Page 2 of 4 FirstFirst 1234 LastLast
Results 11 to 20 of 32

Thread: capture WPA Handshake

  1. #11
    Member
    Join Date
    May 2007
    Posts
    138

    Default

    Cracking WPA/WPA2 is simple enough if you're attacking your own network...just have a look in your dictionary and use a password that's definitely in there

    Then when it comes to securing your network make sure that the word you use one that definitely ISN'T in your dictionary...although once you've had a look in a dictionary you'll have a good idea what not to use, common sense will keep you safe!!!

  2. #12
    Junior Member
    Join Date
    Aug 2007
    Posts
    63

    Default

    Greetings Theprez98,

    since i'm still tryin to crack my AP with encryption WPA2+AES and gettin some trouble with the aircrack and a good dictionary i dont understand wht do u mean with your sentence " It's not about having "enough" words, but all about having the exact word within the dictionary. " cause its my probably the answer of my problem try it out a few days not but nothin ... im tryin now with a dictionary found in the link's -=XPloitz=- gave me

  3. #13
    Senior Member
    Join Date
    Apr 2007
    Posts
    3,385

    Default

    Not to "be the voice" of theprez98..

    but if you don't have the correct password in your dictionary...you can't crack it VIA brute forcing methods such as aircrack and cowpatty. For example..in my video I used xploitztutorial as the password for my WPA/WPA2 video tutorial. Now, do you really think thats in a common dictionary? of course not!! I added it to my password list. A dictionary with 100,000,000,000 (1 REAL word per line) is rendered useless if the password to your WPA2+AES router/AP is say...............trick3du

    Why?? Because the word trick3du is NOT A REAL WORD..it has the number 3 in it..which right there eliminates all 100,000,000,000 real words in that dictionary from working..that and I used the letter u in replace of the word you. Get it now???
    [CENTER][FONT=Book Antiqua][SIZE=5][B][COLOR=blue][FONT=Courier New][COLOR=red]--=[/COLOR][/FONT]Xploitz[FONT=Courier New][COLOR=red]=--[/COLOR][/FONT][/COLOR][/B][/SIZE][/FONT][FONT=Courier New][COLOR=Black][SIZE=6][B] ®[/B][/SIZE][/COLOR][/FONT][/CENTER]
    [CENTER][SIZE=4][B]Remote-Exploit.orgs Master Tutorialist.[/B][/SIZE][SIZE=6][B]™
    [/B][/SIZE]
    [URL="http://forums.remote-exploit.org/showthread.php?t=9063"][B]VIDEO: Volume #1 "E-Z No Client WEP Cracking Tutorial"[/B]
    [/URL]
    [URL="http://forums.remote-exploit.org/showthread.php?t=7872"][B]VIDEO: Volume #2 "E-Z No Client Korek Chopchop Attack Tutorial"[/B]
    [/URL]
    [URL="http://forums.remote-exploit.org/showthread.php?t=8230"][B]VIDEO: Volume #3 "E-Z WPA/WPA2 Cracking Tutorial"[/B][/URL]

    [URL="http://forums.remote-exploit.org/showthread.php?t=8041"][B]VIDEO: Volume #4 "E-Z Cracking WPA/WPA2 With Airolib-ng Databases"[/B][/URL]
    [/CENTER]

  4. #14
    Junior Member
    Join Date
    Aug 2007
    Posts
    63

    Default

    Thk for answerin i understand now that i need to have my passphrase added to my dictionary to make it work via brute forcing but then my question is: there is anythin u can use to crack your WPA/WPA2 key if the passphrase is not in your dictionary ?

  5. #15
    Member
    Join Date
    Apr 2007
    Posts
    163

    Default

    here is anythin u can use to crack your WPA/WPA2 key if the passphrase is not in your dictionary ?
    for sure... if you have... well... let's say... 100.000 years of time. Or a supercomputer you can call your own; assuming the password has a minimum character length of 8, with digits and special chars.

    with wpa2/aes, the password is mixed with the essid of your network, so it's difficult to crack it. The only way is brute-force (try every possible combination). If the password is long enough, with special characters and numbers... no way.

    for my personal taste, you are asking too much about cracking wpa and don't know the password, so the question is: is this really your network??
    The answer is 42.

