Question about wordlists and aircrack-ng
I had two questions and I don't know if I should be asking them in different forums/threads so if there's a problem just let me know.
1) My first question is regarding wordlists. My goal was to learn enough about to networking/linux/aircrack-ng to break into my own wireless network and use it. After a few weeks I've finally been able to get to the point in aircrack where I've captured the 4-way handshake but I can't figure out how to crack it.
Now, the router's password is badtimes12 which of course isn't in the sample 'password.lst' that comes with aircrack. When I edit password.lst and added 'badtimes12' it "cracked" the password and says "key found" so I know my procedures/commands are correct.
What I don't understand is how can you get a wordlist big enough to have not only every word, but every combination of words and numbers. Can anyone explain how wordlists work or how to get mine to work?
I tried downloading wordlists that had every word in the dictionary in them. They included 'bad' and 'times' seperately but even when I added 'badtimes' it didn't work, it needs the exact password ("badtimes12") to work. How is it possible to even have a wordlist big enough to crack simple passwords like 'badtimes12'?
I understand that wordlists can be as big as you want. But you would need a wordlist that is 500GB just be able to crack a 10-character password that is generated randomly. Take "e5o3!_3.@*" for instance; does this mean that password is uncrackable? Do professional hackers really keep a 500GB file around for cracking passwords or is there an easier way?
Are there programs you just feed the psk.cap file and it cracks it?
2)The first question was more conceptual but this is kind of a troubleshooting one.
Everything I've tried from aircrack-ng has worked, including the injection test, except when I enter
aireplay-ng -0 1 -a 00:14:6C:7E:40:80 -c 00:0F:B5:FD:FB:C2 ath0
to do deauthentication. (Those MAC's are from the aircrack wiki) It tells me that I have "0 | 0 ACK", the troubleshooter says that means none of the packets being sent to the associated client are being heard. I was doing it to my other computer in the house so I know it's not too far, and I've gone through the rest of the troubleshooter and can't find the problem. My wireless card is an AR5007EG. Any suggestions?
Be careful of putting your actual network information on forums its generally not a good practice.
To address your post: Sounds like you are trying to go full brute force, not using a wordlist. Which means it'll take much much longer. Although I've never done it, I think you can pair up JTR with aircrack-ng to try and accomplish a more powerful wpa crack
Can you explain how JTR works differently than a wordlist?
And the passwords have sinced changed.
Originally Posted by glorifiedaccountant
John the Ripper documentation
what you are trying to do is almost impossible. WPA is still secure as long as you meet the industry standard for a secure password. Most wpa auditing would be done with 1 - 5 gig lists depending on hardware. If the clients AP passed that it would be considered secure from 97% of badguys. Just do the math and see how many keys persecond you are cracking, with out gpu power I assume it 2000-3000 per second so you can easily do the math and see it would be over a year just to bruteforce a lowercase 8 char. Password.
So assuming I don't enlist the help of my GPU, you just plain can't crack a WPA AP with a strong password at all? Or it just can't be done using wordlists?
Pretty much yeah. If your password is like: Iams0l33titzIns4n3 You can pretty much rest easy its secure.
Originally Posted by glorifiedaccountant
What about CIA, NSA, FBI, and those types of guys? I heard that manufacturers cannot sell a network product in America if there isn't a backdoor password on the device, and that password has to be given up to pass SEC or one of those agency's, allowing it to be legally sold in the U.S.
Do you have any references to back up this claim ?
Originally Posted by IHaveNoIdea