testing wpa with known wordlist - NOT offline cracking

[lwi004]

Is there an easy way of testing a WPA password list automatically on the router?

I am trying to demonstrate the weakness of leaving WiFI on ALSO when not being used.

Alot of the routers come with a default password for the WPA/ WPA2 -PSK key. This is the mac address
followed by a hyphen followed by the serial number of the unit (4 digits).

Obtaining the mac address is easy and creating a wordlist with macaddress - and all numbers from 0000 to 9999 is also easy.

Is there a way to forcibly try all 9999 passwords on the router automatically? As the wifi is not in use I can't deauth a client and taking 2 machines to demonstrate to try and creat a fake auth is too cumbersome.

Any ideas?

Thanks

[Archangel-Amael]

# man hydra
and or
# man medusa should get you started

[lwi004]

Unfortunately medusa and hydra seem to work for gaining actual access to the router once on the wlan. I am wanting to use something to bruteforce the access onto the wlan. So I need to use bssid and then the password list to test each of the passwords to see which WPA-PSK is correct.

COuldn't find out how to do that with either medusa or hydra.

Thanks

[lwi004]

These are great for gaining access to the router. I need something similar with a "wlan attack" style mode as I am trying to demonstrate the weakness of not changing the WPA-PSK for access to the wlan. Even though technically the password is 17 characters. Only the last 4 are variable.

Thanks