Page 3 of 3 FirstFirst 123
Results 21 to 29 of 29

Thread: bruteforce 8 character (uppercase) password

  1. #21
    Good friend of the forums comaX's Avatar
    Join Date
    Feb 2010
    Location
    Paris, France
    Posts
    338

    Default Re: bruteforce 8 character (uppercase) password

    Quote Originally Posted by Barry View Post
    True, just shows you why wpa2 is such a bitch to crack. It would probably be easier to just watch someone enter the password on their laptop from a spy satellite.....
    Or just ask politely ? But if you have a satellite, I'll take that too :P
    Running both KDE and GNOME BT5 flawlessly. Thank you !

  2. #22
    Member
    Join Date
    May 2011
    Location
    Israel
    Posts
    74

    Default Re: bruteforce 8 character (uppercase) password

    brute force and dictionary attacks are two very different things. A dictionary attack has nothing to do with enumerating every possible combination of characters, unless you generate a list of every possible combination. Even in that case that's still just a brute force list
    Dictionary attack is more clever derivative of brute force attack.

  3. #23
    Senior Member
    Join Date
    Jan 2010
    Posts
    107

    Default Re: bruteforce 8 character (uppercase) password

    Quote Originally Posted by Barry View Post
    Not if you know it's an 8 character all uppercase password. Then it's only 208872064576 combinations.
    AFAIK this is how it's computed: (length of password)^(no. of characters) -> 8^26 = 302231454903657293676544 for uppercase/lowercase. It would be 91343852333181432387730302044767688728495783936 for uppercase+lowercase.

    However I didn't computed that by hand(LOL) so I can't check if the number is actually correct, also I might used the wrong formula

    Quote Originally Posted by iliyapolak View Post
    Dictionary attack is more clever derivative of brute force attack.
    I see the dictionary attack a way of bruteforce the human behind the keyboard. You actually try every possible combination that the human would logically type.

    The success of the bruteforce attack is computed by transversing all the search space and finding how much compute power is needed.

    The success of the dictionary attack depends on the knowledge of the human that created that password. The better you know the human, the more chance of success.


    Regards
    Last edited by erhardm; 05-20-2011 at 04:30 PM.
    Great minds have purposes, others have wishes

  4. #24
    Member
    Join Date
    May 2011
    Location
    Israel
    Posts
    74

    Default Re: bruteforce 8 character (uppercase) password

    I see the dictionary attack a way of bruteforce the human behind the keyboard. You actually try every possible combination that the human would logically type.

    The success of the bruteforce attack is computed by transversing all the search space and finding how much compute power is needed.

    The success of the dictionary attack depends on the knowledge of the human that created that password. The better you know the human, the more chance of success.
    Dictionary attack exploits the lack of knowledge what the randomness is in the field of cryptography.
    For example by using weak passwords (words) which could be permutated easily or concatenated with a few digits adversary can easily guess the password.

  5. #25
    Good friend of the forums comaX's Avatar
    Join Date
    Feb 2010
    Location
    Paris, France
    Posts
    338

    Default Re: bruteforce 8 character (uppercase) password

    Quote Originally Posted by erhardm View Post
    AFAIK this is how it's computed: (length of password)^(no. of characters) -> 8^26 = 302231454903657293676544 for uppercase/lowercase. It would be 91343852333181432387730302044767688728495783936 for uppercase+lowercase.
    There is 26 possibilities for each position, so you should have 26*26*26...*26, eight times. So i believe it's 26^8, which is 208827064576 as stated by Barry !
    53459728531456 for uppercase and lowercase.
    Running both KDE and GNOME BT5 flawlessly. Thank you !

  6. #26
    Senior Member
    Join Date
    Jan 2010
    Posts
    107

    Default Re: bruteforce 8 character (uppercase) password

    It seems my formula was wrong!

    Well, it's not really that hard now to bruteforce 8 character uppercase/lowercase. Back in November 2010 when Amazon EC introduced GPU Instances I set up pyrit and did a test: ~45000PMK/s. If you use 8 instances that means ~360000PMK/s. It will cost you $2700 and the work will be done in 162 hours!
    Is it practical? Hm, there are a lot of other cheaper attack vectors to get in someone's network.

    My best bet is dictionary based attack. A little research will help shrink the search space in orders of magnitude.


    Regards
    Last edited by erhardm; 05-20-2011 at 08:32 PM.
    Great minds have purposes, others have wishes

  7. #27
    Just burned his ISO
    Join Date
    Jun 2011
    Posts
    5

    Default Re: bruteforce 8 character (uppercase) password

    if i had a whopping great external hard drive is there a way i could use rainbow tables to crack a password like this any faster with bt5?

  8. #28
    Senior Member
    Join Date
    Jan 2010
    Posts
    107

    Default Re: bruteforce 8 character (uppercase) password

    AFAIK theoretically you could use rainbow tables, but you have to create your own because the hash is salted with the name of the SSID. Would this be faster? I'm sure it wouldn't. You have a greater probability to crack the WPA using a dictionary attack.

    Using pyrit's batch command , actually you create those rainbow tables based on the passwords in the database.

    You have to understand how the hash of WPA is created. The PMK(Pairwise Master Key) is computed using the passphrase and the AP's SSID. When you use pyrit you compute the passphrase(from the dictionary file) with the SSID(that's why you have to specify the SSID in pyrit). The result will be a hash. But the PMK is not the value transmitted through air. It's PTK(Pairwise Transient Key) that is computed(another hash value) with a random number from the AP, a random number from the client station and the PMK which is transmitted and if PTK matches then it's assumed that the PMK was known for the client.

    Rainbow tables will do the same, only it will use all the possible combinations to generate the hashes. If you know a little about hash functions, you know that there can be a problem: Hash collision. Theoretically it can happen that a hash value can be the same from different passphrases.
    Another problem is that when you connect to an AP you have to input a passphrase, not a hash value, therefore you have to associate each hash value with a passphrase. Rainbow tables can do that, but this is actually the bruteforce attack on WPA. You have to code other drivers to connect to the AP with knowing only the hash value, not the passphrase. Also you have to make special tools for decrypting the traffic based on the hash value, not the passphrase.


    Regards
    Last edited by erhardm; 07-06-2011 at 11:56 AM.
    Great minds have purposes, others have wishes

  9. #29
    Just burned his ISO
    Join Date
    Jun 2011
    Posts
    5

    Default Re: bruteforce 8 character (uppercase) password

    Quote Originally Posted by erhardm View Post
    AFAIK theoretically you could use rainbow tables, but you have to create your own because the hash is salted with the name of the SSID. Would this be faster? I'm sure it wouldn't. You have a greater probability to crack the WPA using a dictionary attack.

    Using pyrit's batch command , actually you create those rainbow tables based on the passwords in the database.

    You have to understand how the hash of WPA is created. The PMK(Pairwise Master Key) is computed using the passphrase and the AP's SSID. When you use pyrit you compute the passphrase(from the dictionary file) with the SSID(that's why you have to specify the SSID in pyrit). The result will be a hash. But the PMK is not the value transmitted through air. It's PTK(Pairwise Transient Key) that is computed(another hash value) with a random number from the AP, a random number from the client station and the PMK which is transmitted and if PTK matches then it's assumed that the PMK was known for the client.

    Rainbow tables will do the same, only it will use all the possible combinations to generate the hashes. If you know a little about hash functions, you know that there can be a problem: Hash collision. Theoretically it can happen that a hash value can be the same from different passphrases.
    Another problem is that when you connect to an AP you have to input a passphrase, not a hash value, therefore you have to associate each hash value with a passphrase. Rainbow tables can do that, but this is actually the bruteforce attack on WPA. You have to code other drivers to connect to the AP with knowing only the hash value, not the passphrase. Also you have to make special tools for decrypting the traffic based on the hash value, not the passphrase.


    Regards
    Thanks erhardm nice answer, tbh I'm so incredibily new to all of this, I'm one of those dudes who read the advice about not starting with backtrack but couldn't resist (I'm gonna spend next weekend trying some of this Linux from Scratch malarky I think thats what I really need to get my head around next).

    So a few months ago I started using Linux, met a dude at a party and was like "your into computers, I'm into freakin computers, I've just started using Linux you should to dude its awesome" and the guy pulls out his laptop with some killer freakin aerial and shows me BT4R2 in action (I go to freakin awesome parties some times) and I've been fascinated since then. Here's my problem thou, I go round to a friends and when offered the WPA2 key confidently say "no need dude I'll connect show how trust me" and as the pass phrase is a nice simple "Richard1" a good ol dictionary attack does the job. Now that was awesome properly awesome, however I have some frannoiends who don't use such a weak password obv, and my confident "I don't need your key I'm sure I can crack your network" have fallen flat.

    My thoughts were I could compute the rainbow tables for an 8 char upper case password (they have sky broadband and I know the ESSID + BSSID) and stick this on an external hard-drive and smash the passphrase like that.

    I really need a greater understanding of this Hash, PMK, SSID stuff but it seems like the best thing to do is if you know its an 8 char upper case password create the word list using crunch then use aircrack to try a dictionary attack using the word list. The only other thing I was kinda thinking was piping john into aircrack with John's output set to only uppercase letters, but I don't know how to create a char set for JTR.

    ugh that is one ugly long as reply, I think I'll try and edit that down in a sec.

Page 3 of 3 FirstFirst 123

Similar Threads

  1. Word list MaNiPuLaTeR, lowercase to uppercase.
    By MotherRuss1a in forum Beginners Forum
    Replies: 4
    Last Post: 09-01-2010, 05:38 AM
  2. *.cap file character
    By _mitsos_ in forum Beginners Forum
    Replies: 5
    Last Post: 02-26-2010, 08:31 PM
  3. 8 character (A-Z) uppercase wordlist?
    By woody565 in forum OLD Newbie Area
    Replies: 2
    Last Post: 02-10-2009, 04:15 PM
  4. Help with making uppercase words (C++)
    By devilsson2010 in forum OLD Programming
    Replies: 5
    Last Post: 09-15-2008, 04:05 AM
  5. How to display CKJ character
    By marlin_cn in forum OLD BT3beta General
    Replies: 11
    Last Post: 05-28-2008, 04:16 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •