free online wpa cracker project idea

[CKing]

I'm just brainstorming here but I think I'm onto something.

Problem: WPA-PSK is vulnerable to attacks from pre-computed hash table created by essid, but this is difficult to demonstrate in the field, and without using resources to create tables.

Proposal: An free online based tool to audit wpa passwords.

Possible Methods:
- Webpage based: This was my original idea but I see it being abused too easily, its too hard to weed out skiddies. Best solution I came up with was asking technical questions, if nothing else it would teach use of google. Otherwise I considered Email based auth for a manual approach, just letting everyone in, but they all have serious caveats

- Program(authentication at least) based: This program would request BT forums username and password to verify a minimum post count in this method; login, get $Username via "Welcome $Username" get postcount via "hxxp://wxw.backtrack-linux.org/forums/members/$Username.htm" if postcount >10 upload cap to server and let it work its magic

Result: One step closer to that big red button

Notes:I'm willing to provide hardware, some time, but im not taking a loss to serve this, electricity and hosting isnt free, ad based income would likely be sufficient, on the same token, additional revenue would be donated to hfc. This will all be open source, and to get this operational in a timely fashion community support will be required. The convoluted auth process sucks(see issues) but how else can this be done without just passing it to something made on backtrack servers, or passing creds to untrusted(me) servers? A database from new essids, passwords added over time could be very useful considering

Issues: Even with the proposed program auth process and a closed source file pointing to the WPA-audit server, the server address could easily be sniffed, exposed to the skiddies(thought about ssl but host is still plaintext, isnt it? ssh tunnel maybe?(but then who hosts that?) proxy?) How to make money back(force popup to remain on screen until password found or max time?) just go with webpage based (are we going in circles here?) I might be stepping on toes.

Ideas bin:
option to test your area codes phone numbers - not added to db
other such options, add a name or other profiling options to permutate

more to come(hopefully)

[Archangel-Amael]

I don't want to ruin your dreams here ( so keep going) but there are several similar services already available.
Here is the link to purhates Password Crackers » Welcome to Question Defense Tools Probably one (if not the best) cracker around. I think he has like every word from every language in the world in his dictionaries.
But seriously keep working on your ideas. I mean there are a billion tutorials on cracking a dang wep key so why not another wpa cracker project.

[CKing]

Thanks for the support! I am aware of purehates cracker and this is why I put stepping on toes in the issues category. I'm aware of one other, and both of these services are pay to play. I'm all about the open source and community involvement and a free, valuable service for legitimate users is my only goal.

Update
New idea thanks to a post by loser3000: An option for handshakes with passwords not found or still in queue to be downloaded and cracked by volunteers.

First temporary version consists of an upload script on a free hosting server, and a download/crack script on my server

temporary server

[fastzones]

That's cool if you do it for free. You could have an option for people to upload the rainbow table. We can find volunteer to generate a rainbow table. One group of people generating phone number and the other generating words. we can assign some people to work on the word start with some letter and so on.

I think if everybody working together we can come up with a huge archive with all of the possible words and number.

possible, just let people working on this project use your service first because if not, I think you will have a full load of people uploading the cap file. So if you want to use it, you need to distribute something.

[purehate]

Let me just say, your not stepping on my toes if you try to do something for free. I will however list some of the problems your are going to have.
1. Hosting, electricity and time is not free
2. Over half of the people will upload broken or incomplete captures which you will then have to track down and fix, reupload, etc.
3. If you are using wpa look up tables, a table of 64 million words for one essid is about 1.9 gigs so you will need a lot of space.
4. If you try to use GPUs then you have cost of hardware.
5. In a service like this you will probably only get people who are up to no good because due to scopes, contracts and other legalities in pentesting, no professional would be able to upload his file to your server.
6. Donations never work
7. You will be constantly under attack (I know I am)
8. Receiving capture files and making sure they are *really* wpa captures is not as easy as you think.
9. Its a lot more work than you think.
10. If it was easy as you think, every one would be doing it.
11. WPA is hard to crack. I consider myself one of the best at it and I still only have about a 25%-35% cracking average and that is based on about 3500 cap files so be prepared for lots of angry emails.
12. Most hosting companies will eventually shut down a password cracker.
My entire system is automated but I still spend at least a few hours a day fixing things, replying to emailed questions, checking logs, securing services so be ready to put some real work in.

I just thought I would share a few points you may not have thought of yet.

EDIT: So I just tried to upload a capture and the entire site went down.

[n37w4lk3r]

CKing , you'r good man .
I admire you .

