Aircrack speed

[undersc0re]

My cheap laptop with an i5 processor is being used to test my network, I successfully grabbed a handshake and tested it against a password file with my pass in it that was 100mb in size. I used aircrack on the text file with my persistence usb stick loaded up with latest kali and the best I can get is 1800-1900 k/s, should I be expecting more speed out of it or am I out of luck unless I build a rig with good video cards and go the hashcat route?

I am basically curious to know if 1800 k/s for aircrack is normal on a crappy 2 year old laptop.

[0phoi5]

WPA2 Handshakes are a little slower to crack than, say, MD5. They will take longer.

I'd say that sounds about right for an i5 laptop. My GTX 970 graphics card does about 160,000 per second, laptop CPUs are much slower.

What GPU does the laptop have? Might be worth trying oclHashCat (which uses GPU instead of CPU) and see if you get better speeds. Probably not, on a laptop, depend on the graphics card.

I find one of the biggest factors, by far, is your password lists or the way in which you use masks. You can crack passwords on a really weak machine, if you're savvy and know what format the password is going to take. Do plenty of recon and you could crack in seconds. E.g; Pet names, partners, DOBs, addresses, etc. Also research what passwords are used as default on the router your grabbing the handshake from. This will cut down having to simply guess through millions of combinations and can save weeks and months. I made a post on these.

Edited April 12, 2017 by haze1434

[b0N3z]

my i7 3770k quad core with ht got around 7800k/s with no dedicated gpu.  CPU only

[undersc0re]

Thanks for the input, my laptop does not really have a gpu outside of the cpu, its a cheap built in the motherboard graphics processor. I guess if I had a higher end unit I would give it a shot. When I run the aircrack it starts winding up the internal fan like a jet taking off, then I notice after some time the speed drops to about 1000 k/s. I am afraid I am gonna kill the cheap ram or cpu with all the heat lol. I wish I could see the ram and cpu temp. That is insane how fast you can process a wordlist against a captured handshake with hashcat and a gpu! If I ever build a desktop unit I will consider buying the video cards that work best with kali/hashcat lol. Too bad you can not use some of the standalone gaming systems with compatible cards to do this! Design the game to crack routers lol, anyhow thanks for the input.

[digip]

Aircrack isn't going to use GPU(as far as I know, but I may be out of the loop) to crack it, only CPU.

Hashcat can do WPA handshakes, but you have to convert it to a format hashcat wants. Dont have the info handy, but check their site or google, wpa/wpa2 to hashcat if you want to use your GPU to crack it(which should work on the laptop too, so long as its CUDA based).

There is also pyrit+cowpatty to do it with GPU as well, although I've never tried it, there are many tuts on it.

If no GPU compatible on the laptop, try cloud based services(granted just for testing with your own rotuer, make a small wordlist and put your pass at the end and use aircrack to test it works). Kali on AWS with CUDA support is out there, but it's not something everyone is going to be doing unless they have the need and want to spend the money.

[b0N3z]

Correct aircrack only takes advantage of the cpu power not gpu power.  There was no difference in speed when i got a gtx1050 and tried it.

[0phoi5]

If you're lucky, someone nice may crack them for you:

https://forum.hashkiller.co.uk/

Edited April 13, 2017 by haze1434

[undersc0re]

I have one more question to throw out here, does aircrack and hashcat kill processors and gpu chips eventually? Obviously the programs will push the chips to the limit to process hashes etc, just wondering if the heat kills them eventually out there, even if they limit the processing a bit by monitoring the heat sensors, thx.

[digip]

Heat issues with password crackers is a real issue, but no more so than high end gaming. Aircrack probably won't break shit, although it will warm up that CPU a bit, if you have plain air cooling, over hours of cracking, you might want to think about better cooling needs. Even with liquid cooling on my machine, it gets hot, so proper air flow and clean case, fans, etc, are a must. GPU's tend to run a bit hot to begin with and generally handle it better than a CPU and mobo do, but again, proper air flow and clean system is key. GPU's don't break as much of a sweat though compared to the CPU but overall create heat like any other component. I heat my bedroom all year long between gaming and cracking passwords in CTF's..lol Always the hottest room in the house and I clean the dust out at least once a month as it's a giant dust collector with it being a HAF case and lots of fans. (  )

That's my current case.

[Rkiver]

As @digip said, heat management is a BIG issue. I have a coolermaster HAF EVO XB+ case as my main machine, similar to what he has, and with proper fans and heat management my office is heated all year around by it and my server.

 

There is no such thing as too much cooling, just make sure it's done right.

[undersc0re]

On April 12, 2017 at 1:56 AM, haze1434 said:

WPA2 Handshakes are a little slower to crack than, say, MD5. They will take longer.

I'd say that sounds about right for an i5 laptop. My GTX 970 graphics card does about 160,000 per second, laptop CPUs are much slower.

What GPU does the laptop have? Might be worth trying oclHashCat (which uses GPU instead of CPU) and see if you get better speeds. Probably not, on a laptop, depend on the graphics card.

I find one of the biggest factors, by far, is your password lists or the way in which you use masks. You can crack passwords on a really weak machine, if you're savvy and know what format the password is going to take. Do plenty of recon and you could crack in seconds. E.g; Pet names, partners, DOBs, addresses, etc. Also research what passwords are used as default on the router your grabbing the handshake from. This will cut down having to simply guess through millions of combinations and can save weeks and months. I made a post on these.

So, say with hashcat you get 160,000 k/s and I get 1900 with aircrack, thats huge! Now what would a gamer with a good system and an nvidia 1080 get for k/s for a wpa2 handshake in hashcat?

Is there a way to plug a video card into an old laptop via the usb, like you would an external storage drive, except have an external video card, just wondering if they sell something like that. I am sure it would be silly idea for a few reasons especially speed restrictions. 

I did some recon as you suggested on certain routers models and found that local provider passwords always have 2511 at the beginning and then 8 more characters being uppercase letters and numerals with the  5th character being a 4,5, or 6 and the 7th character being a zero all the time. In about 65% of the cases being all digits no letters, which could make an attackers job very easy with a super cheap laptop unfortunately, and I am sure the providers must know about it, and I bet most providers have weak security in some way. So I made sure that people I know with that router change their default passwords immediately. I found that with maybe a 30 mb password file created by crunch for those specific ranges and a cheap laptop could possibly find the password for 1 in 7 routers with default passwords for that provider in less than an hour, pretty crazy if you ask me. Hopefully people do not open up and share their files with anyone on their possibly own home secure network. This discovery has made me more paranoid than ever....and I have not even tried testing my own network of household computers with something basic like armitage to see what an intruder could do once inside my network. 

[b0N3z]

Connecting a full size GPU to a laptop is possible as long as everything works right and its setup right.  But for the most part it is really not practical because, well its a laptop.  But if you do your research has been done before but most of the setups I saw were for macbooks with thunderbolt ports.

[0phoi5]

13 hours ago, undersc0re said:

So, say with hashcat you get 160,000 k/s and I get 1900 with aircrack, thats huge! Now what would a gamer with a good system and an nvidia 1080 get for k/s for a wpa2 handshake in hashcat? 

I don't have any figures to hand, but the 1080 should get more. I would guess around 200,000 per second, but that is a complete guess. It certainly won't be worse than the 970.

[0phoi5]

13 hours ago, undersc0re said:

I did some recon as you suggested on certain routers models and found that local provider passwords always have 2511 at the beginning and then 8 more characters being uppercase letters and numerals with the  5th character being a 4,5, or 6 and the 7th character being a zero all the time.

12 characters
Format : 2511[4,5,6]*0*****

6 possible randomised digits A-Z or 0-9
1 digit with 3 possiblities (4,5,6)

(26+10)^6 + 1^3 = 2,176,782,337

My GTX 970 could crack this, with oclHashCat, in 4 hours.
Your laptop CPU, with HashCat, could do it in 14 days (2 weeks)

[0phoi5]

https://hashcat.net/wiki/doku.php?id=mask_attack

 

-a 3 -1 ?d?u 2511,456,?10?1?1?1?1?1

[undersc0re]

   Wow, so far the letters I have found to be uppercase A to F in my findings as well which would make it easier, I have to see a few more with letters mixed in the password to feel a little more sure about that fact. It would be neat to see oclhashcat fly through a large password list or crack a hash in record time but I can not afford to spend a lot of money on new devices just for that lol. I was hoping I could add a cheap video card to my cheap laptop, seems like that is a no go so far.

[0phoi5]

19 minutes ago, undersc0re said:

So far the letters I have found to be uppercase A to F in my findings as well which would make it easier.

Huge difference. And yes, this is probably the case. Most older hub passwords only use A-F, which is so insecure.

So, the new math;

6 possible randomised digits A-F or 0-9
1 digit with 3 possiblities (4,5,6)

(6+10)^6 + 1^3 = 16,777,217

My GTX 970 could crack this, with oclHashCat, in 2 minutes.
Your laptop CPU, with HashCat, could do it in 3 hours.

 

-a 3 -1 ABCDEF?d 2511,456,?10?1?1?1?1?1

 

Absolutely laughable security, if this is indeed their password standard.

Edited April 27, 2017 by haze1434

[undersc0re]

It is not the only router model they use, they use a couple others as well. The router they use with phone and tv are different and I am not sure how those are done. It seems very insecure, but it is just the default password and the end user is ultimately responsible to change it, although when I set mine up there was nothing in bold or obvious that the default password should be changed asap.

It did not take me long to figure this out, so your average tech savvy high school kid or gamer guy could easily get some free internet, or even worse, illegal activity on anothers internet. I am sure the provider and their it department could hunt down that "bad guy" and his computer somewhere down the line unless he is very very careful lol.

Is aircrack and hashcat about the same speed at cracking a wpa2 handshake using just an average cpu only? I am sure a 10 core cpu would blow away my 2 core lol.

[undersc0re]

You said laughable security, well I just found out that if the password does contain a letter, it will be the sixth character only and it will be A-F. So that makes it easy for anyone with a cheap laptop to crack via just a cpu with aircrack. The sixth character discovery is just what I have found from 4 different modem/routers of this type from the same internet provider. I would assume they know about this poor security. 

  Amazing how a little bit of investigating can help you taylor a password list, and make it quicker to crack. So it seems uncrackable at first with there being 12 character but then you find out the first 4 characters are always the same, the 5th is usually one of 2 maybe 3 numbers, not sure yet, the 6th can be an uppercase letter or number, the 7th is always a zero, and the last 5 characters so far seem to be random numbers. It would be neat to know how the password is spit out for these things by the computer, how and why it decides which characters to use where.

[digip]

Do you know the exact length? You could potentially use crunch, with the charset and length you want, and then regex grep out only the keys that have the matching slots of items in each position, then use that as a master word list if it's that static. 

[undersc0re]

I used crunch to make 4 seperate password files, was not sure how to do all that I wanted with just one crunch command for one file. I then run those password files just through aircrack/cpu. Very basic and straight forward, nothing fancy.

When you say exact length, I assume you mean the password length, yes it is always 12 characters. 

So when I made one of the files i just did -->  crunch 12 12 -o START -b 50 -t 25115,0%%%%%  <-- i just wanted to keep the files less than 50mb.

I guess I could have run crunch with aircrack so as not to need store files, not sure if its much of an advantage, I have lots of storage space on my persistence usb stick.

digip, i like that computer case you posted up above there, you should incorporate hepa filters and a carbon filter, this way you can have an air purifier and computer in one, must move a lot of air with that case.

Edited May 16, 2017 by undersc0re