  6. #16
    Senior Member shamanvirtuel's Avatar
    Join Date
    Mar 2010
    Location
    Somewhere in the "Ex" human right country
    Posts
    2,988

    Default

    NO

    the trick is to have a HUGE dict file covering 8-16 chars words (most of pass are max 16 long wpa holds (8-64 length key)

    i got specialized dict for each language i work with
    with a-z A-Z 1-9 and weird chars distinct dicts , intermediate ones like a-z+A-Z, .......... and a huge one a-z +A-Z +1-9+weirds.....

    and i got that for french and english

    the other trik is when you find a wpa passphrase for an ap, is to save somewhere the hashes for its essid.
    will save you to recompute hashes if you work on an other ap with same essid.........

    and the last trick is to have a dedicated computer with large disks and ram ....with bt of course
    Watch your back, your packetz will belong to me soon... xD

    BackTrack :
    Giving Machine Guns to Monkeys since 2006

  7. #17
    Developer balding_parrot's Avatar
    Join Date
    May 2007
    Posts
    3,399

    Default

    Quote Originally Posted by johnjohnsp1 View Post
    Thk for answerin i understand now that i need to have my passphrase added to my dictionary to make it work via brute forcing but then my question is: there is anythin u can use to crack your WPA/WPA2 key if the passphrase is not in your dictionary ?
    Short answer No

    You could look into creating a dictionary with all possible combinations of usable characters but unless you have many many thousands of TB's of storage and thousands of years to create it, plus the many hundreds of thousands of years to actually brute force the key from that, then no.

    Here is a quote from another thread discussing this

    Quote Originally Posted by balding_parrot View Post
    If you do your research on creating a dictionary, you will soon find that a suitable dictionary to cover this type of passphrase will run into many hundreds of thousands of TerraBytes.

    Here is a quote from another thread on creating a dictionary
    What exactly did you expect? why do you think bruteforce attacks take so long? what you are trying to do is make a brute force dictionary

    so lets say for argument sake you look at the 128 characters in the standard ascii table and a password is only 4 characters long

    128x128x128x128= 268,435,456 bytes for a 4 character password=268mb

    6 chars 4,398,046,511,104 bytes 4.5TB if i got my factors right in my head and its a sunday afternoon so i might not have

    OK so 128 is extreme so try 70 characters (or so) on a standard key board with out any extra effort and not counting case sensitivity

    4 chars = 24,010,000 bytes
    6 chars = 117,649,000,000 bytes
    So from that if you take into account that the passphrase I gave would need you to create the dictionary using approx 200 possible characters for each of the 63 characters in my passphrase, how big is that dictionary going to be and how long will it take to create?
    Supposing that you had created that dictionary, if you just limited it to only the lines that had 63 characters it would have 9.223372036854775808e+144 words a decent computer set to crack a wpa key when it has all of the parts needed can manage about 50 per second which is about 1.8446744073709551616e+143 seconds to guarantee to find the right one. which is 5.8494241735507203247082699137494e+135 years
    Now consider that I limited this to 200 character when it could have been more like 350 or so.
    All of this is based on you knowing that I am using 63 characters, what if you don't know if it is 21 43 50 8 62 or whatever.

    All of this is based on just WPA, if you were to throw a RADIUS server into the mix then.... well you get the idea.

    So yes at this moment in time I would bet the farm

  8. #18
    Junior Member
    Join Date
    Aug 2007
    Posts
    63

    Default

    Yes, it's my network was just doin a few test and since im new to this world was thinkin if it can be a chance to get it thk for the help to understand all of u

  9. #19
    Senior Member shamanvirtuel's Avatar
    Join Date
    Mar 2010
    Location
    Somewhere in the "Ex" human right country
    Posts
    2,988

    Default

    last thing i can tell is SE,

    i mean try to accurate dict files with language, specifities of owner of ap etc....more chance..........but i will not go further in this direction because i will go out of legality.......and it's not the place and not my intention....
    Watch your back, your packetz will belong to me soon... xD

    BackTrack :
    Giving Machine Guns to Monkeys since 2006

  10. #20
    Member
    Join Date
    Apr 2007
    Posts
    163

    Default

    the trick is to have a HUGE dict file covering 8-16 chars words (most of pass are max 16 long wpa holds (8-64 length key)
    that's why i use a 26 char key
    The answer is 42.

Page 2 of 4 FirstFirst 1234 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •