So... i'm just looking for a bit of advice from people who have gone a few steps further than I have.
Say you were trying to crack the WPA of an access point, but a dictionary attack FAILED.
Where do you go next? For example... i used the CUPP tool to generate some 'possible' passwords, with what little information i can gather. This did not present me with the password.
So would anyone be kind enough to pass on some tips about what they would do next to try and get information about the AP; given that the ONLY information you have about it is the SSID.
CUPP is great, but it didn't come good for me this time. Are there other tools out there that can help.
i realise that this could be construed as being "spoon-fed" and could potentially incur an infraction of the "big-red-pwn-button" type..., but the reality is that I do not know where to turn next; in terms of password generators etc...
so any advice would be gratefully recieved.
Wouldn't a rogue AP coupled with a metasploit payload to send you back all the wireless keys be a good idea about now ?
Ive never tried it myself "hopefully this weekend" but i remember reading that its possible ... atleast on XP anyways.
I have also heard that depending on the company and firmware revision there might be ways to exploit the router and grab the settings without having the WPA key.
I was also thinking there might be a way to dos the AP causing the user or admin to reset the settings. If your fast enough and know what your doing once he resets it. You could log in and sniff all the passwords that he is inputting.
There are TONS of other social engineering attacks you could attempt depending on the situation.
Using backtrack for the first time is like being 10 years old again with the keys to a Ferrari.