[CKing]

That's cool if you do it for free. You could have an option for people to upload the rainbow table. We can find volunteer to generate a rainbow table. One group of people generating phone number and the other generating words. we can assign some people to work on the word start with some letter and so on.

I think if everybody working together we can come up with a huge archive with all of the possible words and number.

possible, just let people working on this project use your service first because if not, I think you will have a full load of people uploading the cap file. So if you want to use it, you need to distribute something.

Only allowing developers access until were out of alpha is a good idea. That said, anyone who would like to contribute to this project should post here or pm me. Please include what skills(testing if nothing else) you can provide.

The problem with allowing other clients to upload tables is the difficulty of verifying the accuracy, a better implementation of volunteered cpu or gpu power would be publicly available caps that are in queue or not crackable by my wordlist for volunteers to attempt to crack, or clients serving gpu power for the main server to utilize. Bandwidth becomes an issue in that situation, inefficiency in the former.

Let me just say, your not stepping on my toes if you try to do something for free. I will however list some of the problems your are going to have.
1. Hosting, electricity and time is not free
2. Over half of the people will upload broken or incomplete captures which you will then have to track down and fix, reupload, etc.
3. If you are using wpa look up tables, a table of 64 million words for one essid is about 1.9 gigs so you will need a lot of space.
4. If you try to use GPUs then you have cost of hardware.
5. In a service like this you will probably only get people who are up to no good because due to scopes, contracts and other legalities in pentesting, no professional would be able to upload his file to your server.
6. Donations never work
7. You will be constantly under attack (I know I am)
8. Receiving capture files and making sure they are *really* wpa captures is not as easy as you think.
9. Its a lot more work than you think.
10. If it was easy as you think, every one would be doing it.
11. WPA is hard to crack. I consider myself one of the best at it and I still only have about a 25%-35% cracking average and that is based on about 3500 cap files so be prepared for lots of angry emails.
12. Most hosting companies will eventually shut down a password cracker.
My entire system is automated but I still spend at least a few hours a day fixing things, replying to emailed questions, checking logs, securing services so be ready to put some real work in.

I just thought I would share a few points you may not have thought of yet.

EDIT: So I just tried to upload a capture and the entire site went down.

You actually got to the upload script without a crash? I'm impressed, you must have the patience of a saint. That server is free and you get what you pay for. Hopefully I can upgrade in the near future but as you pointed out hosts aren't too keen on password crackers. I've been emailing hosts to verify their consent for my proposal and you're right, finding a secure, cost effective host thats willing to host this service is a difficult task in itself.

Uploading broken .caps, angry emails, idiots are of little consequence to me; if you don't understand the process, you shouldn't be using the service anyway. This brings me to the issue of nogoodniks using the service, its one of the hardest things to prevent but I do have a few tricks up my sleeve to fight cyberdouchery.

I'm curious about #8, are you suggesting something malicious might be uploaded, or just idiocy?

I hope to eventually mask the host somehow to avoid attacks. This is likely impossible to properly implement, but thats not going to stop me from trying.

I know this project will require a lot of work, money, and time, the truth is I cant provide it ALL myself while balancing work and other responsibilities, my goal is a service maintained and created by the community(hint: step up people!).

Password profiling would increase the chances of successful psk retrieval. I'm sure your aware that phone numbers are a ridiculously common password choice. For a real fun time, the fingerprinting attack described at Automated Password Cracking: Use oclHashcat To Launch A Fingerprint Attack (we'll call that the the serverburner3000 (3000 for years))

All in all I think this project has potential, even with the issues you've pointed out. I'm sure that there will be even more issues to come, but with a little bit of support and a good team theres not much that can get in our way. The fact that 2 of the people I hold in extremely high regard in this industry have already posted their thoughts on this project is in my opinion a great honour and a fantastic start to a hopefully fantastic project.

[purehate]

You are correct phone numbers are common. The fingerprint attack on my question-defense web site will not work with WPA at all. Regarding #8 yes i get people trying to upload php shells and all sorts of other malicious stuff as .cap files. Anyway, good luck with the project.

[CKing]

You are correct phone numbers are common. The fingerprint attack on my question-defense web site will not work with WPA at all. Regarding #8 yes i get people trying to upload php shells and all sorts of other malicious stuff as .cap files. Anyway, good luck with the project.

I'm not sure if you mean fingerprinting attacks wont work against WPA because its too computationally expensive, that particular tutorial is for oclhashcat(give me some credit), or fingerprinting isn't effective against WPA for some reason.

[Sulegna]

Total n00b question here, but to clarify, you need to be on the same network as the victim computer, correct? So, being on the same WiFi network would suffice?

Cheers,
- Sulegna -