Jump to content

Wpa-psk/wpa2 Dictionary Help


Skorpinok Rover

Recommended Posts

Hello, i use backtrack 5r2, while cracking WPA-PSK/WPA2-PSK, the dictionary has no required password in it, is there any other method to crack ? or any dictionary available online ? i used reaver once but it failed, please suggest if have any idea, thanks in advance..

Regards.

Link to comment
Share on other sites

  • 2 weeks later...

Reaver also sometimes requires some tweaking, I found one access point (can’t remember the model etc) that locked out for 5 minutes after 3 wrong attempts, took me almost a week to crack it, I had to put waits per 3 attempts and pauses between each attempts, but I have also found some will allow the “ignore lockouts” switch.

Link to comment
Share on other sites

Also have a look at the work done by Matt Weir, look at his Defcon and Shmoocon talks over the last few years, and his website has a few JTR rules for more “user” type password mangles, and from that information build your own dictionary.

Like Matt I have found most dictionaries found on the interwebs are full of crap and duplicate entries. Download a simple dictionary file from a site http://wordlist.sourceforge.net/ and then mangle it with JTR, eg add 01 to 99 to the end, or a list of year from say 1930 to 2012 etc.

Most admins know users have passwords like soccer11, welcome1, bear2009, or if it’s a company you made need to look at a more complicated mangle such as N1pp0n, but start with easiest first.

It takes time, patience and a bit of thinking, which is the difference between a successful pentester and a script kiddie, in my humble opinion.

I should add that if the access point was supplied by a telco such as Bigpond, the WPA key is a hashed mash of the serial number and the MAC address, there are plenty of tools for the old Thompson router/Modems, but they changed the formula for the 2Wire and netcomm’s , and those that have worked it out are keeping that information close to their chest, so in other words you may be in for a long wait, or boned.

Edited by oxley
Link to comment
Share on other sites

It takes time, patience and a bit of thinking, which is the difference between a successful pentester and a script kiddie, in my humble opinion.

You are definitely right and that's exactly how I implemented my dictionary files.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...