Page 1 of 2 12 LastLast
Results 1 to 10 of 11

Thread: Knowing part of the key

  1. #1
    new2bt3
    Guest

    Default Knowing part of the key

    Heres a question,

    Most of the time when the DSL companies set up the modem for the client or talk them through it over the phone (Usually 2WIRE modems with built in wifi) They have the people put in their 10 digit phone number in as the key.

    With knowing this is there a way of speeding up the process of cracking the key with the pre-knowledge of the first 3 digits (Usually AreaCode)??? That is if they are using the default setup of the phone number. Is there a method of doing this for WEP?

    I see how editing a dictionary file to prefix the first 3 digits for a WPA attack is possible but not sure about this for WEP.

    This would not be a better attack as it would only shave off a minute of the, what would be a 3 or 4 minute attack as it were. But something new.

  2. #2
    Just burned his ISO
    Join Date
    May 2009
    Posts
    9

    Default

    you is trying to access your neighbors wifi and you think they might have the phone number password?

    am I correct in this so I know a proper way to get your answer.

  3. #3
    My life is this forum Barry's Avatar
    Join Date
    Jan 2010
    Posts
    3,817

    Default

    Quote Originally Posted by new2bt3 View Post
    Heres a question,

    Most of the time when the DSL companies set up the modem for the client or talk them through it over the phone (Usually 2WIRE modems with built in wifi) They have the people put in their 10 digit phone number in as the key.

    With knowing this is there a way of speeding up the process of cracking the key with the pre-knowledge of the first 3 digits (Usually AreaCode)??? That is if they are using the default setup of the phone number. Is there a method of doing this for WEP?

    I see how editing a dictionary file to prefix the first 3 digits for a WPA attack is possible but not sure about this for WEP.

    This would not be a better attack as it would only shave off a minute of the, what would be a 3 or 4 minute attack as it were. But something new.

    Pretty sure there's a thread here about this very thing, actually I'm pretty sure it has almost the same thread title.
    Of course, if you really wanted to have some fun, go to Wal-Mart late at night and ask the greeter if they could help you find trashbags, roll of carpet, rope, quicklime, clorox and a shovel. See if they give you any strange looks. --Streaker69

  4. #4
    Member imported_vvpalin's Avatar
    Join Date
    Apr 2009
    Posts
    442

    Default

    Um from what i remember reading 2wire comes with a default wep key, that also happens to be the password for the router.
    Using backtrack for the first time is like being 10 years old again with the keys to a Ferrari.

  5. #5
    Just burned his ISO Wummi's Avatar
    Join Date
    May 2009
    Posts
    17

    Default

    why would you need this for WEP? does anyone really bruteforce WEP? why would someone?

    also: GTFO the neighbors wifi ^^
    sudo nc -lp 1 -c /bin/bash &

  6. #6
    new2bt3
    Guest

    Default

    Quote Originally Posted by sircrazy View Post
    you is trying to access your neighbors wifi and you think they might have the phone number password?
    Accusations of script kiddy theft are uncalled for as I can just as simply run airodump/aireplay/aircrack, or spoonwep, or airoscript, or autowep, or anyone of the other scripts to gain access to the key in under a few minutes.

    No actually, I am not trying to steal the neighbors wifi. I know that through my experience, not only as working for one of the biggest DSL providers in the country, but from my IN THE WILD testing, that phone numbers are the password in about 75+% of what I have tested (here in Los Angeles at least)...

    I was just wondering if there were anyone or anyway of using predictive key cracking methods while going at WEP? This would be easy to cat a dictionary file to prefix the first 3 digits of all words in the dictionary file for running an attack against WPA. But I am not talking about throwing a dictionary at WEP. Was think along the lines of the creation of new ideas and methods of how the code can be broken.

    Thinking that if aircrack knew 3 of the 10 digits to to crack it might take a third of the time off of the cracking.. I am sure that if not now, that soon something can take advantage of predictive key cracking in this fashion.

    Quote Originally Posted by Wummi View Post
    also: GTFO the neighbors wifi ^^
    Please all the neighbors are running DSL which at best out here is 3meg down and 768kUP, and with the signal and distance from where I am at I would hardly be able to stream a youtube video. While here where I am staying I got a 10meg down 1.5meg up connection, And to tell you the truth the people who I am staying with right now have Cable Modem and even they have their WEP password set up as their phone number. Thats just what the providers out here tell people to do so they cant forget their key.. Alot of stupid people out here...

  7. #7
    Just burned his ISO Wummi's Avatar
    Join Date
    May 2009
    Posts
    17

    Default

    i still don't understand the use for this. whats the reason on reducing the WEP cracking time anyhow? aircrack with its voting system is pretty darn fast. the next best texas instruments calc would do it in a couple of minutes i guess.

    as for WPA, that approach seems fine, cause you have to generate a wordlist anyhow

    edit: whatever, after looking at the aircrack manpage:

    Static WEP cracking options:
    -c
    Search alpha-numeric characters only.
    -t
    Search binary coded decimal characters only.
    -h
    Search the numeric key for Fritz!BOX
    -d <mask>
    Specify mask of the key. For example: A1:XX:CF
    this options should help, if you know something about the key format beforehand - you were looking for something like those options i guess
    sudo nc -lp 1 -c /bin/bash &

  8. #8
    Super Moderator Archangel-Amael's Avatar
    Join Date
    Jan 2010
    Location
    Somewhere
    Posts
    8,012

    Default

    Quote Originally Posted by new2bt3 View Post
    Accusations of script kiddy theft are uncalled for as I can just as simply run airodump/aireplay/aircrack, or spoonwep, or airoscript, or autowep, or anyone of the other scripts to gain access to the key in under a few minutes.
    Don't get mad.
    Remember that you are fighting an uphill battle. The only thing that people have to go off of is what you post.
    To Wit:
    No actually, I am not trying to steal the neighbors wifi. I know that through my experience, not only as working for one of the biggest DSL providers in the country, but from my IN THE WILD testing, that phone numbers are the password in about 75+% of what I have tested (here in Los Angeles at least)...
    See this section above, it makes you look like a script kiddie.
    Why? Well that's easy, re-read what you wrote. Claims of "IN THE WILD testing" well that would generally be indicative of illegal activities. "75% of what you tested" What you tested should be your own equipment. As such 100% is the number you would want to have stated, since you would know the password.
    I was just wondering if there were anyone or anyway of using predictive key cracking methods while going at WEP? This would be easy to cat a dictionary file to prefix the first 3 digits of all words in the dictionary file for running an attack against WPA. But I am not talking about throwing a dictionary at WEP. Was think along the lines of the creation of new ideas and methods of how the code can be broken.
    Every one and their dog knows that wep is broken. As such one should follow industry best practices and use something like wpa2 etc.

    Thinking that if aircrack knew 3 of the 10 digits to to crack it might take a third of the time off of the cracking.. I am sure that if not now, that soon something can take advantage of predictive key cracking in this fashion.
    WEP has been cracked in under 5 minutes. What more could be asked for.
    Leave WEP alone focus your energy elsewhere. It will be more productive as there really is no need to re-invent the wheel.
    To be successful here you should read all of the following.
    ForumRules
    ForumFAQ
    If you are new to Back|Track
    Back|Track Wiki
    Failure to do so will probably get your threads deleted or worse.

  9. #9
    Member imported_vvpalin's Avatar
    Join Date
    Apr 2009
    Posts
    442

    Default

    Quote Originally Posted by archangel.amael View Post

    See this section above, it makes you look like a script kiddie.
    Why? Well that's easy, re-read what you wrote. Claims of "IN THE WILD testing" well that would generally be indicative of illegal activities. "75% of what you tested" What you tested should be your own equipment. As such 100% is the number you would want to have stated, since you would know the password.
    I was 2 seconds away from reporting it and clicked back to make sure i got everything correct and low and behold you posted already lol
    Using backtrack for the first time is like being 10 years old again with the keys to a Ferrari.

  10. #10
    Very good friend of the forum Virchanza's Avatar
    Join Date
    Jan 2010
    Posts
    863

    Default

    Quote Originally Posted by archangel.amael View Post
    WEP has been cracked in under 5 minutes.
    Once or twice I've had Aircrack-ng finish in the blink of an eye. As soon as I hit Return it just pops up Key Found!

    And that's without talking about SpoonWEP
    Ask questions on the open forums, that way everybody benefits from the solution, and everybody can be corrected when they make mistakes. Don't send me private messages asking questions that should be asked on the open forums, I won't respond. I decline all "Friend Requests".

Page 1 of 2 12 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •