Results 1 to 5 of 5

Thread: Newbie

  1. #1
    Just burned his ISO
    Join Date
    Oct 2007
    Posts
    6

    Default Newbie

    Hi all.

    I've been reading this forum now for abit and find it very interesting subject.
    I have already broken WEP on my router and WPA-PSK using a simple dictionary word by using Xploits really good tutorials.

    But what if I change the passkey to say david123 that is not in my dictionary file.

    My understanding is that, if this is not in my dictionary file then it cannot be easily done. Only a hash table which are gigabits big is the only way to speed up the process of going thru all the different number of combination passkeys to get the correct one of david123?

    Or is it something more simple?

    Also, Im thinking of buying just a cheap laptop and connecting it to my router to then use nmap tool and experiment with that. Would you say this step is the next logical one in learning how to increase my knowledge further in this field. I at the moment look after our computer network at work, and find this subject of security really interesting.

    Any ideas would be of great help .

    Dave.

  2. #2
    Senior Member
    Join Date
    Apr 2007
    Posts
    3,385

    Default

    Quote Originally Posted by davidjnr View Post
    Hi all.

    I've been reading this forum now for abit and find it very interesting subject.
    I have already broken WEP on my router and WPA-PSK using a simple dictionary word by using Xploits really good tutorials.

    But what if I change the passkey to say david123 that is not in my dictionary file.

    My understanding is that, if this is not in my dictionary file then it cannot be easily done. Only a hash table which are gigabits big is the only way to speed up the process of going thru all the different number of combination passkeys to get the correct one of david123?

    Or is it something more simple?

    Also, Im thinking of buying just a cheap laptop and connecting it to my router to then use nmap tool and experiment with that. Would you say this step is the next logical one in learning how to increase my knowledge further in this field. I at the moment look after our computer network at work, and find this subject of security really interesting.

    Any ideas would be of great help .

    Dave.
    Hello davidjnr, and welcome to remote-exploit! I like your enthusiasm.

    Let me start by saying that there is more than one way to skin a cat. But the cold harsh reality is that if your passphrase is NOT in your dictionary...you cant Brute Force it....PERIOD...forget what everyone else has told you..or what you have heard..their wrong. Plain and simple. I have 2 videos on cracking WPA/WPA2..one basic..and one where I use airolib and mysql databases to precompute a table of hashes with your essid.

    The basic one is found here...

    And the precomputed databases is here...

    Both go into great detail..probably more than you ever wanted to know if your just starting out.

    Let me make this as clear as possible....If your passphrase is david123 and you have 100,000 gigabytes or 1,000,000,000 petabytes ...and your passphrase is NOT IN THAT DATABASE or DICTIONARY..IT WILL FAIL!!! You can have every word in the whole English or World language..and if that passphrase is NOT in that database or wordlist..it won't work.

    Yes..a precomputed hash table database WILL SPEED UP THE PROCESS GREATLY...but if its not in that database..your S.O.L my friend.

    My suggestion to you davidjnr, is to master cracking WEP and WPA/WPA2 BEFORE you tread the waters of -=Xploiting=-. Metasploit..nessus ..nmap..are all great tools..but if you cant break the AP..then you don't need the tools cause you won't be able to use them until you crack the AP.

    Focus on that..and use nessus instead of nmap. I prefer nessus over nmap any day.
    [CENTER][FONT=Book Antiqua][SIZE=5][B][COLOR=blue][FONT=Courier New][COLOR=red]--=[/COLOR][/FONT]Xploitz[FONT=Courier New][COLOR=red]=--[/COLOR][/FONT][/COLOR][/B][/SIZE][/FONT][FONT=Courier New][COLOR=Black][SIZE=6][B] ®[/B][/SIZE][/COLOR][/FONT][/CENTER]
    [CENTER][SIZE=4][B]Remote-Exploit.orgs Master Tutorialist.[/B][/SIZE][SIZE=6][B]™
    [/B][/SIZE]
    [URL="http://forums.remote-exploit.org/showthread.php?t=9063"][B]VIDEO: Volume #1 "E-Z No Client WEP Cracking Tutorial"[/B]
    [/URL]
    [URL="http://forums.remote-exploit.org/showthread.php?t=7872"][B]VIDEO: Volume #2 "E-Z No Client Korek Chopchop Attack Tutorial"[/B]
    [/URL]
    [URL="http://forums.remote-exploit.org/showthread.php?t=8230"][B]VIDEO: Volume #3 "E-Z WPA/WPA2 Cracking Tutorial"[/B][/URL]

    [URL="http://forums.remote-exploit.org/showthread.php?t=8041"][B]VIDEO: Volume #4 "E-Z Cracking WPA/WPA2 With Airolib-ng Databases"[/B][/URL]
    [/CENTER]

  3. #3
    Jenkem Addict imported_wyze's Avatar
    Join Date
    Jul 2007
    Posts
    1,543

    Default

    Quote Originally Posted by -=Xploitz=- View Post
    Focus on that..and use nessus instead of nmap. I prefer nessus over nmap any day.
    That's a great tool to help you secure the network you manage; will definitely help you in tidying up those pc's running unwanted/unnecessary services, network daemons, open ports, etc.

    There are a lot of other tools in B|T that you will find very beneficial down the road to help you even further... but just as someone else wrote on this forum a ways back, learn them 1 @ a time!!!
    dd if=/dev/swc666 of=/dev/wyze

  4. #4
    Just burned his ISO
    Join Date
    Oct 2007
    Posts
    6

    Default

    Quote Originally Posted by -=Xploitz=- View Post
    Hello davidjnr, and welcome to remote-exploit! I like your enthusiasm.

    To be honest, Ive always been interested in the encrytion side of things from watching Sneakers lol and World War 2 stories of the Enigma machine and our Bletchley Park.

    Let me start by saying that there is more than one way to skin a cat. But the cold harsh reality is that if your passphrase is NOT in your dictionary...you cant Brute Force it....PERIOD...forget what everyone else has told you..or what you have heard..their wrong. Plain and simple. I have 2 videos on cracking WPA/WPA2..one basic..and one where I use airolib and mysql databases to precompute a table of hashes with your essid.

    The basic one is found here...


    Let me make this as clear as possible....If your passphrase is david123 and you have 100,000 gigabytes or 1,000,000,000 petabytes ...and your passphrase is NOT IN THAT DATABASE or DICTIONARY..IT WILL FAIL!!! You can have every word in the whole English or World language..and if that passphrase is NOT in that database or wordlist..it won't work.

    So are you saying that to some extend WPA2 is a good encryption method if you use a passkey like 123qerdfvwsthq34rtw/73erfgvc , dependant upon the length it is still possible to create your own wordlist of words and numbers dependant upon the length of the passkey its still possible but would take longer to crack. Also, loadsof hard disk drive space needed and CPU! , but also if its not in the dictionary file then if cannot be cracked.
    In most peoples cases the router key will not change from the factory setting and are therefore more known then I suppose you could backtrack your wordlist from there on the router passkeys length.

    Yes..a precomputed hash table database WILL SPEED UP THE PROCESS GREATLY...but if its not in that database..your S.O.L my friend.

    My suggestion to you davidjnr, is to master cracking WEP and WPA/WPA2 BEFORE you tread the waters of -=Xploiting=-. Metasploit..nessus ..nmap..are all great tools..but if you cant break the AP..then you don't need the tools cause you won't be able to use them until you crack the AP.

    Ive cracked my own router at home, I dont really want to mess with the router at work just incase i do break it , I have at work switched off the wireless element to be on the safe side for now.
    My understanding of WEP is that in order to create the traffic you are sending say a block of data ie abcdefghijklmnopqrstuvwxyz the same data round and round in circles but it creates everytime a different encryption header (IV) at the begining of abc etc data stream and its this variation in the encryption header that you can then use via an mathematical forumlua to then with a high certain of probability obtain the encrytion key? I just find this well fasinating as if im back in time at bletchley park in their shoes cracking troop movements etc. I would have thought that the router would blocked out this type of attack?

    Cracking WPA2 is only by collecting the security handshake between client and router. I used in this example my wireless radio by deauth attack, but then I just made my own passphase list of 5 words with my passkey in there to see if it worked to save time.

    I understand that the encryption of AES is not crackable just yet, but the TKIP can be?

    Focus on that..and use nessus instead of nmap. I prefer nessus over nmap any day.
    I can see now why windows is very not secure if you got a program like Metasploit that crashes the system to then get a control prompt, by mainly using the buffer overflow method I assume. I bet people spend ages debuging the programs to make them crash all the time.

  5. #5
    Just burned his ISO
    Join Date
    Oct 2007
    Posts
    6

    Default

    I think i messed up the last message, hope it makes sense .

    I dont really know linux at all, but I do prefer the command lines as it brings me back to the day of using DOS lol

    Oh what happy memories

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •