Jump to content


Photo
- - - - -

WPA security : dictionaries


  • Please log in to reply
5 replies to this topic

#1 bardolph

bardolph

    DDP Fan club member

  • Members
  • 50 posts
  • Gender:Male

Posted 15 April 2011 - 01:25 AM

Has anyone managed to crack the password of a wless net without pre-including this password in the dictionary he was using?
I tried a couple of really big dictionaries so far - let aircrack work for several hours (great stress test for the cpu btw),
but so far nothing... what about you people?

#2 tekio

tekio

    5(R1P7 |<1DD13

  • Binrev Financier
  • 1,119 posts
  • Gender:Male
  • Location:The Blue Nowhere

Posted 15 April 2011 - 02:05 AM

Considering the PSK is hashed 4096 times with SHA1, it's gonna take a while to brute force (SHA1(psk, ssid, ssid-length, 4096)). Especially while further considering the PSK must be at least 8 chars. To top that off it is seeded by with the SSID (i think that is correct) So premade tables must be made for an individual SSID.

The best options are:
1) use advanced rules with john and send it into aircrack:
john <john options here> --stdout | aircrack-ng -a 2 -b <mac> -w - /path/to/mycaptureddata.cap

2)Use hardware acceleration to brute force:
Posted Image

The above image is using two Radeon 5850's for acceleration. Along with a quad core CPU @ 3.0Hhz with all the individual cores maxed.

Edited by tekio, 15 April 2011 - 02:20 AM.

  • bardolph likes this

#3 Afterm4th

Afterm4th

    SUPR3M3 31337 Mack Daddy P1MP

  • Members
  • 403 posts
  • Country:
  • Gender:Male
  • Location:way up north eh

Posted 15 April 2011 - 09:03 PM

+1 for elcomsoft's EWSA

#4 tekio

tekio

    5(R1P7 |<1DD13

  • Binrev Financier
  • 1,119 posts
  • Gender:Male
  • Location:The Blue Nowhere

Posted 16 April 2011 - 09:30 AM

+1 for elcomsoft's EWSA

Elcomsoft makes some nice stuff. Too bad all their stuff is so expensive. I just have an unlimited trial version. The only way it is crippled, is that only shows the first five chars of the cracked key. Good enough to have fun with, though.

#5 bardolph

bardolph

    DDP Fan club member

  • Members
  • 50 posts
  • Gender:Male

Posted 18 April 2011 - 09:58 PM

Considering the PSK is hashed 4096 times with SHA1, it's gonna take a while to brute force (SHA1(psk, ssid, ssid-length, 4096)).

The above image is using two Radeon 5850's for acceleration. Along with a quad core CPU @ 3.0Hhz with all the individual cores maxed.



damn i knew i'd need a quad core :confused:

#6 tekio

tekio

    5(R1P7 |<1DD13

  • Binrev Financier
  • 1,119 posts
  • Gender:Male
  • Location:The Blue Nowhere

Posted 20 April 2011 - 02:06 PM


Considering the PSK is hashed 4096 times with SHA1, it's gonna take a while to brute force (SHA1(psk, ssid, ssid-length, 4096)).

The above image is using two Radeon 5850's for acceleration. Along with a quad core CPU @ 3.0Hhz with all the individual cores maxed.



damn i knew i'd need a quad core :confused:

There are precomputed rainbow tables as well. The set I have is like 35GB, and covers some common SSID's like "netgear", "linksys", and what not. Being so huge they're really a pain to work with unless you've got an eSata external drive. I d/l them to my NAS, and when I tested them it took like almost and hour to transfer some to my laptop. Very annoying, to say the least.




BinRev is hosted by the great people at Lunarpages!