Jump to content

Search the Community

Showing results for tags 'wpa'.

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


  • Talk
    • Everything Else
    • Gaming
    • Questions
    • Business and Enterprise IT
    • Security
    • Hacks & Mods
    • Applications & Coding
    • Trading Post
  • Hak5 Gear
    • Hak5 Cloud C²
    • WiFi Pineapple Mark VII
    • USB Rubber Ducky
    • Bash Bunny
    • Key Croc
    • Packet Squirrel
    • Shark Jack
    • Signal Owl
    • LAN Turtle
    • Screen Crab
    • Plunder Bug
  • O.MG (Mischief Gadgets)
    • O.MG Cable
    • O.MG DemonSeed EDU
  • WiFi Pineapple (previous generations)
    • WiFi Pineapple TETRA
    • WiFi Pineapple NANO
    • WiFi Pineapple Mark V
    • WiFi Pineapple Mark IV
    • Pineapple Modules
    • WiFi Pineapples Mark I, II, III
  • Hak5 Shows
  • Community
    • Forums and Wiki
    • #Hak5
  • Projects
    • SDR - Software Defined Radio
    • Community Projects
    • Interceptor
    • USB Hacks
    • USB Multipass
    • Pandora Timeshifting

Find results in...

Find results that contain...

Date Created

  • Start


Last Updated

  • Start


Filter by number of...


  • Start





Website URL







Enter a five letter word.

  1. Compressed File Size: 4.4gb Decompressed File Size: 13gb Just thought i would share the link for those who are looking for a decent list to pen test their networks. The list contains 982,963,904 words exactly no dupes and all optimized for wpa/wpa2. Would also just like to point out that this is not my work, instead it was a guy who compiled a whole load of useful lists, including his own to come up with 2 lists (one is 11gb and one is 2gb) i will be seeding this torrent indefinitely since it is shareware! 20mb up! INFO This is my final series of WPA-PSK wordlist(S) as
  2. PMKID Attack WPA/WPA2 on WiFi Pineapples! Pineapple NANO + TETRA WARNING! This attack is EXTREMELY effective on the Pineapples! And is capable of capturing an entire neighborhood of PMKID's in a minute or less, even without access-points! ONLY use hcxdumptool on networks and devices you have expressive permission to, because of this: hcxdumptool is able to prevent complete wlan traffic! hcxdumptool is able to capture PMKID's from access points (only one single PMKID from an access point is required!) hcxdumptool is able to capture handshakes from not conn
  3. Hello all. I have been a fan of the hak5 team for a while and over the last 2-3 years have collected pretty much everything in the hak5 shop. I have all the things that do the things. ? Recently during a fever dream, I imagined that I had a new device. One that magically grabbed 4 way WPA handshakes with the push of a button and was small enough to hold in my tiny pen testing fist. We have all been there right? We know there is a network with clients but we are just too far away to effectively do a deauth airodump attack. Sure we could get closer and open our Linux laptop, plug in a wo
  4. BESSIDE-NG - Customized for Pineapple TETRA I'm writing a relative short post, as i don't feel like writing an entire article explaining how-to install this and use this. I've compiled a customized version of besside-ng, that will automatically scan all the channels from 1 to 165. The scan will take almost a minute to complete, compared to some seconds when only scanning the 2.4GHz range. Also added option to only scan WEP or WPA networks. I've also changed the directory that the logs gets saved to. They can now be found in /tmp The files are as usual: wep.cap, wpa.cap, bess
  5. so i see alot of scripts like wifiphisher and fluxion they work great but the only sad part is when they clone the wireless network ...is it possible to let the user automatically connect to our fake access point by disabling their own access point..like without displaying the access point in the wifi list.
  6. Hopefully some of you will find this table useful for (legally and ethically) pentesting WiFi routers. Please note that the figures shown in the far right column 'Time' are based on a Palit GTX 970 using oclHashCat. You will need to do your own maths for this, but it gives you a good idea of average crack times for a fairly standard £300 / $500 GPU. For WPA2 with the GTX 970, my benchmarks with hashcat are; 13,774,031,184 password hashes per day 573,917,966 per hour 9,565,299 per minute 159,421 per second Anything marked as 'Never' and red will take more t
  7. Hi There, Does anyone know how to broadcast only the SSID without security, so only the open networks? My nano is now broadcasting all networks, so all the networks with password will also be broadcasted without password from my nano. Thanks!
  8. Hi all, As the title suggests, I was wondering why WPA should be easier to crack than WPA2, and yet the process to crack them appears to be the same? The hash mode in Hashcat is exactly the same for WPA and WPA2, so surely they would take the exact same amount of time to break? Is there a quicker way to break WPA? I found http://www.aircrack-ng.org/doku.php?id=tkiptun-ng, but this appears to only be for WPA-TKIP, and doesn't look like a finished product. At the moment, are we doomed to cracking WPA using the same methods as WPA2? Thanks.
  9. I have google searched for a few days, but I was hoping that someone could give me the answer I need. What is the full character set for WPA/WPA2 passwords? I believe it is a minimum of 8 digits, but I have read that the maximum is 40 and also that it is 63. Could you please clarify? I know we have all upper and lower case letters and the numbers 0-1, but I would like to know what special characters are allowed as well. so what i have for sure is: 1234567890abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ There must be some special characters to add onto that. Thanks in advance.
  10. I would like to ask about tutorials on certain subjects. I know SSL stripping is already online, but there are a few things I'd like to learn to do with my wifi pineapple: viewing traffic on an open network password sniffing cracking wpa/wpa2, even if it doesn't have wps enabled (the whole process) sniffing traffic on a wpa/wpa2 network Also, I don't know if you have tutorials for all of this already, but I really think it would be good to go from beginner pineapple skills, all of the way through expert, so I could become a more experienced hacker. I don't see tutorials for every infusion
  11. Hi, I want to ask, what other programs exist for finding the pass phrase of a WPA handshake besides aircrack-ng and cowpatty. For linux platform, especially server, cpu based. From what I understand, pyrit is GPU based. Whats wrong with aircrack and cowpatty? Well.. I want to use an openSUSE11 server BUT I dont have root rights to install all prerequisites and compile aircrack. Cowpatty compile and works fine, but its single threaded. I know I can break up the wordlist into e.g 4 run four instances, but sometimes it does not recognize the handshake as well as aircrack-ng. Just asking if
  12. Pyrit WPA password cracker updated! Ive been maintaining this project for a while now, please spread the word: https://github.com/JPaulMora/Pyrit Added some extra options and performance improvements.
