Has anyone managed to crack the password of a wless net without pre-including this password in the dictionary he was using?
I tried a couple of really big dictionaries so far - let aircrack work for several hours (great stress test for the cpu btw),
but so far nothing... what about you people?
WPA security : dictionaries
Started by
bardolph
, Apr 15 2011 01:25 AM
5 replies to this topic
#2
tekio
-
- Binrev Financier
-
- 1,033 posts
5(R1P7 |<1DD13
- Gender:Male
- Location:The Blue Nowhere
Posted 15 April 2011 - 02:05 AM
Considering the PSK is hashed 4096 times with SHA1, it's gonna take a while to brute force (SHA1(psk, ssid, ssid-length, 4096)). Especially while further considering the PSK must be at least 8 chars. To top that off it is seeded by with the SSID (i think that is correct) So premade tables must be made for an individual SSID.
The best options are:
1) use advanced rules with john and send it into aircrack:
2)Use hardware acceleration to brute force:
The above image is using two Radeon 5850's for acceleration. Along with a quad core CPU @ 3.0Hhz with all the individual cores maxed.
The best options are:
1) use advanced rules with john and send it into aircrack:
john <john options here> --stdout | aircrack-ng -a 2 -b <mac> -w - /path/to/mycaptureddata.cap
2)Use hardware acceleration to brute force:
The above image is using two Radeon 5850's for acceleration. Along with a quad core CPU @ 3.0Hhz with all the individual cores maxed.
Edited by tekio, 15 April 2011 - 02:20 AM.
#3
Afterm4th
-
- Members
-
- 395 posts
SUPR3M3 31337 Mack Daddy P1MP
-
Country:
- Gender:Male
- Location:way up north eh
Posted 15 April 2011 - 09:03 PM
+1 for elcomsoft's EWSA
#4
tekio
-
- Binrev Financier
-
- 1,033 posts
5(R1P7 |<1DD13
- Gender:Male
- Location:The Blue Nowhere
Posted 16 April 2011 - 09:30 AM
Elcomsoft makes some nice stuff. Too bad all their stuff is so expensive. I just have an unlimited trial version. The only way it is crippled, is that only shows the first five chars of the cracked key. Good enough to have fun with, though.+1 for elcomsoft's EWSA
#5
bardolph
-
- Members
-
- 50 posts
DDP Fan club member
- Gender:Male
Posted 18 April 2011 - 09:58 PM
Considering the PSK is hashed 4096 times with SHA1, it's gonna take a while to brute force (SHA1(psk, ssid, ssid-length, 4096)).
The above image is using two Radeon 5850's for acceleration. Along with a quad core CPU @ 3.0Hhz with all the individual cores maxed.
damn i knew i'd need a quad core
#6
tekio
-
- Binrev Financier
-
- 1,033 posts
5(R1P7 |<1DD13
- Gender:Male
- Location:The Blue Nowhere
Posted 20 April 2011 - 02:06 PM
There are precomputed rainbow tables as well. The set I have is like 35GB, and covers some common SSID's like "netgear", "linksys", and what not. Being so huge they're really a pain to work with unless you've got an eSata external drive. I d/l them to my NAS, and when I tested them it took like almost and hour to transfer some to my laptop. Very annoying, to say the least.
Considering the PSK is hashed 4096 times with SHA1, it's gonna take a while to brute force (SHA1(psk, ssid, ssid-length, 4096)).
The above image is using two Radeon 5850's for acceleration. Along with a quad core CPU @ 3.0Hhz with all the individual cores maxed.
damn i knew i'd need a quad core
BinRev is hosted by the great people at Lunarpages!
