Wpa Password problom

[Caranga]

Hi I have only been useing bt3 for 6 months and my spelling is bad so please bear with me. I will be very greatfull

Ok first let me tell you that I have only just moved on to wpa from wep as i wanted to no the ins and outs of wep with out spoonwep doing it for me ie aircrack and all the others that go with it all so wireshark to get a look at whats happening as the ivs come in and so on..Right I have 3 wireless cards on one computer and 2 on two other crap heaps in the spare room that the kids use for playing games..I got to work on a 4 way handshake and was succesfull with my netgear card in the kids computer to my computer ie netgear to belkin....I then ran this with aircrack on a word.lst of 40 gigs no sorry i put the 40 gigs in to airolib and gave it the command airolib-ng word --batch cleaned it up and ran the thing in aircrack..what feels like a life time later aircrack says basicly no password. ok so then i made a word.lst with the wpa pass word that i have on the kids puter riddonna it stands for i rid donna down the road but no one nose that apart from me and you....ok ran aircrack boom up it came nice one so i no that my handshake works why i did not do this before running a word.lst is beond me but then we all do stupid things now and then...so now i no that if the password is in the word.lst it will pop the key up no problom...but then on the other computer i have the wpa set as letting windows do it for you so its a wpa parse made up like this afgwjklhfdxcjjkgfcvhjigffdsdgfyfdd now i have made that up beacuse i have deleted the bloody thing of me computer i think it may have 1 5 8 3 4 and so on though it mixed in the letters its just a standerd xp wpa key that windows wireless makes up...now my big ????? here is how or can you crack that.....i have looked up on the net that you can do this buy rainbow tables wich i no nothing about yet i am down loading 33 gig as we speak of rain tables and not really nowing what to do with them stupid i no but thats were i am hopeing some one will steer me in the right direction....i all so have cain abell on the other puter isent the first hand shake to that it said send hashes to blar blar blar but when i looked it did not send then to the cracker hash directory it sent the hanshake to wpa auth just below it..so i dont under stand that bit still learning even at my old age lol...Well thank you for taking the time to look at this gobbledy gook that i have tried very hard to spell any advise no matter how small will be very welcome Thank you very much in advance..

[imported_=Tron=]

You will not be able to use traditional rainbow tables, with for example Cain & Abel, for cracking WPA passwords. The reason is that the ESSID (name) of the wireless network is used as a salt when the WPA passphrase is hashed. This means that unless the rainbow table was computed specifically with WPA passwords in mind, and more exactly against exactly the same ESSID as your target AP uses the table will be of no use to you.

This is why airolib-ng also requires you to specify the ESSID for which the lookup table is to be compiled. You also mention that you tried out airolib-ng for yourself, but surely you did not use a 40Gb large wordlist as computing this would take virtually forever.

To sum it up, there really is no shortcut to obtaining the passphrase of a WPA encrypted network if the password used is long and secure. The most viable option in this case is a client side attack, which involves different techniques for getting the password directly from a computer that is used to connect to the network.

[Caranga]

Thank you for responding.......lol 40 gigs yes well i have a 40 gig word list but i have not piped all of it in to airolib yet as it took me bloody days just to pipe 10gigs in and then it sat for i think 6 or 7 days just trying to crack it......Played lots of delta force in the mean time lol.....Right i have picked up on what you have said about the rainbow tables and read up a little bit about it and it makes compleate sence so thanks for the advise there....I have never used cowpatty yet...but does that compute hash for essid wpa....On this bit you put here i am trying very hard to get my head around what you are trying to tell m........The most viable option in this case is a client side attack, which involves different techniques for getting the password directly from a computer.....I under stand you have to be very care full about the way you exsplain these things so if its possible to steer me in the right direction of were i can learn about this i would be very great full as this would be a new learning curve for me ...Thanks in advance and thanks for all you have said all ready