Page 2 of 2 FirstFirst 12
Results 11 to 12 of 12

Thread: WPA cracking...big wordlist or just good wordlist.

  1. #11
    Moderator KMDave's Avatar
    Join Date
    Jan 2010


    Correct just take one with a couple MB and add your password to it at the end to see that it is working and as a proof of concept if you want to see that you can do it
    Tiocfaidh ár lá

  2. #12
    My life is this forum thorin's Avatar
    Join Date
    Jan 2010


    Quote Originally Posted by Abraxas View Post
    I see some people are using gigabyte sized wordlists for WPA cracking. How much success are people having with lists these size? I had a 4 gigabyte list at one time but I find it to be rather useless to have such a big list for something that takes a lot of computing power. My current list is a about 350MB and it takes several hours to complete a dictionary attack against a single essid. Are some of you using these lists with specialized hardware? The only other thing I can think of is if you use pyrit or maybe you just have a boatload of cores.
    1) It's a FACT that WEP/WPA can be broken given sufficient resources/interest.
    2) If you're WPA cracking an AP that isn't your, then it's highly likely that you're breaking the law (of course there are exceptions to this rule of thumb but in the majority of cases it applies).
    3) If it's not yours and you actually fall into one of those special cases you'd be better of simply getting the config/configuration guide used by the client and commenting on any deficiencies vs industry best practice than spending hours and client $ on pointless cracking (trying to prove something that is FACT). Additionally, you should perform a threat and risk analysis of their data/business/competitors, etc. (more on this below).
    4) Yes you can get specialized hardware for this type of work.
    5) Lets say you're "doing it for a friend" or something like that. Then #3 still applies and you're only costing yourself money. Lets assume your a consultant that gets paid $20 an hour, so you waste 4 hours (you said several, so I'm assuming 2 is a couple and 4 is several) plus say an hour for setup and analysis after completion. You've lost $100 in order to prove something known as FACT when you could have spent 15mins reviewing their config and tweaking it to follow industry best practice.

    It doesn't take long to perform a quick TRA based on the reasonable man type tests:
    1) Are there other open or more weakly configured APs nearby?
    2) Is the data processed via the network or associated systems of sufficient interest to an attacker? How much time/energy/gear would they spend/consume to attack the target and access such data? (No the NSA doesn't care about your random word and excel docs at home, no an attacker isn't going to waste days trying to hack your AP and then a few more to hack your box to get your tax return [there are much quicker ways to steal someone's identity]).
    3) Is the AP configured following industry best practices?
    4) etc. (You get the idea, it doesn't have take long.)
    I'm a compulsive post editor, you might wanna wait until my post has been online for 5-10 mins before quoting it as it will likely change.

    I know I seem harsh in some of my replies. SORRY! But if you're doing something illegal or posting something that seems to be obvious BS I'm going to call you on it.

Page 2 of 2 FirstFirst 12

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts