Jump to content

undersc0re

Active Members
  • Posts

    18
  • Joined

  • Last visited

Posts posted by undersc0re

  1. On December 2, 2018 at 9:28 PM, i8igmac said:

     

    This is what I was looking for 0MGSM24@@@@@ mix upper alpha numeric using a 1070ti to crack....Thx for all the help, just did that and then 0MGSM25@@@@@ and 0MGSM26@@@@@ and then just combined the 3 files together into one. Using crunch in windows and then hashcat in windows....I can no longer use kali with my usb persistence stick as it does not agree with my nvidia card!

     

     

    ("0".."9").to_a+("a".."z").to_a+("A".."Z").to_a.permutation(6).each{|x| puts("0MGSM2"+x.join) }

    save this one liner as file.rb.

    test Run it like the 2 commamds below.

    Ruby file.rb 

    or

    ruby file.rb > OMGA.list

    here is a modified version that for speed will save to a file.

     

     

    g=File.new("OGSM.list", +a)

    ("0".."9").to_a+("a".."z").to_a+("A".."Z").to_a.permutation(6).each{|x| f.puts("0MGSM2"+x.join) }

    f.close

     

    The above should be quicker then the console method . But I haven't tested to confirm this...

    there is no output for this method but you should expect to see something like this in your OSGM.list

    Expected output 

    0MGSM0ABHXIN
    0MGSM9ABHXIO
    0MGSM8ABHXIP
    0MGSM7ABHXIQ
    0MGSM6ABHXIR
    0MGSM5ABHXIS
    0MGSM4ABHXIT
    0MGSM3ABHXIU
    0MGSM2ABHXIV
    0MGSM1ABHXIW

     

     

     

     

    crunch 12 12 "0987654321abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUV" -t 0MGSM2%@@@@@

     

    This should work for your crunch command. Its 79 gigs.

    % = 0-9

    @= a-z A-Z 0-9

     

    And this one below is 4 gigs and maybe what your looking for.

    crunch 12 12 "0987654321ABCDEFGHIJKLMNOPQRSTUV" -t 0MGSM2%@@@@@

     

  2.    I am attempting to make a password file in crunch in one command, I need it to be 12 characters long and always start with 0MGSM2 those first 6 characters always the same and the 7th character always being a random digit and then the last 5 characters are a mix of uppercase letters and or digits random placed. Is there one command to do this in crunch or would I have to make multiple lists and just join them together? I tried to do it from the man page and googling but can not seem to get this one. Thank-you.

    • Upvote 1
  3.   It is a large provider in Canada that uses this pattern on just one of their wireless modem models. I use password files because I do not have a gpu on my cheap laptop and it is very limited with its old cpu and ram, so I try to increase performance by making password files on my persistence stick to save ram and cpu resources, I honestly have no idea if that helps as I have not compared other ways against my method, It took me a while but I have my pwd file figured out now...trial and error. I have managed to convince many local people to change their wireless passwords, especially when I tell them what can happen when some devious young kid plays on their home network when they connect to it...

  4. On 4/8/2017 at 9:27 AM, Mr-Protocol said:

    If you wanted just numbers appended.

    
    root@kali:~# crunch 12 12 -o START -b 200mb -t 2511%%%%%%%%
    Crunch will now generate the following amount of data: 1300000000 bytes
    1239 MB
    1 GB
    0 TB
    0 PB
    Crunch will now generate the following number of lines: 100000000 

    I am having difficulty trying something a little more specific. I am trying to do the following, I still want the password file made to start at 2511 all the time and have total of 12 characters, but I want the fifth character to be 4,5,or6 and the sixth character to be a letter but only from A to F(uppercase only) the seventh character always a zero and the rest random numbers. For example 25115F037493 or 25116A094738. I can not seem to make sense of the man page to make this work for spitting out the proper file. Any help would be muchly appreciated!

     

     

  5.   If it is an option you could get yourself a decent usb stick and install kali on it with persistence so it saves your settings and files, once set up you just boot the computer from usb stick. As long as the stick has half decent speed and amount of memory it should work great. When you mess it up just download the latest weekly kali image and start over! I have not tried booting it on different computers all of the time, I just use my one cheap laptop, so not sure if changing computers messes up the settings or drivers somehow. If your new at it just google videos on how to make a kali persistence stick in a windows environment. I am assuming you have some sort of computer already.

  6. I used crunch to make 4 seperate password files, was not sure how to do all that I wanted with just one crunch command for one file. I then run those password files just through aircrack/cpu. Very basic and straight forward, nothing fancy.

    When you say exact length, I assume you mean the password length, yes it is always 12 characters. 

    So when I made one of the files i just did -->  crunch 12 12 -o START -b 50 -t 25115,0%%%%%  <-- i just wanted to keep the files less than 50mb.

    I guess I could have run crunch with aircrack so as not to need store files, not sure if its much of an advantage, I have lots of storage space on my persistence usb stick.

    digip, i like that computer case you posted up above there, you should incorporate hepa filters and a carbon filter, this way you can have an air purifier and computer in one, must move a lot of air with that case.

  7. You said laughable security, well I just found out that if the password does contain a letter, it will be the sixth character only and it will be A-F. So that makes it easy for anyone with a cheap laptop to crack via just a cpu with aircrack. The sixth character discovery is just what I have found from 4 different modem/routers of this type from the same internet provider. I would assume they know about this poor security. 

      Amazing how a little bit of investigating can help you taylor a password list, and make it quicker to crack. So it seems uncrackable at first with there being 12 character but then you find out the first 4 characters are always the same, the 5th is usually one of 2 maybe 3 numbers, not sure yet, the 6th can be an uppercase letter or number, the 7th is always a zero, and the last 5 characters so far seem to be random numbers. It would be neat to know how the password is spit out for these things by the computer, how and why it decides which characters to use where.

  8. It is not the only router model they use, they use a couple others as well. The router they use with phone and tv are different and I am not sure how those are done. It seems very insecure, but it is just the default password and the end user is ultimately responsible to change it, although when I set mine up there was nothing in bold or obvious that the default password should be changed asap.

    It did not take me long to figure this out, so your average tech savvy high school kid or gamer guy could easily get some free internet, or even worse, illegal activity on anothers internet. I am sure the provider and their it department could hunt down that "bad guy" and his computer somewhere down the line unless he is very very careful lol.

    Is aircrack and hashcat about the same speed at cracking a wpa2 handshake using just an average cpu only? I am sure a 10 core cpu would blow away my 2 core lol.

  9.    Wow, so far the letters I have found to be uppercase A to F in my findings as well which would make it easier, I have to see a few more with letters mixed in the password to feel a little more sure about that fact. It would be neat to see oclhashcat fly through a large password list or crack a hash in record time but I can not afford to spend a lot of money on new devices just for that lol. I was hoping I could add a cheap video card to my cheap laptop, seems like that is a no go so far.

  10. On April 12, 2017 at 1:56 AM, haze1434 said:

    WPA2 Handshakes are a little slower to crack than, say, MD5. They will take longer.

    I'd say that sounds about right for an i5 laptop. My GTX 970 graphics card does about 160,000 per second, laptop CPUs are much slower.

    What GPU does the laptop have? Might be worth trying oclHashCat (which uses GPU instead of CPU) and see if you get better speeds. Probably not, on a laptop, depend on the graphics card.

    I find one of the biggest factors, by far, is your password lists or the way in which you use masks. You can crack passwords on a really weak machine, if you're savvy and know what format the password is going to take. Do plenty of recon and you could crack in seconds. E.g; Pet names, partners, DOBs, addresses, etc. Also research what passwords are used as default on the router your grabbing the handshake from. This will cut down having to simply guess through millions of combinations and can save weeks and months. I made a post on these.

    So, say with hashcat you get 160,000 k/s and I get 1900 with aircrack, thats huge! Now what would a gamer with a good system and an nvidia 1080 get for k/s for a wpa2 handshake in hashcat?

