Skorpinok Rover Posted April 16, 2012 Share Posted April 16, 2012 Hello, i use backtrack 5r2, while cracking WPA-PSK/WPA2-PSK, the dictionary has no required password in it, is there any other method to crack ? or any dictionary available online ? i used reaver once but it failed, please suggest if have any idea, thanks in advance.. Regards. Quote Link to comment Share on other sites More sharing options...
shadowmmm Posted April 17, 2012 Share Posted April 17, 2012 look into reaver wps or wpscrackgui Quote Link to comment Share on other sites More sharing options...
shadowmmm Posted April 17, 2012 Share Posted April 17, 2012 reaver only fails if you either not in monitor mode or your card doesn't support it.other then that it works on everything wps enabled.depends what kind of router u r trying to get into.good luck Quote Link to comment Share on other sites More sharing options...
oxley Posted April 26, 2012 Share Posted April 26, 2012 Reaver also sometimes requires some tweaking, I found one access point (can’t remember the model etc) that locked out for 5 minutes after 3 wrong attempts, took me almost a week to crack it, I had to put waits per 3 attempts and pauses between each attempts, but I have also found some will allow the “ignore lockouts” switch. Quote Link to comment Share on other sites More sharing options...
oxley Posted May 4, 2012 Share Posted May 4, 2012 (edited) Also have a look at the work done by Matt Weir, look at his Defcon and Shmoocon talks over the last few years, and his website has a few JTR rules for more “user” type password mangles, and from that information build your own dictionary. Like Matt I have found most dictionaries found on the interwebs are full of crap and duplicate entries. Download a simple dictionary file from a site http://wordlist.sourceforge.net/ and then mangle it with JTR, eg add 01 to 99 to the end, or a list of year from say 1930 to 2012 etc. Most admins know users have passwords like soccer11, welcome1, bear2009, or if it’s a company you made need to look at a more complicated mangle such as N1pp0n, but start with easiest first. It takes time, patience and a bit of thinking, which is the difference between a successful pentester and a script kiddie, in my humble opinion. I should add that if the access point was supplied by a telco such as Bigpond, the WPA key is a hashed mash of the serial number and the MAC address, there are plenty of tools for the old Thompson router/Modems, but they changed the formula for the 2Wire and netcomm’s , and those that have worked it out are keeping that information close to their chest, so in other words you may be in for a long wait, or boned. Edited May 4, 2012 by oxley Quote Link to comment Share on other sites More sharing options...
Infiltrator Posted May 4, 2012 Share Posted May 4, 2012 It takes time, patience and a bit of thinking, which is the difference between a successful pentester and a script kiddie, in my humble opinion. You are definitely right and that's exactly how I implemented my dictionary files. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.