December 31st, 2011, 07:38 AM
WPA Bruteforce cracking questions
Its been a verrry long time since I have posted on this site. wayy too long.
I have gone from Geeksquad to a NOC Tech for Applied Systems, insurance software company. A+ certified. Net+ certified.. I have been busy.
I will preface this post, with the knowledge that I am on patron. Happy New Year all
I have been thinking lately.. about WPA cracking.
I want to crack a WPA key via bruteforce. I have a few Nvidia CUDA compatible gpu's to work with as well.
But I would also like to see how long I can with something much smaller. Such as a netbook.
The key complexity I will be working with.
Password: 10-digit Numbers only.
SSID: Known - WPA keys are salted. to speed up the cracking time I will test a scenario where I know the SSID in advance.
If anyone has any good tutorials please link them.
One thing specifically I would like to test, would be crack time via brute force vs crack time with a database of precompiled keys.
Is it even possible to setup a bruteforce program to use a pre-compiled database? Or maybe something more simple like just a text or xml file that has the keys within.
It has been awhile since I have done anything in the security field. Its the new year, I want to take the winter and have some fun.
Those of you that want to just post "This has already been done" dont bother. I will still attempt the process myself just to have that satisfaction.
Thank you all for the read. Again, Happy New year!
work it harder, make it better, do it faster, makes us stronger
December 31st, 2011, 11:07 AM
Yes, it's called a rainbow table.
Originally Posted by hexadecimal
Experience is something you don't get until just after you need it.
January 1st, 2012, 02:30 AM
I posted a topic the other day, it may or maynot be useful:> http://www.antionline.com/showthread.php?t=279796
Yesterday, Stefan over at .braindump
released a white paper
detailing vulnerabilities in the WiFi Protected Setup (WPS) protocol that allows attackers to recover WPA/WPA2 passphrases in a matter of hours.
This is a capability that we at TNS have been testing, perfecting and using for nearly a year. But now that this vulnerability has been discussed publicly we have decided to announce and release Reaver, our WPS attack tool, to the open source community. Reaver is capable of breaking WPS pins and recovering the plain text WPA/WPA2 passphrase of the target access point in approximately 4-10 hours (attack time varies based on the access point).
While we have released Reaver as an open source project
, we also offer a commercial version with additional features and functionality as well as a support plan. Since nearly all access points manufactured in the past few years have WPS support enabled by default, attacking WPS provides several advantages over attacking WPA directly:
- Cracking the WPS pin is, obviously, much faster.
- Once you have the WPS pin you can instantly recover the WPA passphrase, even if the owner changes the passphrase.
- Access points with multiple radios (2.4/5GHz) can be configured with multiple WPA keys. Since the radios use the same WPS pin, knowledge of the pin allows an attacker to recover all WPA keys.
Of course the disadvantage is that WPS can be disabled. However, in our experience even security experts with otherwise secure configurations neglect to disable WPS; further, some access points don't provide an option to disable WPS, or don't actually disable WPS when the owner tells it to.
To learn more about Reaver, visit our product page
, or the open source project on Googlecode.
Taken from HERE
By pwaring in forum Other Tutorials Forum
Last Post: October 22nd, 2004, 10:15 PM
By Negative in forum The Security Tutorials Forum
Last Post: June 2nd, 2004, 02:09 AM
By moonstar550 in forum AntiOnline's General Chit Chat
Last Post: April 10th, 2004, 03:03 AM
By al1aprize in forum Spyware / Adware
Last Post: March 15th, 2004, 01:24 AM
By SpydaByte in forum AntiOnline's General Chit Chat
Last Post: January 20th, 2003, 10:55 PM