Page 3 of 11 FirstFirst 12345 ... LastLast
Results 21 to 30 of 104

Thread: online wpa cracker

  1. #21
    Senior Member Thorn's Avatar
    Join Date
    Jan 2010
    Location
    The Green Dome
    Posts
    1,509

    Default

    Quote Originally Posted by pureh@te View Post
    Excellent idea. I wonder if I can code the web app so that the user also has the access to delete his or her own files after wards.
    I didn't see why not. You could just give them an upload area (in fact, an FTP would directory work nicely), where they have complete control over their own files. Then, the only question becomes that of backups. If you backup the server, then you might have to code a deletion for any files deleted off the server; which could be a bitch for older files, especially those in off-line and off-site storage. It would probably be better to never backup user files, and to plainly state that in the TOS.

    Where do I send my bill for business consulting? Or can I get in on this as a partner?
    Thorn
    Stop the TSA now! Boycott the airlines.

  2. #22
    Developer
    Join Date
    Mar 2007
    Posts
    6,124

    Default

    OK well I plan to give it a shot. All the parts should be in this week and then I will need another week or 2 to get the web app together. I mean the worst that can happen is it doesn't work out for whatever reason and then I will just make it a ssh invite only box for friends. I mean like I said I don't really plan or need to make any money I would just like to pay for hosting, parts etc. so if it bombs or gets hacked I'll just discontinue the service. On the subject of back ups, since its a dedicated box only for this I planned to tar up the image right after I get it all installed and working right and then never backing it up. There would be no reason to because if anything went wrong I would rather restore it to its original state anyway. My biggest concern is people uploading malicious code in the cap files but I think I got that figured out.

  3. #23
    Super Moderator Archangel-Amael's Avatar
    Join Date
    Jan 2010
    Location
    Somewhere
    Posts
    8,012

    Default

    Quote Originally Posted by Thorn View Post
    You could vet the subscribers before issuing user credentials.
    Good idea the subscription service but just out of curiosity how would you vet the subscribers? I mean at what level of privacy would you give / allow?

    Also this is mainly directed to pureh@te, what about people that are outside of the U.S. Would they be able to use the service as well?
    To be successful here you should read all of the following.
    ForumRules
    ForumFAQ
    If you are new to Back|Track
    Back|Track Wiki
    Failure to do so will probably get your threads deleted or worse.

  4. #24
    Senior Member Thorn's Avatar
    Join Date
    Jan 2010
    Location
    The Green Dome
    Posts
    1,509

    Default

    Quote Originally Posted by archangel.amael View Post
    Good idea the subscription service but just out of curiosity how would you vet the subscribers? I mean at what level of privacy would you give / allow?
    I was thinking that if pureh@te is concerned about who he is providing services to, say to comply with regulations that the given person/company is a legitimate pen tester, or was concerned that the would-be subscriber was trying to run an SE, then he might want to do some sort of vetting. It doesn't necessarily have to be very extensive, but it should be enough to CYA.
    Thorn
    Stop the TSA now! Boycott the airlines.

  5. #25
    Good friend of the forums williamc's Avatar
    Join Date
    Feb 2010
    Location
    Chico CA
    Posts
    285

    Default

    There are plenty of free NTLM/LM/MD5 crack sites that operate without any legal protection. As they've been online for years, I don't think there is much concern for someone coming after them. Its more or less just providing a demonstration of the insecure authentication. A WPA crack site should operate within the same realm.

    My concern with using the site would be providng a companies SSID to a third party. With the LM/NTLM, I can change the account name in the hash and bounce it through a proxy so it doesn't get tied back. Your tool would not provide this security, so it would have limited useage for pen-testing. That would leave it for non work related testing, and paying 10 dollars would be cost prohibitive.

    So, to summarize, I'd just release it for free with a heading of "Proof of concept - why WPA is insecure" and say your an academic researcher. Let it show up on Digg and Slashdot and get money through advertising and donations.

    William

  6. #26
    Developer
    Join Date
    Mar 2007
    Posts
    6,124

    Default

    See I disagree with this because a company ESSID is broadcast in the airwaves unlike a ntlm hash user name. And with no GPS coordinates in the .cap file there would be no way of knowing where the AP was. I will take that into consideration. I would do the whole thing purely on donation but my experience with remote-exploit and our donations have left me with a pretty dim view of most of the people that download backtrack. example backtrack 3 over 4 million downloads, donations around a staggering 1500 dollars.

    15000 / 4,000,000 =0.000375 per user

  7. #27
    Senior Member streaker69's Avatar
    Join Date
    Jan 2010
    Location
    Virginville, BlueBall, Bird In Hand, Intercourse, Paradise, PA
    Posts
    3,535

    Default

    Quote Originally Posted by pureh@te View Post
    See I disagree with this because a company ESSID is broadcast in the airwaves unlike a ntlm hash user name. And with no GPS coordinates in the .cap file there would be no way of knowing where the AP was. I will take that into consideration. I would do the whole thing purely on donation but my experience with remote-exploit and our donations have left me with a pretty dim view of most of the people that download backtrack. example backtrack 3 over 4 million downloads, donations around a staggering 1500 dollars.

    15000 / 4,000,000 =0.000375 per user
    Just to drive the point of donations or subscription services home.

    My friends and I used to run a service for free and we had about 300 subscribers to the free service. We found that we were going to need to start charging for the service so we took a poll of the users and determined that $1.00/month was a fair value to charge and it would cover our expenses without us making a profit, we only wanted to cover the cost of hosting the service from our provider.

    We spent a good bit of time planning it and getting a payment system setup. The day it went live, every single freetard subscriber left. So we no longer provide the service for free or for pay.

    People are cheap. They expect the world for free.
    A third party security audit is the IT equivalent of a colonoscopy. It's long, intrusive, very uncomfortable, and when it's done, you'll have seen things you really didn't want to see, and you'll never forget that you've had one.

  8. #28
    Just burned his ISO
    Join Date
    Feb 2009
    Posts
    11

    Default online wpa crack

    ___lunix.izfree.com___


    cracking server is not up all the time, but will reply at least once a day, about 5 minutes if online

  9. #29
    Member floyd's Avatar
    Join Date
    Mar 2009
    Posts
    231

    Default

    Quote Originally Posted by slacker_ View Post
    ___lunix.izfree.com___


    cracking server is not up all the time, but will reply at least once a day, about 5 minutes if online
    When I saw this page I knew that I would never use such a service in a pentest, I can't just upload a cap file of my clients. But I would definitely use it when I would test my private network at home. Or if would be a skiddie I would use it to crack my neighbours wifi - but that's no reason to not provide such a service.
    Auswaertsspiel

  10. #30
    Very good friend of the forum Gitsnik's Avatar
    Join Date
    Jan 2010
    Location
    The Crystal Wind
    Posts
    851

    Default

    Quote Originally Posted by floyd View Post
    When I saw this page I knew that I would never use such a service in a pentest, I can't just upload a cap file of my clients. But I would definitely use it when I would test my private network at home. Or if would be a skiddie I would use it to crack my neighbours wifi - but that's no reason to not provide such a service.
    Not to mention it just looks like a web interface to the offensive security rainbow tables... which anyone could do... the threadmancer didn't (I think) grasp the full backstory to pureh@te's question, namely using his beast for a public service.
    Still not underestimating the power...

    There is no such thing as bad information - There is truth in the data, so you sift it all, even the crap stuff.

Page 3 of 11 FirstFirst 12345 ... LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •