Page 1 of 6 123 ... LastLast
Results 1 to 10 of 66

Thread: free online wpa cracker project idea

Hybrid View

  1. #1
    Member CKing's Avatar
    Join Date
    Mar 2010
    Location
    downtown, riverfront
    Posts
    83

    Lightbulb free online wpa cracker project idea

    I'm just brainstorming here but I think I'm onto something.

    Problem: WPA-PSK is vulnerable to attacks from pre-computed hash table created by essid, but this is difficult to demonstrate in the field, and without using resources to create tables.

    Proposal: An free online based tool to audit wpa passwords.

    Possible Methods:
    - Webpage based: This was my original idea but I see it being abused too easily, its too hard to weed out skiddies. Best solution I came up with was asking technical questions, if nothing else it would teach use of google. Otherwise I considered Email based auth for a manual approach, just letting everyone in, but they all have serious caveats

    - Program(authentication at least) based: This program would request BT forums username and password to verify a minimum post count in this method; login, get $Username via "Welcome $Username" get postcount via "hxxp://wxw.backtrack-linux.org/forums/members/$Username.htm" if postcount >10 upload cap to server and let it work its magic

    Result: One step closer to that big red button

    Notes:I'm willing to provide hardware, some time, but im not taking a loss to serve this, electricity and hosting isnt free, ad based income would likely be sufficient, on the same token, additional revenue would be donated to hfc. This will all be open source, and to get this operational in a timely fashion community support will be required. The convoluted auth process sucks(see issues) but how else can this be done without just passing it to something made on backtrack servers, or passing creds to untrusted(me) servers? A database from new essids, passwords added over time could be very useful considering

    Issues: Even with the proposed program auth process and a closed source file pointing to the WPA-audit server, the server address could easily be sniffed, exposed to the skiddies(thought about ssl but host is still plaintext, isnt it? ssh tunnel maybe?(but then who hosts that?) proxy?) How to make money back(force popup to remain on screen until password found or max time?) just go with webpage based (are we going in circles here?) I might be stepping on toes.

    Ideas bin:
    option to test your area codes phone numbers - not added to db
    other such options, add a name or other profiling options to permutate

    more to come(hopefully)

  2. #2
    Super Moderator Archangel-Amael's Avatar
    Join Date
    Jan 2010
    Location
    Somewhere
    Posts
    8,012

    Default Re: free online wpa cracker project idea

    I don't want to ruin your dreams here ( so keep going) but there are several similar services already available.
    Here is the link to purhates Password Crackers » Welcome to Question Defense Tools Probably one (if not the best) cracker around. I think he has like every word from every language in the world in his dictionaries.
    But seriously keep working on your ideas. I mean there are a billion tutorials on cracking a dang wep key so why not another wpa cracker project.
    To be successful here you should read all of the following.
    ForumRules
    ForumFAQ
    If you are new to Back|Track
    Back|Track Wiki
    Failure to do so will probably get your threads deleted or worse.

  3. #3
    Member CKing's Avatar
    Join Date
    Mar 2010
    Location
    downtown, riverfront
    Posts
    83

    Default Re: free online wpa cracker project idea

    Thanks for the support! I am aware of purehates cracker and this is why I put stepping on toes in the issues category. I'm aware of one other, and both of these services are pay to play. I'm all about the open source and community involvement and a free, valuable service for legitimate users is my only goal.

    Update
    New idea thanks to a post by loser3000: An option for handshakes with passwords not found or still in queue to be downloaded and cracked by volunteers.

    First temporary version consists of an upload script on a free hosting server, and a download/crack script on my server

    temporary server
    Last edited by CKing; 09-03-2010 at 12:08 AM.

  4. #4
    Just burned his ISO
    Join Date
    Jan 2011
    Location
    Great Britain
    Posts
    9

    Default Re: free online wpa cracker project idea

    Re: free online wpa cracker project idea

    Give up, or check HERE.
    That doesn't help in any way shape or form.

    Anyways, "The more you put in, the more you get out." - Richard Reeves. And we are putting lots in so it WILL pay off.

    And mods, what is the point of having to approve posts if your going to let any post though that does nothing worth wild?

  5. #5
    Developer
    Join Date
    Mar 2007
    Posts
    6,124

    Default Re: free online wpa cracker project idea

    Quote Originally Posted by GingerP View Post
    That doesn't help in any way shape or form.

    Anyways, "The more you put in, the more you get out." - Richard Reeves. And we are putting lots in so it WILL pay off.

    And mods, what is the point of having to approve posts if your going to let any post though that does nothing worth wild?
    The post approval process is only for a users first 15 posts. I agree that post was not necessary and I have removed it. In the future, when you have a "user" issue, please PM a moderator for assistance and if that doesn't work PM me.

  6. #6
    Junior Member wh1t3fang's Avatar
    Join Date
    Nov 2010
    Location
    from the internet
    Posts
    75

    Default Re: free online wpa cracker project idea

    This is going to be a lot of hard work but it seems like you guys are off to a good start. just dont be disappointed if it fails.
    wh1t3 fang

  7. #7
    Just burned his ISO
    Join Date
    Sep 2007
    Posts
    7

    Default Re: free online wpa cracker project idea

    That's cool if you do it for free. You could have an option for people to upload the rainbow table. We can find volunteer to generate a rainbow table. One group of people generating phone number and the other generating words. we can assign some people to work on the word start with some letter and so on.

    I think if everybody working together we can come up with a huge archive with all of the possible words and number.

    possible, just let people working on this project use your service first because if not, I think you will have a full load of people uploading the cap file. So if you want to use it, you need to distribute something.

  8. #8
    Member CKing's Avatar
    Join Date
    Mar 2010
    Location
    downtown, riverfront
    Posts
    83

    Default

    Quote Originally Posted by fastzones View Post
    That's cool if you do it for free. You could have an option for people to upload the rainbow table. We can find volunteer to generate a rainbow table. One group of people generating phone number and the other generating words. we can assign some people to work on the word start with some letter and so on.

    I think if everybody working together we can come up with a huge archive with all of the possible words and number.

    possible, just let people working on this project use your service first because if not, I think you will have a full load of people uploading the cap file. So if you want to use it, you need to distribute something.
    Only allowing developers access until were out of alpha is a good idea. That said, anyone who would like to contribute to this project should post here or pm me. Please include what skills(testing if nothing else) you can provide.

    The problem with allowing other clients to upload tables is the difficulty of verifying the accuracy, a better implementation of volunteered cpu or gpu power would be publicly available caps that are in queue or not crackable by my wordlist for volunteers to attempt to crack, or clients serving gpu power for the main server to utilize. Bandwidth becomes an issue in that situation, inefficiency in the former.

    Quote Originally Posted by purehate View Post
    Let me just say, your not stepping on my toes if you try to do something for free. I will however list some of the problems your are going to have.
    1. Hosting, electricity and time is not free
    2. Over half of the people will upload broken or incomplete captures which you will then have to track down and fix, reupload, etc.
    3. If you are using wpa look up tables, a table of 64 million words for one essid is about 1.9 gigs so you will need a lot of space.
    4. If you try to use GPUs then you have cost of hardware.
    5. In a service like this you will probably only get people who are up to no good because due to scopes, contracts and other legalities in pentesting, no professional would be able to upload his file to your server.
    6. Donations never work
    7. You will be constantly under attack (I know I am)
    8. Receiving capture files and making sure they are *really* wpa captures is not as easy as you think.
    9. Its a lot more work than you think.
    10. If it was easy as you think, every one would be doing it.
    11. WPA is hard to crack. I consider myself one of the best at it and I still only have about a 25%-35% cracking average and that is based on about 3500 cap files so be prepared for lots of angry emails.
    12. Most hosting companies will eventually shut down a password cracker.
    My entire system is automated but I still spend at least a few hours a day fixing things, replying to emailed questions, checking logs, securing services so be ready to put some real work in.

    I just thought I would share a few points you may not have thought of yet.

