Results 1 to 10 of 12

Thread: WPA cracking...big wordlist or just good wordlist.

Hybrid View

  1. #1
    Junior Member
    Join Date
    Feb 2009
    Posts
    25

    Default WPA cracking...big wordlist or just good wordlist.

    I see some people are using gigabyte sized wordlists for WPA cracking. How much success are people having with lists these size? I had a 4 gigabyte list at one time but I find it to be rather useless to have such a big list for something that takes a lot of computing power. My current list is a about 350MB and it takes several hours to complete a dictionary attack against a single essid. Are some of you using these lists with specialized hardware? The only other thing I can think of is if you use pyrit or maybe you just have a boatload of cores.

  2. #2
    Developer
    Join Date
    Mar 2007
    Posts
    6,124

    Default

    Well you can use a offsite hosted server than you rent or something like that. Ive been using pyrit a lot lately. I can use a 3 gig list, make a table and run it all the way through cowpatty in about 7 hours. Thats only with 2 8800gt's and a quad core.

  3. #3
    Junior Member
    Join Date
    Feb 2009
    Posts
    25

    Default

    Do you get somewhere in the range of 10,000k/s?

  4. #4
    Developer
    Join Date
    Mar 2007
    Posts
    6,124

    Default

    yes. currently about 5,000 per card and about 250 per core in the cpu. Pyrit now not only can use multiple cards but it uses the cpu power as well. thats just on making the table. Once the table is made cowpatty tests about 50,000 keys per second.

  5. #5
    Junior Member
    Join Date
    Feb 2009
    Posts
    25

    Default

    I guess I was right. You are using pyrit AND multiple of cores. Just out of curiosity is there any reason you prefer cowpatty to aircrack/airolib?

  6. #6
    Senior Member
    Join Date
    Jan 2010
    Posts
    107

    Default

    I have a problem with a big 28GB File:
    "Background info": 1.The dictionary file is copied on the Windows box hdd, it was a ~78MB zip archive, after I extracted the file is a big 28GB.
    2.I boot BT3 from dvd and i use aircrack-ng tools
    3.I captured a WPA handshake from my router, it uses a WPA2-PSK encryption

    "The Problem":
    When i use the aircrack-ng command:
    aircrack-ng -w /mnt/hda6/dictionary.txt -b xx:xx:xx:xx:xx:xx
    I recieve the message that my dictionary file is empty. I AM SURE THAT THE DICTIONARY FILE ISN'T EMPTY.

    It's because of the size of the dictionary file?

  7. #7
    My life is this forum thorin's Avatar
    Join Date
    Jan 2010
    Posts
    2,629

    Default

    Quote Originally Posted by Abraxas View Post
    I see some people are using gigabyte sized wordlists for WPA cracking. How much success are people having with lists these size? I had a 4 gigabyte list at one time but I find it to be rather useless to have such a big list for something that takes a lot of computing power. My current list is a about 350MB and it takes several hours to complete a dictionary attack against a single essid. Are some of you using these lists with specialized hardware? The only other thing I can think of is if you use pyrit or maybe you just have a boatload of cores.
    1) It's a FACT that WEP/WPA can be broken given sufficient resources/interest.
    2) If you're WPA cracking an AP that isn't your, then it's highly likely that you're breaking the law (of course there are exceptions to this rule of thumb but in the majority of cases it applies).
    3) If it's not yours and you actually fall into one of those special cases you'd be better of simply getting the config/configuration guide used by the client and commenting on any deficiencies vs industry best practice than spending hours and client $ on pointless cracking (trying to prove something that is FACT). Additionally, you should perform a threat and risk analysis of their data/business/competitors, etc. (more on this below).
    4) Yes you can get specialized hardware for this type of work.
    5) Lets say you're "doing it for a friend" or something like that. Then #3 still applies and you're only costing yourself money. Lets assume your a consultant that gets paid $20 an hour, so you waste 4 hours (you said several, so I'm assuming 2 is a couple and 4 is several) plus say an hour for setup and analysis after completion. You've lost $100 in order to prove something known as FACT when you could have spent 15mins reviewing their config and tweaking it to follow industry best practice.

    It doesn't take long to perform a quick TRA based on the reasonable man type tests:
    1) Are there other open or more weakly configured APs nearby?
    2) Is the data processed via the network or associated systems of sufficient interest to an attacker? How much time/energy/gear would they spend/consume to attack the target and access such data? (No the NSA doesn't care about your random word and excel docs at home, no an attacker isn't going to waste days trying to hack your AP and then a few more to hack your box to get your tax return [there are much quicker ways to steal someone's identity]).
    3) Is the AP configured following industry best practices?
    4) etc. (You get the idea, it doesn't have take long.)
    I'm a compulsive post editor, you might wanna wait until my post has been online for 5-10 mins before quoting it as it will likely change.

    I know I seem harsh in some of my replies. SORRY! But if you're doing something illegal or posting something that seems to be obvious BS I'm going to call you on it.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •