Brute force a partial key??

[forte]

I have a fairly simple problem
an old 802.11b router i havent used in a long time has wep encryption on it an i just decided to start using it for another site. Now the problem is i remember the first part of the key but not the second part. it is only 4 or five characters i am not sure on and so was wondering if i could use a brute force that would just work through all possibilities for those characters.

example
password is some thing like

bravo*****
where the stars are the unknown characters

on a related note is it possible to do it for the middle of a password such as

brav****o1

thanks

ps. yes i can reset the router but you know when your stuck on a puzzle and you just want to know if there is a soloution or not.

[Barry]

Just run the standard wep cracking software, it's only going to take less than 5 minutes whether you know part of the pass or not.

[forte]

i cant log in to the router without the password. thus i cannot capture any ivs packets, aircrack on my laptop only seems to work when others connect to the network and is unable to use the authenticate attack to do this.

what i was interested in is the option of attempting to authenitcate with the router in a brute force manner trying every possbile key in succesion until a valid match is found?

[wick86]

i cant log in to the router without the password. thus i cannot capture any ivs packets, aircrack on my laptop only seems to work when others connect to the network and is unable to use the authenticate attack to do this.

what i was interested in is the option of attempting to authenitcate with the router in a brute force manner trying every possbile key in succesion until a valid match is found?

check out Xploitz vid on clientless wep crack

http://forums.remote-exploit.org/showthread.php?t=9063

[forte]

yes i am fully aware of xploitz tutorial. as i noted earlier it does not work for me for some reason aireplay doesnt note the auth attacks. i did ask for help on this subject some time ago on these forums and got no replies.

its still missing the point what would be quicker running a bruteforce of 3 unknown characters in a string or perfoming an attack and an waiting for airodump to collect 250,000 packets. i figured the bruteforce would be the better option especially as i said i cant capture any packets using my equipment without a valid client that knows the wep key.

[imported_=Tron=]

yes i am fully aware of xploitz tutorial. as i noted earlier it does not work for me for some reason aireplay doesnt note the auth attacks. i did ask for help on this subject some time ago on these forums and got no replies.

its still missing the point what would be quicker running a bruteforce of 3 unknown characters in a string or perfoming an attack and an waiting for airodump to collect 250,000 packets. i figured the bruteforce would be the better option especially as i said i cant capture any packets using my equipment without a valid client that knows the wep key.

The reason you got no responses to this post is that you provide no real information to base an educated guess on what could be wrong. You do not mention the hardware you use, you fail to mention the exact commands you use and setup you have and on top of it all you even leave out if you are trying to crack WEP or WPA. See the pattern?

As for your question in this thread, assuming that you are working with WEP encryption, I would recommend going for a standard attack taking advantage of the fundamental weaknesses of the encryption instead of trying to brute-force the presumably only missing characters. I use the word presumably in the sentence as there is a risk that your basic assumption that you are only missing those specific characters is wrong, in which case the algorithm you use will have no chance of recovering the password.