    Is there a way to plug a video card into an old laptop via the usb, like you would an external storage drive, except have an external video card, just wondering if they sell something like that. I am sure it would be silly idea for a few reasons especially speed restrictions. 

    I did some recon as you suggested on certain routers models and found that local provider passwords always have 2511 at the beginning and then 8 more characters being uppercase letters and numerals with the  5th character being a 4,5, or 6 and the 7th character being a zero all the time. In about 65% of the cases being all digits no letters, which could make an attackers job very easy with a super cheap laptop unfortunately, and I am sure the providers must know about it, and I bet most providers have weak security in some way. So I made sure that people I know with that router change their default passwords immediately. I found that with maybe a 30 mb password file created by crunch for those specific ranges and a cheap laptop could possibly find the password for 1 in 7 routers with default passwords for that provider in less than an hour, pretty crazy if you ask me. Hopefully people do not open up and share their files with anyone on their possibly own home secure network. This discovery has made me more paranoid than ever....and I have not even tried testing my own network of household computers with something basic like armitage to see what an intruder could do once inside my network. 

  11. I have one more question to throw out here, does aircrack and hashcat kill processors and gpu chips eventually? Obviously the programs will push the chips to the limit to process hashes etc, just wondering if the heat kills them eventually out there, even if they limit the processing a bit by monitoring the heat sensors, thx.

  12. Thanks for the input, my laptop does not really have a gpu outside of the cpu, its a cheap built in the motherboard graphics processor. I guess if I had a higher end unit I would give it a shot. When I run the aircrack it starts winding up the internal fan like a jet taking off, then I notice after some time the speed drops to about 1000 k/s. I am afraid I am gonna kill the cheap ram or cpu with all the heat lol. I wish I could see the ram and cpu temp. That is insane how fast you can process a wordlist against a captured handshake with hashcat and a gpu! If I ever build a desktop unit I will consider buying the video cards that work best with kali/hashcat lol. Too bad you can not use some of the standalone gaming systems with compatible cards to do this! Design the game to crack routers lol, anyhow thanks for the input.

  13. My cheap laptop with an i5 processor is being used to test my network, I successfully grabbed a handshake and tested it against a password file with my pass in it that was 100mb in size. I used aircrack on the text file with my persistence usb stick loaded up with latest kali and the best I can get is 1800-1900 k/s, should I be expecting more speed out of it or am I out of luck unless I build a rig with good video cards and go the hashcat route?

    I am basically curious to know if 1800 k/s for aircrack is normal on a crappy 2 year old laptop.

  14. Ok, couldn't resist, grabbed the family laptop and fired up kali, crunch spit out what I wanted as .txt files when I entered that exact command! I think I was trying to tell it the filename I wanted when I tried it before or sumthin. It works great now, and fast as heck, thanks for sharing your knowledge with me! 

  15. Yes I was just looking for the simple one with numeral digits following 2511, our local provider of internet service with their router usually sets default password of 2511 followed by 8 more random numbers most of the time, sometimes those 8 numbers have uppercase letters in the mix. My router uses numbers only and so does my parents and my friends, I just wanted to test my router to see how hard it would be for someone to come by or maybe a curious neighbour to hack into and borrow some of my internetfor evil purposes. I imagine the most common way would be for them to just capture a handshake and throw an easy passwordlist at it. I already tested other possible ways against my router such as pixiedust attack with both bully and reaver, (it seems the internet provider has protection for that now), and common passwordlists. I figure no one in their right mind would waste their time with a password list with 2511 and 8 alpha numeric following after that so I though just numerals involved would be a quick shot for someone, of course my router is hidden from the front door and any windows viewing access lol.

    Thanks for your help, I will give that a shot next time I fire up the kali persistence usb stick! Glad I purchased a good one with lots of available memory!

  16. I am looking to create a crunch .txt file with the following parameters. I want a 12 digit password always starting with 2511 and the following 8 digits to be random. I would like the text files created to be 200mb or less. Is this possible with crunch? I can not seem to get crunch to spit this out in kali, would it be easier with a different program? Thanks for your help.

×
×
  • Create New...