Hey Community,

In this little Tutorial i'm gonna show you, hot to Bruteforce nearby Fon Routers

So the interesting thing which I note, is that a Fon AP's default WPA passphrase is it's serial number, printed under the box. These serial numbers are sequential, thus making it very easy to guess their entire range.

So for this i use a little Perl Script, which generates a file, included all Numbers from 807200000 till 8702555555
$n = 8702000000;
while ($n <= 8702555555) { system ("echo $n >> numbers.txt"); $n++; }
So then we need a WPA Handshake to try out. I'm not gonna describe how you get one because there are million Posts about it.

Then we Simply use Aircrack and start Bruteforcing

aircrack-ng fon-01.cap -w /root/fon/numbers.txt

So this is it Cracked.

IF you have further questions feel free to a PM or visit my Blog.
In German = My_0wn_Remote
In English = my_english_remote

I also created a littel Tutorial Video for this whole thing

YouTube - How to Bruteforce a nearby WPA Fon Wlan [3]

Maybee it is worth for the Video Section, i can't measure

=) Reeth