best tool for cracking wpa network

**mia_tech** · 12-20-2008, 09:44 PM

guys, what do you think is a better tool when hacking wpa networks, aircrack-ng or cowpatty or do you suggest any other, the reason I ask is b/c when cracking wpa keys the tool is as good as your dictionary list, but I was wondering if there's some tool that use the same methodology as ophcrack uses when cracking windows passwords which is rainbow tables of precomputed hashes, which it seems to be more efficient than just a plain brute forcing attack... I'd like to hear any opinions or suggestions

thanks

**killadaninja** · 12-21-2008, 01:36 AM

Both of the tools you mentioned can run tables.

**tscott** · 12-21-2008, 09:47 PM

I use aircrack-ng. You can use John the Ripper to create your own dictionary list and pipe it into aircrack too.

**mia_tech** · 12-21-2008, 10:21 PM

are the same rainbow table used by ophcrack can be use for aircrack-ng? or does it have to be a specific rainbow table for aircrack-ng?

**theprez98** · 12-22-2008, 06:01 AM

Originally Posted by mia_tech

are the same rainbow table used by ophcrack can be use for aircrack-ng? or does it have to be a specific rainbow table for aircrack-ng?

Because the SSID is salted into the hash, you need a specific rainbow table that is unique to the SSID of the WPA network you're trying to crack. So if the SSID isn't "common" you'll have to make your own table.

**mia_tech** · 12-22-2008, 07:57 AM

correct me if I'm wrong, the point to make the table based on the ssid is that we are assuming that the wpa key is some how related or based on the ssid name?

**imported_=Tron=** · 12-22-2008, 08:03 AM

Originally Posted by mia_tech

correct me if I'm wrong, the point to make the table based on the ssid is that we are assuming that the wpa key is some how related or based on the ssid name?

Not the key itself, but the hash of it will be salted with the ESSID of the AP. This is why a dictionary based attack, which will hash each of the tested words automatically before trying them against the handshake, will work with any normal wordlist while a rainbow table that includes pre-hashed character combinations will not work unless it is compiled for that specific ESSID.

**mia_tech** · 12-22-2008, 08:44 AM

ok, now the big question, how could I go about making a rainbow table for a specific ssid?

**imported_=Tron=** · 12-22-2008, 08:48 AM

Originally Posted by mia_tech

ok, now the big question, how could I go about making a rainbow table for a specific ssid?

For example using airolib-ng. Use the search function for more specific instructions as this has been covered multiple times. Also it is good to keep in mind that the combined time it takes to first generate a rainbow table and then run it against the handshake will exceed the time it takes to simply use a dictionary based attack in the first place.

**mia_tech** · 12-22-2008, 09:07 AM

Originally Posted by =Tron=

For example using airolib-ng. Use the search function for more specific instructions as this has been covered multiple times. Also it is good to keep in mind that the combined time it takes to first generate a rainbow table and then run it against the handshake will exceed the time it takes to simply use a dictionary based attack in the first place.

what are you saying, that is not worth the hassle of creating a rainbow table, and just stick to dictionary based attack?

BackTrack Linux - Penetration Testing Distribution

Thread: best tool for cracking wpa network

Thread Tools

Search Thread

Display

best tool for cracking wpa network

Posting Permissions