  13. I'm working on an eviltwin infusion for the pineapple but still have a long way to go. So far Im writting an eviltwin script without the pineapple to make sure I get that right. The script still need some work. I need help to improve it. Im writting the script base on this video #touch eviltwin #nano eviltwin (copy & paste script) #chmod +x eviltwin #./eviltwin (This will not setup your mysql database) #!/bin/bash ########################################## # Evil Twin Access Point v0.1 # #
  14. After four months of relentless persistence I finally was able to bruteforce my neighbor WPS pin, After spending days of AP lock and figuring out the precise x:y Values I found that the WPA PSK is 8-digit number(like all other PSKs) but it got me thinking, What if I did a direct bruteforce to PSK. I don’t know if the AP could actually lock that (hence no new device can connect even with the right pass) but if we talk about 200 tries/day I think it can be cracked in a guaranteed 55 days (11000/200) I'm newbie at this stuff so please is there a script for that or my theory is stupid-wrong
  15. Hi I am quite new to password generation so forgive me if this is a stupid question:) I am trying to generate all possible combinations of WPA keys for BigPond modems in Australia. i have identified the layout of every single key that they generate. they look like this 1234E5678D: and its always the same layout " the first 4 characters are numbers, then the 5th character is a capital letter. then the next 4 are numbers again and the last is a letter" but for the life of me i cannot seem to work out how to generate keys with such specific parameters? any ideas how i would accomplish this? any
  16. Hey Everyone. Who has heard of Sophos? or Warbiking? prehaps you may know it as War Driving Sophos is a UK Based Security company and they are doing a very nice job of showing security experts the general habits of the people hungry for Wifi. Whats very intresting - is he is doing it all with the Hak 5 Wifi Pineapple. If you watch a video you can see it there - clearly James is not about to reveal what it really is loosly calling it a "Access point" but any one from here will see its a Mk 5. Latest News artical - 'Warbiking' reveals increasing need for Sydneysiders to change wireless s
  17. Hello everyone, I apologize if I have missed a thread where this has been covered and appreciate your help and time ^^ I have this card and I could set the tx power on windows 7 and after installing windows 8.1 pro I cannot find this option anymore, help ? I think there is an option to set the tx power even higher, anyone know? Problem I have is when I use windows 7 in VMWare, for some reason there isn't any tx power option, maybe only when it's installed as host? Also I have other questions regarding finding wpa key, can I post it here?
  18. Hello, I've been using the pineapple's client mode quite happily on my routers in location 1, but am having no luck with any in location 2 - something I must assume is due to encryption types. I had read a few topics here regarding the issue (in particular one from 2013 mentioning a config alteration) but haven't had any luck. If someone could point me to existing topics on the matter or tell me what logs to post here for diagnosis that'd be great. Cheers, HP
  19. I have 2 additional wireless adaptors connected to my MK5 and I need to connect wlan3 to a WPA/WPA2 wireless network. What command do I run to connect to a WPA/WPA2 wireless network? Interface Chipset Driver wlan0 Atheros ath9k - [phy0] wlan1 RTL8187 rtl8187 - [phy1] wlan2 RTL8187 rtl8187 - [phy2] wlan3 Atheros ath9k - [phy3]
  20. I know that decrypting WiFi WPA encrypted traffic when 4-way handshake is in the traffic dump and when passphrase is known is a trivial task. However, what about decrypting WPA traffic when 4-way handshake is not available. I have the SSID, I have the passphrase, I have messages 3 and 4 (I know it is useless) of the 4-way handshake. Is there a way of decrypting the traffic?
  21. So I know that the router generates random passwords in this structure: xxxx-xxxx-xxxx It uses all loweralphnumeric and includes the dashes, but no other special characters. I've been reading about generating rainbow tables, but all the options include too much, or wont allow me to generate 12 character long passwords. But I don't know if I totally understand the process yet, I'm still reading. Does anyone know a good way of generating either plaintext dictionary or rainbow tables that fit this specific format only? I want to create a dictionary that includes all possible combinations for t
  22. What is FruityCracker? FruityCracker is a bash script that can crack wireless networks , capture wpa handshakes , Evil twin (Open,Wep,Wpa,Wpa2 ) and more features to come ! Compatibility Tested Configuration: Pineapple MK5 1.0.4 Questions or Problems Please Let me know what you would like to see in this script below ! Release Date Unknown. Author : Jesse Izeboud Other scripts i made : FruitySniffer
  23. Is it and how it's possible to capture handshakes with one device and send all captured handshakes to other device for cracking? Cracking device isn't in wireless range. Handshake device have 3G mobile broadband.
  24. I have been using reaver to brute-force attack a WPA/WPA2 connection , But i seem to have a problem , The WPS pin cannot be found , It stops searching for a PIN at a specific place. Why is this happening ? And by the way i am using reaver from BEINI OS , Using Minidwep-gtk. I have searched for the WPA/WPA2 handshake and i've got it but i cannot crack it since i don't have a proper dictionary to and i don't have the means to download one. I look forward to a reply to this thread. Thank you ^_^
  25. I have been using reaver to brute-force attack on my WPA/WPA2 connection , But i seem to have a problem , The WPS pin cannot be found , It stops searching for a PIN at a specific place. Why is this happening ? And by the way i am using reaver from BEINI OS , Using Minidwep-gtk. I have searched for the WPA/WPA2 handshake and i've got it but i'm not sure if it really has a PSK or not because i tried cracking it using Cloudcracker and so far unsuccessful. I've tried with the 1.2 billion dictionary word list and i was unsuccessful. The router i am using for the WiFi is a Belkin 3bb9 router which i
  • Create New...