    EDIT: So I just tried to upload a capture and the entire site went down.
    You actually got to the upload script without a crash? I'm impressed, you must have the patience of a saint. That server is free and you get what you pay for. Hopefully I can upgrade in the near future but as you pointed out hosts aren't too keen on password crackers. I've been emailing hosts to verify their consent for my proposal and you're right, finding a secure, cost effective host thats willing to host this service is a difficult task in itself.

    Uploading broken .caps, angry emails, idiots are of little consequence to me; if you don't understand the process, you shouldn't be using the service anyway. This brings me to the issue of nogoodniks using the service, its one of the hardest things to prevent but I do have a few tricks up my sleeve to fight cyberdouchery.

    I'm curious about #8, are you suggesting something malicious might be uploaded, or just idiocy?

    I hope to eventually mask the host somehow to avoid attacks. This is likely impossible to properly implement, but thats not going to stop me from trying.

    I know this project will require a lot of work, money, and time, the truth is I cant provide it ALL myself while balancing work and other responsibilities, my goal is a service maintained and created by the community(hint: step up people!).

    Password profiling would increase the chances of successful psk retrieval. I'm sure your aware that phone numbers are a ridiculously common password choice. For a real fun time, the fingerprinting attack described at Automated Password Cracking: Use oclHashcat To Launch A Fingerprint Attack (we'll call that the the serverburner3000 (3000 for years))

    All in all I think this project has potential, even with the issues you've pointed out. I'm sure that there will be even more issues to come, but with a little bit of support and a good team theres not much that can get in our way. The fact that 2 of the people I hold in extremely high regard in this industry have already posted their thoughts on this project is in my opinion a great honour and a fantastic start to a hopefully fantastic project.
    Last edited by Archangel-Amael; 09-04-2010 at 02:45 PM.

  9. #9
    Developer
    Join Date
    Mar 2007
    Posts
    6,124

    Default Re: free online wpa cracker project idea

    Let me just say, your not stepping on my toes if you try to do something for free. I will however list some of the problems your are going to have.
    1. Hosting, electricity and time is not free
    2. Over half of the people will upload broken or incomplete captures which you will then have to track down and fix, reupload, etc.
    3. If you are using wpa look up tables, a table of 64 million words for one essid is about 1.9 gigs so you will need a lot of space.
    4. If you try to use GPUs then you have cost of hardware.
    5. In a service like this you will probably only get people who are up to no good because due to scopes, contracts and other legalities in pentesting, no professional would be able to upload his file to your server.
    6. Donations never work
    7. You will be constantly under attack (I know I am)
    8. Receiving capture files and making sure they are *really* wpa captures is not as easy as you think.
    9. Its a lot more work than you think.
    10. If it was easy as you think, every one would be doing it.
    11. WPA is hard to crack. I consider myself one of the best at it and I still only have about a 25%-35% cracking average and that is based on about 3500 cap files so be prepared for lots of angry emails.
    12. Most hosting companies will eventually shut down a password cracker.
    My entire system is automated but I still spend at least a few hours a day fixing things, replying to emailed questions, checking logs, securing services so be ready to put some real work in.

    I just thought I would share a few points you may not have thought of yet.

    EDIT: So I just tried to upload a capture and the entire site went down.
    Last edited by purehate; 09-03-2010 at 04:07 PM.

  10. #10
    Just burned his ISO
    Join Date
    Sep 2010
    Posts
    5

    Thumbs up Re: free online wpa cracker project idea

    CKing , you'r good man .
    I admire you .

Page 1 of 6 123 ... LastLast

Similar Threads

  1. Replies: 13
    Last Post: 03-14-2011, 05:39 PM
  2. online wpa cracker
    By purehate in forum OLD General IT Discussion
    Replies: 103
    Last Post: 12-31-2009, 08:46 AM
  3. Project: What about WPA online cracking?
    By RaginRob in forum OLD Wireless
    Replies: 7
    Last Post: 03-12-2009, 03:00 PM
  4. Stanford offers free courses online
    By Back|Track_user in forum OLD General IT Discussion
    Replies: 2
    Last Post: 09-26-2008, 08:37 PM
  5. New Project To End Stupidity Online
    By thorin in forum OLD General IT Discussion
    Replies: 5
    Last Post: 12-07-2007, 09:53 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •