.
Actually make sure you update aircrack-ng in BT3 because you may be missing a couple of the new attacks such as cafe latte, airbase-ng, airdecloak-ng, airtun-ng and easside-ng. make sure you pick up aircrack-ng-svn-trunk-current.tar.gz as well.
king lurker,
gunrunr
Posting Permissions
