crunch | pyrit | cowpatty

[pr0xibus]

Morning guys,

I have a question just need to know if its possible.

I have 2 BTHomeHub2's the new black ones. The WPA2 keys are 8 Chars long and Only uppercase this is by default. BT being the most widly used ISP in the UK everyone seems to have the Hubs, i have looked at several of them from friends and have noticed that being 8 chars long and only uppercase none of the 10 or so i have seen including mine have any repeating characters one after another i.e. BD"PP"ADBG. Now on my Hubs i decided to do a crack without dictionaries or rainbow tables. the command i used was

Code:

/pentest/passwords/crunch/crunch 8 8 ABCDEFGHIJKLMNOPQRSTUVWXYZ | pyrit -e BTHomehub2-0332 -i - -o - passthrough | cowpatty -d - -r wpafile.cap -s BTHomeHub2-0332

I have changed the code on my homehubs to start with AAA just too see if it worked. But now to the question. Is it possible to add into the command above to miss chars that are the same one after another i.e. it would miss AAAAAAAA or BBBBBBBB or AAABBBBAA although it would try ABCDEFGH or NDHFJEOD non repeating chars one after another

Afternoon guys.

I have 2 BTHub Routers, BT being the most widly used ISP in the UK most people have them. Anyway the default WPA2 key on both of my routers and im assuming all BTHub3 routers is 8 chars all uppercase. NO two characters will repeat one after another i.e. "EE II". Is their anyway to incorporate missing out all keys that have two or more repeating characters one after another in the command below

/pentest/passwords/crunch/crunch 8 8 ABCDEFGHIJKLMNOPQRSTUVWXYZ | pyrit -e BTHub3 -i - -o - passthrough | cowpatty -d - -r wpafile.cap -s BTHub3

Thanks

[TAPE]

You would have to write a bit of code, using sed to alter the wordlist crunch created, actually not sure whether you would hten be able to pass that through or not.

This question has come up quite a few times, now I realise why...

[pr0xibus]

looking through the man pages of crunch i think i may have found it but im now trying to think how could i apply it to the command i have

Code:

       [-p  charset]  OR  [-p word1 word2 ...] is optional and tells crunch to
       generate words that don't have repeating characters.  By default crunch
       will  generate  a  wordlist  size of #of_chars_in_charset ^ max_length.
       This option will instead generate #of_chars_in_charset!.  The !  stands
       for  factorial.   For  example say the charset is abc and max length is
       4..  Crunch will by default generate 3^4 = 81 words.  This option  will
       instead  generate  3! = 3x2x1 = 6 words (abc, acb, bac, bca, cab, cba).
       THIS MUST BE THE LAST OPTION!
       This option CANNOT be used with -s or -t and it  ignores  min  and  max
       length however you must still specify two numbers.

Will this option allow me to stop repeating characters one after another or will it stop repeating characters through out the entire 8 char range?

looking through the man pages of crunch i think i may have found it but im now trying to think how could i apply it to the command i have

Code:

       [-p  charset]  OR  [-p word1 word2 ...] is optional and tells crunch to
       generate words that don't have repeating characters.  By default crunch
       will  generate  a  wordlist  size of #of_chars_in_charset ^ max_length.
       This option will instead generate #of_chars_in_charset!.  The !  stands
       for  factorial.   For  example say the charset is abc and max length is
       4..  Crunch will by default generate 3^4 = 81 words.  This option  will
       instead  generate  3! = 3x2x1 = 6 words (abc, acb, bac, bca, cab, cba).
       THIS MUST BE THE LAST OPTION!
       This option CANNOT be used with -s or -t and it  ignores  min  and  max
       length however you must still specify two numbers.

Will this option allow me to stop repeating characters one after another or will it stop repeating characters through out the entire 8 char range?

Well the -p option works but as it says in the man page min and max length are out of the window. looks like i will have to find another way. Cheers for your help anyway