Sign in to follow this  
Followers 0
bardolph

Anyone tried WPA dictionaries with success

11 posts in this topic

Without preincluding the password I've never had any success with WPA dictionaries. Not to mention the fact that if someone is smart enough to use WPA encryption they're more than likely also smart enough to not use a dictionary word as their password. I've been looking into bruteforce methods recently and while there don't seem to be very many promising options, you might want to look into something called pyrit. It utilizes your GPU, which, assuming you have an alright graphics card, means you just might be able to crack that password afterall.

Edited by TheFunk
0

Share this post


Link to post
Share on other sites

WPA's becoming standard, man. Don't count it as a sign of smarts.

0

Share this post


Link to post
Share on other sites

Even with hardware acceleration, WPA/WPA2 is a bitch for bruteforcing. When was the last time anyone in here has brute-forced something over 9 chars (even with CUDA/ATI STREAM acceleration? I've cracked a 9 char MD5 hash once. It was all alpha and MD5 w/o a salt is nothing compared to WPA/WPA2 keys. Hardware acceleration on consumer products, like video cards, is best used for mangling wordlists for WPA/WPA2.

I've been able to crack a few WPA keys. I usually use this method and systems with the following hardware/software:

Machine 1: Windows 7 64-bit

Q9550 Quad core oc'd to 3.7Ghz

x2 Radeon 5850's

8GB DDR3

Elcomsoft Wireless Security Auditor (Supports ATI STREAM Acceleration as well as CUDA)

Elcomsoft Distributed Cracking Tool (CUDA and ATI STREAM Support)

Machine 2 iMac: Mac OSX

3.2 Ghz Core2 Duo

8GB DDR3

Aircrack-ng and jtr (john the ripper using a custom ruleset I made just for cracking WPA)

CUPP = a tool written in Python to make custom password lists

Machine 3 Windows 7:

Core i7 @ 4.2Ghz

x2 Asus GTX 460's

8GB DDR3

Elcomsoft Wireless Security Auditor

Elcomsoft Distributed Cracking Tool (cuda and STREAM support)

1) Use huge wordlist of dictionary words

2) Brute for 10 numerics

3) Max out rules on Elcomsoft Wireless Security Auditor with small wordlist

4) small wordlist with custom jtr rules

5) Medium wordlist with minimal rules on Elcmsoft WiFi Security Auditor

6) Medium wordlist with custom jtr rules

7) 1337 speak and other custom dicts not covered in Elcomsoft or jtr rulesets

8) Collect information on target and use CUPP to create some custom word lists

9) Forget about computers for a while, because at this point, with advanced rules, and huge dictionaries, all systems are busy for a few days.

10) After a day or two of nothing on larger lists with large rule sets, I usually just stop. This kinda stress puts a lot of wear on systems.

EDIT: I also make a custom list, using passwords pro, of every phone number with the local area code.

Edited by tekio
0

Share this post


Link to post
Share on other sites

Even with hardware acceleration, WPA/WPA2 is a bitch for bruteforcing. When was the last time anyone in here has brute-forced something over 9 chars (even with CUDA/ATI STREAM acceleration? I've cracked a 9 char MD5 hash once. It was all alpha and MD5 w/o a salt is nothing compared to WPA/WPA2 keys. Hardware acceleration on consumer products, like video cards, is best used for mangling wordlists for WPA/WPA2.

I've been able to crack a few WPA keys. I usually use this method and systems with the following hardware/software:

Machine 1: Windows 7 64-bit

Q9550 Quad core oc'd to 3.7Ghz

x2 Radeon 5850's

8GB DDR3

Elcomsoft Wireless Security Auditor (Supports ATI STREAM Acceleration as well as CUDA)

Elcomsoft Distributed Cracking Tool (CUDA and ATI STREAM Support)

Machine 2 iMac: Mac OSX

3.2 Ghz Core2 Duo

8GB DDR3

Aircrack-ng and jtr (john the ripper using a custom ruleset I made just for cracking WPA)

CUPP = a tool written in Python to make custom password lists

Machine 3 Windows 7:

Core i7 @ 4.2Ghz

x2 Asus GTX 460's

8GB DDR3

Elcomsoft Wireless Security Auditor

Elcomsoft Distributed Cracking Tool (cuda and STREAM support)

1) Use huge wordlist of dictionary words

2) Brute for 10 numerics

3) Max out rules on Elcomsoft Wireless Security Auditor with small wordlist

4) small wordlist with custom jtr rules

5) Medium wordlist with minimal rules on Elcmsoft WiFi Security Auditor

6) Medium wordlist with custom jtr rules

7) 1337 speak and other custom dicts not covered in Elcomsoft or jtr rulesets

8) Collect information on target and use CUPP to create some custom word lists

9) Forget about computers for a while, because at this point, with advanced rules, and huge dictionaries, all systems are busy for a few days.

10) After a day or two of nothing on larger lists with large rule sets, I usually just stop. This kinda stress puts a lot of wear on systems.

EDIT: I also make a custom list, using passwords pro, of every phone number with the local area code.

im jelly of your hardware

jelly.jpg

0

Share this post


Link to post
Share on other sites

Your best shot is if they used their phone number and you have a goddamned titan PC like tekio. (Personally I'm partial to CUDA, but it's your call, and I'm certainly not one to complain if you've got a system decked out so beautifully, let alone three!)

0

Share this post


Link to post
Share on other sites

Even with hardware acceleration, WPA/WPA2 is a bitch for bruteforcing. When was the last time anyone in here has brute-forced something over 9 chars (even with CUDA/ATI STREAM acceleration? I've cracked a 9 char MD5 hash once. It was all alpha and MD5 w/o a salt is nothing compared to WPA/WPA2 keys. Hardware acceleration on consumer products, like video cards, is best used for mangling wordlists for WPA/WPA2.

1- You have sweet hardware.

2- Have you tried rainbow tables for MD5? I have a set of tables that work really well, they only go up to 9 characters like you managed to crack, but still. I believe the tables are alpha-numeric.

To the original poster, I occasionally toy around with oclhashcat, which allows for hybrid cracking (use of wordlist and bruteforcing together) it's possible that you might be able to use hashcat to crack WPA passwords. I'm not sure though, I'm not entirely familiar with the software yet.

0

Share this post


Link to post
Share on other sites

Even with hardware acceleration, WPA/WPA2 is a bitch for bruteforcing. When was the last time anyone in here has brute-forced something over 9 chars (even with CUDA/ATI STREAM acceleration? I've cracked a 9 char MD5 hash once. It was all alpha and MD5 w/o a salt is nothing compared to WPA/WPA2 keys. Hardware acceleration on consumer products, like video cards, is best used for mangling wordlists for WPA/WPA2.

1- You have sweet hardware.

2- Have you tried rainbow tables for MD5? I have a set of tables that work really well, they only go up to 9 characters like you managed to crack, but still. I believe the tables are alpha-numeric.

1) thank you. I'm probably a little older than most in here, and have a career. So, I buy some toys since I work my ass off (albeit from home mostly) 6 days a week and am on call 24/7.

2) Yes, I do. I have a set of 9char alpha with a space and they are huge... I've got quite a few tables... Earlier their was a topic in here about Rainbow table trading. It motivated me to stock up on them. :)

0

Share this post


Link to post
Share on other sites

We can say, that's not easy for beginners, am i right? :dry:

0

Share this post


Link to post
Share on other sites

True, but not every AP is vulnerable to WPS cracking. I have had limited success with WPA dictionary attacks. Once by brute forcing an 8 digit numeric key, but it took too long.

0

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now
Sign in to follow this  
Followers 0