hocky
-
Posts
3 -
Joined
-
Last visited
Posts posted by hocky
-
-
You need the 4 way handshake for WPA stuff.
http://www.aircrack-ng.org/doku.php?id=cracking_wpa
You may want to research the tool: cowpatty
From how I understand it. You need the 4 way handshake to test your rainbow table against.
Thanx for the reply MR Protocol,
I forgot to mention that i do have the 4-way handshake (succesfully using airodump-ng in BT4)
so i have my sniff.cap file to test.
I also downloaded the 33GB Rainbow table from the Church of WiFi. I am not sure whether it's a good idea
to check my sniff.cap file against that rainbow table since it does not have my ESSID in it.(Not too sure
but i believe they made it using the top 1000 ESSID's and mine is not included)
So I thought i might make my own rainbow table using my already known ESSID and then check the cap file against it.
Not sure what the file size would be...
Also if the file is too big i believe that i don't need all 26 letters, just ABCDEF1234567890
but maybe that is a very big file (?)
Browsing the internet i run into the following command using "crunch" with "cowpatty" and testing it now.
I do it in vmware so taking even more time to complete. so i am just waiting to see if it works. Have a look
and tell me what you think, when i have the results i will post them in any case.
/pentest/passwords/crunch/./crunch 10 10 0123456789ABCDEF | /pentest/wireless/cowpatty/./cowpatty -f - -r ~/capfile.cap -s essid
-
Hello,
here is the scenario: I know the ESSID and the length
of the wpa-psk key(containing only alpha-numeric values and
only capitals).Is it not better to just create a custom rainbow
table based on the above information before brutforce attack?
I thought of the following but i don't know how to implement it:
1) Firstly i make a custom wordlist of words that
- have a length of 10 characters and these characters
are alphanumeric only (only capitals)
i.e. all combinations of (ABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789)
2) Combine the known ESSID with that wordlist to generate the rainbow table.
If the above seem valid how do I do it (what software and what
commands do i use)?
thanks
PS: In aircrack-ng I notice the possible use of the essid and
bssid (-s "ESSID" -b "BSSID"). Do these commands when
incorporated make the cracking process faster than using a
precomputaded rainbow table? i.e. is it equivalent to the above
steps 1) & 2). If so which is faster?
Custom Rainbow Table For Known Essid And Key Length
in Security
Posted
Hi mux, thx for the link. I know the minimum length for wpa is 10 but for a specific brand of routers in my area
I noticed that the company uses a fixed size of 10 which is arrangements of "ABCDEF1234567890".And I know that it
most possibly has the default phrase(wpa-psk) so that is why I use no dictionary.
I am not sure how fast cowpatty is. I ran it in vmware on a 3.4 GHz CPU and noticed something like 1000 keys per 3 seconds.
I also did some math and if they are correct then it's not worth it.
I have 6 letters (ABCDEF) and 10 digits (1234567890). That makes a sum of 16.
The size of each key is 10. So:
16^10 = 1099511627776 combinations(keys)
Cowpatty checks about 1000 combianations every 3 seconds
3 secs checks 1000 keys
x secs checks 1099511627776 keys
x = 0.003 x 1099511627776
= 3298534883,328 secs
= 916259,68981333333333333333333333 hours
= 38177,487075555555555555555555556 days
= 1272,5829025185185185185185185185 months
= 104,59585500152207001522070015221 years
Am I missing something? Is there a better way?