Results 1 to 9 of 9

Thread: 2WIRE WPA Cracking Script for Pyrit with Resuming

Hybrid View

  1. #1
    Just burned his ISO
    Join Date
    May 2008
    Posts
    1

    Default 2WIRE WPA Cracking Script for Pyrit with Resuming

    2WIRE wifi passwords default with only ten digits and only use base 10 numbers. This script uses pyrit and a little c program I created called 2WIREKeyGen to generate and test all possible 2WIRE default wifi keys. The difference between using this and typing the commands out in a program like crunch is that this this script+app combo will split up cracking so that it can log progress and resume cracking at another time without loosing all your progress. I could only get crunch to split up the cracking if I have it create 100+ gigs of passwords, then I work from those. Pyrit could crack on the fly using crunch, but I could only specify a beginning number in crunch, not an end, and so on the fly cracking couldn't really be split with crunch. Also, I tried using only the bash script to pass all possible passwords to pyrit on the fly, but that resulted in slow cracking (only ~2k passwords per second). Using this script+app combo was just as fast as using password files on my hard drive with my computer (~35k passwords per second).

    You need pyrit installed first and a 2WIRE handshake to crack.
    To install, simply make it executable, and compile the c program:
    chmod +x 2WIRECrack.sh
    gcc 2WIREKeyGen.c -o 2WIREKeyGen

    To use, set APNAME, and CAPFILE inside of 2WIRECrack.sh, then run:
    ./2WIRECrack.sh

    The script doesn't quit when a password is found, so keep your eye out for a file called pyritoutput, as that will be where it writes the password. I could have had the script check for that, but I didn't and I'm too lazy to edit and re-zip it.

    Who knows if anyone will actually use this, but maybe? At least it's here for me if my hard drive crashes
    It worked fine in my tests; but I am just now trying a real world test with a password I don't already know.
    File allegati File allegati

  2. #2
    Just burned his ISO
    Join Date
    Jul 2011
    Posts
    1

    Default Re: 2WIRE WPA Cracking Script for Pyrit with Resuming

    I got your script running with Pyrit and Cuda on my GTX260 but the resume function doesnt seem to be working. The placeholder file is created on first run with a single line of 10 0's but it is never changed. I let the program run for 30mins and then quit with ctrl+c and still nothing is written. When I run the .sh again it seems to start from scratch.

    What are you doing different to get it to work?
    Thanks

  3. #3
    Just burned his ISO
    Join Date
    May 2011
    Posts
    1

    Default Re: 2WIRE WPA Cracking Script for Pyrit with Resuming

    havent had a chance yet to check out your script but when i have time i will for sure. Here is a tip though that you may be able to use to optimize it though:

    with 2wire routers using att uverse services, the techs and help desk generally just set the key to the targets phone number on file. you can use this with some social engi to determine the number or you can also try and optimize the script maybe to eliminate any non-phone numbers such as the 555's and 000's etc etc

  4. #4
    Just burned his ISO jacko's Avatar
    Join Date
    Jan 2011
    Posts
    13

    Default Re: 2WIRE WPA Cracking Script for Pyrit with Resuming

    just have to point out.. what almarshun posted isn't true

    the 2wire routers are set wep believe it or not and they do have a 10 character numeric only pass that's listed on the outside of the router under the serial number

    this number is actually in the firmware.. and is set as default by a radio button in the gui setup

    so what most people do is use that number and set wpa or wpa2 instead.. it's why a dictionary attack won't work on these routers.. best bet is to use crunch for every billion

    set the starting number in your script like -t $3%%%%%%%%% if you want to resume every billion and if you have a fast setup like mine.. can do a billion in under 3 hours

    so it takes me 30 hours to have a 100% chance to break these.. you need around 100k stable in pyrit

  5. #5
    Just burned his ISO
    Join Date
    Feb 2011
    Posts
    8

    Default Re: 2WIRE WPA Cracking Script for Pyrit with Resuming

    Quote Originally Posted by jacko View Post
    just have to point out.. what almarshun posted isn't true

    the 2wire routers are set wep believe it or not and they do have a 10 character numeric only pass that's listed on the outside of the router under the serial number

    this number is actually in the firmware.. and is set as default by a radio button in the gui setup

    so what most people do is use that number and set wpa or wpa2 instead.. it's why a dictionary attack won't work on these routers.. best bet is to use crunch for every billion

    set the starting number in your script like -t $3%%%%%%%%% if you want to resume every billion and if you have a fast setup like mine.. can do a billion in under 3 hours

    so it takes me 30 hours to have a 100% chance to break these.. you need around 100k stable in pyrit
    you are both right it depends on the model i have seen it both ways

  6. #6
    Just burned his ISO
    Join Date
    Jun 2011
    Posts
    1

    Default Re: 2WIRE WPA Cracking Script for Pyrit with Resuming

    this also works for phone numbers in the usa, they are 10 digits. thanks

  7. #7
    Good friend of the forums
    Join Date
    Jan 2010
    Location
    outside chicago, il
    Posts
    442

    Default Re: 2WIRE WPA Cracking Script for Pyrit with Resuming

    crunch 3.1 allows a person to specify when crunch should end.
    Can you please explain what you would like crunch to do and maybe I can help you.
    I like the bleeding edge, but I don't like blood loss

  8. #8
    Just burned his ISO
    Join Date
    Feb 2012
    Posts
    2

    Default Re: 2WIRE WPA Cracking Script for Pyrit with Resuming

    I was attempting to download your scripts, but it says File not Found. If you could update the link it would be much appreciated.

    Thank you.

  9. #9
    Just burned his ISO
    Join Date
    May 2012
    Posts
    1

    Default Re: 2WIRE WPA Cracking Script for Pyrit with Resuming

    I've been attempting this with my own 2Wire and since there's not a screen shot or video of what this should look like, I'm wondering if this is standard for when it's running..

    ./2WIREKeyGen 7654500000 7686000000 | pyrit -r 25039-03.cap -e 2WIRE528 -o pyritoutput --all-handshakes -i - attack_passthrough
    Pyrit 0.4.0 (C) 2008-2011 Lukas Lueg http://pyrit.googlecode.com
    This code is distributed under the GNU General Public License v3+

    Parsing file '25039-03.cap' (1/1)...
    Parsed 68 packets (68 802.11-packets), got 1 AP(s)

    No suitable AccessPoint with that ESSID in the capture file.
    ./2WIREKeyGen 7686000000 7717500000 | pyrit -r 25039-03.cap -e 2WIRE528 -o pyritoutput --all-handshakes -i - attack_passthrough
    Pyrit 0.4.0 (C) 2008-2011 Lukas Lueg http://pyrit.googlecode.com
    This code is distributed under the GNU General Public License v3+


    Is this running correctly? or am I missing something?

Similar Threads

  1. Installing and cracking WPA with pyrit
    By j2neon in forum BackTrack 5 Videos
    Replies: 9
    Last Post: 08-24-2011, 02:11 PM
  2. Replies: 5
    Last Post: 09-02-2009, 03:09 PM
  3. Pre-WEP cracking script
    By MarkW7 in forum OLD Wireless
    Replies: 13
    Last Post: 08-22-2009, 01:40 AM
  4. Automated script for cracking wep
    By lawrencelaptop in forum OLD Newbie Area
    Replies: 1
    Last Post: 06-03-2009, 09:17 AM
  5. Wep Cracking Script
    By daouid in forum OLD Tutorials and Guides
    Replies: 197
    Last Post: 06-06-2007, 12:52 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •