Page 1 of 2 12 LastLast
Results 1 to 10 of 11

Thread: Theory of Createing a WPA Dic / Wordlist

  1. #1
    Just burned his ISO
    Join Date
    Jun 2010
    Posts
    3

    Lightbulb Theory of Createing a WPA Dic / Wordlist

    i have a theory of creating a word-list for wpa cracking. this is it.... could i program a word list using the C Programing Language to generate billions of words that would be 8 letters - 12 letters long and than export the word list to the acceptable format like .txt or something like that? i know it it is doable it has to be.

    soo if i am going to work on this theory of my i would need to know more about wat WPA dictionaries are and what exactly are they(are they just a text file that get accessed by aircrack and goes though every word and match the bits with the actual wpa phase until it find the right one?)..

    im very interested about remote-exploiting i just finished exploiting my friends WEP Key.
    --------------------------------------------------------------------------------------------------------
    diffent question.. it took me 3 hours to get 15,000 IVs for the WEP key. did it take this long cause my VM HDD is only 6gb and CPU is only 1.7ghz dual core(vm used 1 core) with 1gb ram(vm used 512mb). or does it have to do with my Wifi adapter.. cause on one of the vids i watch it took the guy 4 minutes to get 30,000 IVs. any sultions to my problem?

  2. #2
    Junior Member dromar421's Avatar
    Join Date
    Jun 2010
    Location
    Some were out there or here
    Posts
    35

    Default Re: Theory of Createing a WPA Dic / Wordlist

    First it sounds like a good idea with script part but as anyone here will tell you google is your friend use it. 2 nd to be honest no one wants here how anyone gets (someone else key) might want to read rules of forum cause we all take that subject very offensive and could lead you to a lot of trouble. 3rd The question every one will ask more then likely is did you use airplay or any kind of program like that I have a laptop that has the duo core 1.7 and it takes like 3 min at most with all the commands and stuff to run it.
    Last edited by dromar421; 07-01-2010 at 05:56 AM.

  3. #3
    Junior Member
    Join Date
    Jun 2010
    Location
    Carmel, IN USA
    Posts
    36

    Default Re: Theory of Createing a WPA Dic / Wordlist

    It's a great theory but here are some things to keep in mind.

    1.) You are going to need a lot of space for the word lists while they are being created and to store them once you are finished.

    I have a word list that is 5 characters long made via crunch that is roughly 5.5 gigs

    2.) It is going to take a good deal of time to compile ( or make your lists ) depending on the characters used.

    Just wanted to put that out there for you. There are plenty of good word list tools out there. I would look at crunch and pyrit both can be found here on the board or by using some google fu.

    Keep us updated

  4. #4
    Super Moderator lupin's Avatar
    Join Date
    Jan 2010
    Posts
    2,943

    Default Re: Theory of Createing a WPA Dic / Wordlist

    Yes, wordlists are just text based files that contain all the words you wish to check, usually separated by a newline character. If you search the forums you should be able to find more than one thread that goes over the maths of how big various word lists would be (searching hint: I have participated in these threads).

    The basic outcome of the discussions on the topic is exactly as ondrovic mentioned above - comprehensive wordlists get really, really big and can take a really, really long time to generate, to the extent that what you are proposing would likely be unfeasible on commodity hardware.

    Your theory is definitely not a new one.
    Capitalisation is important. It's the difference between "Helping your brother Jack off a horse" and "Helping your brother jack off a horse".

    The Forum Rules, Forum FAQ and the BackTrack Wiki... learn them, love them, live them.

  5. #5
    Just burned his ISO
    Join Date
    Jun 2010
    Posts
    10

    Default Re: Theory of Createing a WPA Dic / Wordlist

    This would be much like an MD5 wordlist like rainbow tables. Those go up to about 1300GB. Help give you a relative size...

  6. #6
    Good friend of the forums gunrunr's Avatar
    Join Date
    Jan 2010
    Location
    shining my spoon
    Posts
    265

    Default Re: Theory of Createing a WPA Dic / Wordlist

    as far as your question concerning generating iv's, what attch did you use in aireplay?
    sometimes when its going slow or i am getting a lot of deauthentication packets i switch to a fragmentation and forge attack. When its successful and you are within acceptable range of the ap your ivs tend to go up at least 1000 every 5 to 10 seconds
    Wielder of the spoon of doom
    Summercon, Toorcon, Defcon, Bsides, Derbycon, Shmoocon oh my
    Come hang out with hackers on twitter @gunrunr556

  7. #7
    Just burned his ISO
    Join Date
    Jun 2010
    Posts
    3

    Default

    while working on the wordlist i tried new things first im working with numbers.. 8 digit 00000000 - 99999999. so i can up with this.... big error code try and see what happens.

    Code:
    int number_gen(){
        printf("00000000\n");
        char eight_bit;
        char string[100];
    
        int l = 0;
    
        for(eight_bit = '00000001'; eight_bit <= '99999999'; eight_bit++){
            string[l] = eight_bit;
            string[++l] = 0;
            puts(string);
        }
    }
    
    int main(){
        number_gen();
    
    return 0;
    }
    the error is from havering the 00000 before the 1.

    here is the better solution

    Code:
    int number_gen(){
    long long int i ;
    
        for ( i = 0 ; i < 99999999 ; i++ )
        printf("%08d\n",i) ;
    }
    Code:
    int main(){
        long long int i ;
        FILE *wordlist0;
        wordlist0 = fopen("wordlist0.txt", "w");
        for ( i = 0 ; i < 10000000 ; i++ ){
             fprintf(wordlist0,"%08d\n", i);
        }
        fclose(wordlist0);
    
        return 0;
    }
    this code generates a text document that has a list of numbers 00000000 - 10000000.
    the file that is generated is 97,657 kilobytes ... aprox. 100MB for just 10000000 lines of 8 digit number.
    so to actally cover 00000000 - 99999999 you going to have a 1GB file. WoWo.


    i have added a Number List Generator the i just programed check it out and let me know what you think? Win OS can open it unless you have WINE or some other Window Emulator. i could probly compile the code on a Linux machine.. but it would not have the SlowPrint Function unless i found smoe thing else that it can replace..
    Last edited by balding_parrot; 04-10-2013 at 12:44 PM.

  8. #8
    Just burned his ISO
    Join Date
    Jun 2010
    Posts
    3

    Default Re: Theory of Createing a WPA Dic / Wordlist

    Code:
    #include <stdio.h>
    #include <stdlib.h>
    
    int main(){
        int i = 25;
        char low_abc[] = {'a', 'b', 'c', 'd', 'e',
                            'f', 'g', 'h', 'i', 'j',
                            'k', 'l', 'm', 'n', 'o',
                            'p', 'q', 'r', 's', 't',
                            'u', 'v', 'w', 'x', 'y', 'z'};
    /*
        char CAP_ABC[] = {'A', 'B', 'C', 'D', 'E',
                            'F', 'G', 'H', 'I', 'J',
                            'K', 'L', 'M', 'N', 'O',
                            'P', 'Q', 'R', 'S', 'T',
                            'U', 'V', 'W', 'X', 'Y', 'Z'};
    */
        int a, b, c;
        FILE *wList = fopen("zlRainTable.txt", "w");
    
        for(a = 0; a <= i; a++){
            fprintf(wList, "%c\n", low_abc[a]);
            for(b = 0; b <= i; b++){
                fprintf(wList, "%c %c\n", low_abc[a], low_abc[b]);
                for(c = 0; c <= i; c++){
                    fprintf(wList, "%c %c %c\n", low_abc[a], low_abc[b], low_abc[c]);
                }
            }
        }
        fclose(wList);
    }
    this is what i got for a wordlist soo far. this code will generate list of words in a combintion of 1-3 letters a-z....... the CAP_ABC is commeted out for the reason of not being used. the next step is going to combine the CAPs and lows together... if any body wants to help out plz do. the reason im working with any 3 combation words is cause it doesnt make as big as file for testing after i get everything all set i will have it goto 7 letters since password are useally spilt into parts that have 7 digits in em. so if i had a password the was "aaabbbcccdddeee" than the pw would know as 3 parts "aaabbbc" "ccdddee" "e" right or am i wrong?
    but here is my code for a rainbow table with Lower Case a-z 3 letter combination.

    and agin if anybody would put in thier 2 cents that would be great.

    ok i added CAP Suport. here is the code........

    Code:
    #include <stdio.h>
    #include <stdlib.h>
    
    int main(){
        int i = 25; // size of abc+ABC arrays
    
        char low_abc[] = {'a', 'b', 'c', 'd', 'e',
                            'f', 'g', 'h', 'i', 'j',
                            'k', 'l', 'm', 'n', 'o',
                            'p', 'q', 'r', 's', 't',
                            'u', 'v', 'w', 'x', 'y', 'z'};
    
        char CAP_ABC[] = {'A', 'B', 'C', 'D', 'E',
                            'F', 'G', 'H', 'I', 'J',
                            'K', 'L', 'M', 'N', 'O',
                            'P', 'Q', 'R', 'S', 'T',
                            'U', 'V', 'W', 'X', 'Y', 'Z'};
    
        int a, b, c; // max length of letter combinetions
    
        FILE *wList = fopen("zlRainTable.txt", "w"); // the file it going to write to
    
        for(a = 0; a <= i; a++){
            fprintf(wList, "%c\n", low_abc[a]); //a
            fprintf(wList, "%c\n", CAP_ABC[a]); //A
    
            for(b = 0; b <= i; b++){
                fprintf(wList, "%c%c\n", low_abc[a], low_abc[b]); // aa
                fprintf(wList, "%c%c\n", CAP_ABC[a], CAP_ABC[b]); // AA
    
                fprintf(wList, "%c%c\n", CAP_ABC[a], low_abc[b]); //Aa
                fprintf(wList, "%c%c\n", low_abc[a], CAP_ABC[b]); //aA
    
                for(c = 0; c <= i; c++){
                    fprintf(wList, "%c%c%c\n", low_abc[a], low_abc[b], low_abc[c]); //aaa
                    fprintf(wList, "%c%c%c\n", CAP_ABC[a], CAP_ABC[b], CAP_ABC[c]); //AAA
    
                    fprintf(wList, "%c%c%c\n", CAP_ABC[a], low_abc[b], low_abc[c]); //Aaa
                    fprintf(wList, "%c%c%c\n", low_abc[a], low_abc[b], CAP_ABC[c]); //aaA
    
                    fprintf(wList, "%c%c%c\n", low_abc[a], CAP_ABC[b], CAP_ABC[c]); //aAA
                    fprintf(wList, "%c%c%c\n", CAP_ABC[a], CAP_ABC[b], low_abc[c]); //AAa
    
                    fprintf(wList, "%c%c%c\n", CAP_ABC[a], low_abc[b], CAP_ABC[c]); //AaA
                    fprintf(wList, "%c%c%c\n", low_abc[a], CAP_ABC[b], low_abc[c]); //aAa
                }
            }
        }
        fclose(wList);
    }
    Last edited by zophtlag; 07-07-2010 at 08:56 PM. Reason: Cap Support

  9. #9
    Just burned his ISO
    Join Date
    Jul 2010
    Posts
    2

    Default Re: Theory of Createing a WPA Dic / Wordlist

    why u don't use crunch ?

  10. #10
    Junior Member
    Join Date
    Jan 2010
    Posts
    36

    Default Re: Theory of Createing a WPA Dic / Wordlist

    Personally i think a better way to go would be targeted wordlists.

    I.E. Getting as much info as you can about the target in question and then throwing it into CUPP, then taking that and running it through john. Things like phone number, car, last names, schools etc etc would be very usefull. Also if they have any myspace / facebook accounts grepping those for words and "fuzzing" them would also be a good idea.

Page 1 of 2 12 LastLast

Similar Threads

  1. Hotspot theory
    By imported_Crash_Override in forum OLD Wireless
    Replies: 5
    Last Post: 08-14-2009, 11:15 PM
  2. Replies: 28
    Last Post: 10-23-2008, 10:28 AM
  3. Ettercap theory
    By Mastor-Winfrey in forum OLD Newbie Area
    Replies: 3
    Last Post: 07-31-2008, 05:21 PM
  4. Theory and practice
    By Shatter in forum OLD Newbie Area
    Replies: 3
    Last Post: 04-28-2008, 04:05 PM
  5. The theory work
    By hongman in forum OLD Newbie Area
    Replies: 13
    Last Post: 03-12-2008, 11:53 PM

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •