Anton Posted September 12, 2013 Author Share Posted September 12, 2013 Thanks again man gona give this a try. Quote Link to comment Share on other sites More sharing options...
DigitalGeek Posted September 12, 2013 Share Posted September 12, 2013 (edited) Thank You for this List and all of the extra information! I've actually been running the entire list through aircrack-ng, it loaded the list with 0 issues and has been running for almost a week now (LOL) on 1 WPA2 network handshake. It's gone through about 920 million of the keys as I write this and is still going. I'm starting to feel that it's going to finish unsuccessfully. Reason I used aircrack-ng is because I'm most familiar with it then pyrit, and I actually didn't know about pyrit till I started aircrack. Plus I'm not sure how much better pyrit will be when the PC running the list doesn't have a high end gfx card, it's running off an on-board Intel HD for gfx I think. On the note of WPS cracking, I have had a ton of success with reaver. I agree on using the -S command with reaver as it really speeds up the process a lot. And cyberjack, thank you for the info on lowering my data rate with the iwconfig, never tried that before. A question: After aircrack-ng finishes with the list, assuming it fails, what should my next step be? Should I find another wordlist, attempt a bruteforce, just give up? This network doesn't have a custom essid, its a 2Wire, would there be a default set key (not set by the user)? Edited September 12, 2013 by DigitalGeek Quote Link to comment Share on other sites More sharing options...
cyberjackcyberjack Posted September 12, 2013 Share Posted September 12, 2013 default set key on 2wire. ? sadly so mate to be fare if it got wps turnd off i would'nt have given it a try, chances of cracking a default set key is 1,0000 to 1. and its unikly the wpa key algorithm bean leakd ( SKY got thares crackd awile ago) hears the link for that xxx.cm9.net/skypass/ Quote Link to comment Share on other sites More sharing options...
DigitalGeek Posted September 13, 2013 Share Posted September 13, 2013 Ah. Thank you, Unfortunatly no WPS, if there was I would have never attempted a wordlist. Though the wordlist failing really makes me want to try harder at trying to get into the network, but if wordlists and/or bruteforceing are the only options then it kinda seems pointless. BTW, if anyone was wondering, aircrack-ng finished this entire wordlist in about a full week on a Intel Core 2 Duo, 4GB RAM without anything else running on Backtrack 5 R3. Quote Link to comment Share on other sites More sharing options...
cyberjackcyberjack Posted September 13, 2013 Share Posted September 13, 2013 yeah i guess so, sometimes you just plane unlucky, and not much you can do. .... A week for wordlist to finish :( ... thank god for pyrit and GPU's .. its takes about 3 days on mine. .. Fastest i ever seen was with a dual tesla card think it was around 26,000 pmks ... ha well be nice if we all had £600 to spend on graphics card(s)... .. even if you was to generate all combos with crunch (8 chrs) it would be well over a 1.5TB ... i know ive tryed it .. hardly practical... Quote Link to comment Share on other sites More sharing options...
Forgiven Posted September 30, 2013 Share Posted September 30, 2013 Try the Amazon EC2 service...it has all the power you could ever want to rent - at low cost! Quote Link to comment Share on other sites More sharing options...
Lhy19 Posted October 4, 2013 Share Posted October 4, 2013 LOL... crashed my PC when attempting to aircrack. I bet it has to do with something with the nearly one billion combinations. Hard to cache that and pass that. Mounting /tmp on another partition would make it to where your whole system doesn't crash if there's too much data. Quote Link to comment Share on other sites More sharing options...
Anton Posted October 12, 2013 Author Share Posted October 12, 2013 Try the Amazon EC2 service...it has all the power you could ever want to rent - at low cost! Would be interested in doing this, i have heard chit chat about it in the past. Are there any tuts out there? i wouldn't know where to start. Quote Link to comment Share on other sites More sharing options...
bme2008 Posted November 6, 2013 Share Posted November 6, 2013 Hey. Do you even "sort -u Super-WPA > Super-SORT ; sort -u Custom-WPA > Custom-SORT"? After 4 hours of sorting the file Custom-WPA has only 1.2 GB and Super-WPA has 7GB Quote Link to comment Share on other sites More sharing options...
aszu Posted November 9, 2013 Share Posted November 9, 2013 (edited) Thanks for the list, although as mentioned, there is a lot of duplicates. Regarding cracking handshakes with this list: guys, you are going it wrong! :) The only proper way to do this is to use ocl-hashcat. You do NOT need an expensive GPU, great example is AMD HD5830, which can be had on eBay etc for £50 and gives you over 70.000 H/s of processing power. It needs less than 4 hours to go through the entire list. Hashcat is also amazing if you want to check certain only combinations of characters in passwords, for instance to check all passwords ranging from 00000000 to 99999999 you just type: oclhashcat-plus64.exe -m 2500 -a3 handshake.hccap -1 0123456789 ?1?1?1?1?1?1?1?1 Quick explanation: -m 2500: type of hash, in this case WPA (it can also crack myriad of other hash types) -a3: indicates brute force attack, but you can just point it to the dictionary file directly instead (no problem processing multi-gigabyte files) -handshake.hccap: your handshake to crack, file in hccap format can be generated by aircrack-ng (-J option) -1: your character set space - for brute force attack you essentially list all the characters you expect to see in password (there are some macros available as well, like ?d - al digits), you don't need this for dictionary attack - ?1?1?1?1?1?1?1?1: defines format of password for brute force attack, in this case it is 8 characters, each from the '-1' space defined above. Again, no need to specify this for dictionary attack. Thee is more combinations possible, you can for instance have multiple character spaces and mix them with static strings, e.g. if you know that the password is markus + 4 digits, but you do not remember the digits and you do not remember if 'm' is upercase or lowercase, you can create the flowing rule: -1 mM ?1arkus?d?d?d?d All super fast and in real time, no need to generate static combinations lists or any of such nonsense. Tips: - adding '-n 32 -u 2048' options to hashcat command line will significantly speed up processing speed (usually by over 50%), at the expense of desktop responsiveness. - if your cracking crashes/stops at any point, you can restore it by using --restore option. It is also worth to specify --restore-timer interval, so it saves your progress regularly. I am really impressed by hashcat, it makes aircrack and other contraptions totally obsolete. Edited November 9, 2013 by aszu Quote Link to comment Share on other sites More sharing options...
DTeCH Posted May 6, 2014 Share Posted May 6, 2014 (edited) It has many many duplicates in there, but I could see the problem with trying to get rid of them due to it's size. Use CudaOclHashCat64 (for x64 Windows), or CudaOclHashCat32 (for x86 Windows) to tame this 13 gig beast CudaOclHashCat64 -m 2500 -a3 capture.hccap -1 0123456789ABCDEF -2 ?l?u -3 ?l?d ?1?2?3?1?1?1?1?1 -m 2500 tells hashcat that we're targetting WPA/WPA2 -a3 capture.hccap tells hashcat to load attack mode 3 (Brute-Force), & use capture.hccap Attack-Modes 0 Straight 1 Combination 3 Brute-Force 6 Hybrid Dictionary + Mask 7 Hybrid Mask + Dictionary -1 0123456789ABCDEF tells hashcat to use a Custom Charset (0123456789ABCDEF), & set it's shortcut to ?1 Where ever ?1 is found in the mask ?1?2?3?1?1?1?1?1 it will be replaced with a character from 0123456789ABCDEF (which is assigned to -1) The same for -2, & -3... ?2, & ?3 respectively. Built-in Charset Shortcuts ?l = abcdefghijklmnopqrstuvwxyz ?u = ABCDEFGHIJKLMNOPQRSTUVWXYZ ?d = 0123456789 ?a = ?l?u?d?s (Use all charsets) ?s = !"#$%&'()*+,-./:;<=>?@[\]^_`{|}~ -2 ?u?l tells hashcat to replace ?2 in the mask with a character from abcdefghijklmnopqrstuvwxyz or ABCDEFGHIJKLMNOPQRSTUVWXYZ Aaaaaaanywhooo... here's an easier way CudaOclHashCat64 -m 2500 -a0 capture.hccap A13GigMonsterList.lst -a0 tells hashcat that A13GigMonsterList.lst is a plain text list -m 2500 tells hashcat that we're targetting WPA/WPA2 What you could/should do is get a list of the top 10,000 (or whatever) most used passwords that has leaked from hacks against places like facebook, myspace, google, & the like, & load that list into a password generator that will permutate each word of that list into a new file. Now that list would be worth downloading... especially if you have bandwidth like mine! 0.5 mbps down, & 0.5 up. ps: I saw a list where the top facebook password was used by MILLIONS of users! pps: Hak5 Rocks! Edited May 6, 2014 by DTeCH Quote Link to comment Share on other sites More sharing options...
Millerair Posted May 13, 2014 Share Posted May 13, 2014 Why am i not seeing any of these wordlist in my BackTrack 5 r3.....is there a way to generate it there? Thanks Quote Link to comment Share on other sites More sharing options...
TYTechnolust Posted May 13, 2014 Share Posted May 13, 2014 (edited) You can find them in /pentest/passwords/wordlists. Edited May 13, 2014 by TYTechnolust Quote Link to comment Share on other sites More sharing options...
roleee22 Posted June 17, 2014 Share Posted June 17, 2014 Where can I download it now? Quote Link to comment Share on other sites More sharing options...
Burn54 Posted July 4, 2014 Share Posted July 4, 2014 Which program you use for creating wordlist?. I used notepad++, but doesn't work good Quote Link to comment Share on other sites More sharing options...
i8igmac Posted July 5, 2014 Share Posted July 5, 2014 I have had successful results and nice speed with pyrit cuda Longest I have seen was about 8hr crack at 14000per second pre computed results is insane if you have hard drive space to waist you may see a few million per second any one with this torrent... get your self a cuda powered rig and u must learn the basics of pyrit Quote Link to comment Share on other sites More sharing options...
Burn54 Posted July 6, 2014 Share Posted July 6, 2014 (edited) Can you explain me about that program? I have Intel HD Graphics card on my laptop, does that mean that I can't run pyrit cuda? Sorry for my bad english, I hope you understand. Best regards. Edited July 6, 2014 by Burn54 Quote Link to comment Share on other sites More sharing options...
cooper Posted July 6, 2014 Share Posted July 6, 2014 CUDA is nVidia proprietary technology, so your intel card is unable to make use of it. If there's an OpenCL version of this, there's a chance it might, but no guarantees. Quote Link to comment Share on other sites More sharing options...
barry99705 Posted July 7, 2014 Share Posted July 7, 2014 Use hashcat, it will use either ati or nvidia cards. Intel graphics generally use the pc cpu to fake a graphics card, that's why dedicated video cards work faster. Quote Link to comment Share on other sites More sharing options...
factgasm Posted July 11, 2014 Share Posted July 11, 2014 (edited) The recommended links appear infected. https://thepiratebay...orrent/5945498/ http://isohunt.com/download/247726861 http://www.torrentho...Final-13-GB-rar These files are only intended for cracking passwords so I don't expect to get hacked downloading them. Anyone know any clean sources? Edited July 11, 2014 by factgasm Quote Link to comment Share on other sites More sharing options...
Anton Posted August 20, 2014 Author Share Posted August 20, 2014 Will get fresh links up as soon as i get time :) - Anton. Quote Link to comment Share on other sites More sharing options...
neohack Posted September 3, 2014 Share Posted September 3, 2014 Hi sorry if this is a dump question.... I am trying to use the downloaded wordlist in Kali, but the files won't run. I unzipped them using winrar. Do the files not need to be text files? or am i missing something? do i need to do anything else? Any help appreciated Quote Link to comment Share on other sites More sharing options...
Black-Assassin Posted October 12, 2014 Share Posted October 12, 2014 I usually use crunch to generate my word list but if you like a created word list there is lots in the net..... Don't mean crunch is ma only power tool. ;) Quote Link to comment Share on other sites More sharing options...
Mr-Protocol Posted October 12, 2014 Share Posted October 12, 2014 https://wiki.skullsecurity.org/Passwords http://www.renderlab.net/projects/WPA-tables/ Quote Link to comment Share on other sites More sharing options...
therealgreg Posted October 24, 2014 Share Posted October 24, 2014 Compressed File Size: 4.4gb Decompressed File Size: 13gb Just thought i would share the link for those who are looking for a decent list to pen test their networks. The list contains 982,963,904 words exactly no dupes and all optimized for wpa/wpa2. Would also just like to point out that this is not my work, instead it was a guy who compiled a whole load of useful lists, including his own to come up with 2 lists (one is 11gb and one is 2gb) i will be seeding this torrent indefinitely since it is shareware! 20mb up! INFO This is my final series of WPA-PSK wordlist(S) as you can't get any better than this ! My wordlist is compiled from all known & some unknown internet sources such as; 1. openwall 2. coasts password collections 3. Xploitz Master Password Collection(s) vol 1 and vol 2 (official Backtrack 3/4/4R1 wordlist collections, Thanks Xploitz) 4. ftp sites such as; ftp://ftp.ox.ac.uk/pub/wordlists/ & others 5. all wordlists onand(as of 07/11/2010) 6. all wordlists hosted on; 7. all usernames from "100 million Facebook usernames and personal details" as leaked onto Torrent sites 8. all wordlists from the Argon (site now closed) And as a bonus my personal wordlist of 1.9 GB ! Which also includes; My "WPA-PSK WORDLIST 2 (107MB).rar" & "WPA-PSK WORDLIST (40 MB).rar" Torrent & random usernames grabed from over 30,000+ websites such as youtube, myspace, bebo & outhers sites witch i can't mention .... he he ============================================================================= ALL WITH NO DUPES OR BULL-SHIT AND IS FORMATTED TO WPA RULES OF 8-63 CHARS !! ============================================================================= Hope you enjoy. :¬) ******** P.L.E.A.S.E S.E.E.D W.H.E.N ******** The Pirate Bay Download Link ISO Hunt Download Link Torrent Hound Download Link Hope this helps any one who is starting out and learning about pen testing and network security, and don't forget to seed for others! Umm... you might want to check your facts before blindly posting false claims - you're not doing your street cred any favors, bro. Long story short... more than half the words are duplicates. Long story long... 1) This mega list "...982,963,904 words exactly no dupes..." contains only half over what you claim. After sorting and using 'uniq' command to output unique words to another file, we end up with just 493,220,993 words. For those keeping count, that's about half. 2) Then as a "bonus", he includes his personal list of 1.9GB, which equates to around 180 million words (checked using command "wc -l Custom-WPA" . Well... hate to burst another bubble, but after sorting and removing all dups, we end up with an adjusted bonus of 769MB, or 71 million words. This time we're left with way less than half. While I appreciate the millions of words, I really have a problem with the grand, false claims, which also makes me wonder how "decent" these lists really are. Also, it seems a waste to be torrenting around all that extra fat, if you know what I mean. So... all that to say... I have combined both lists, sorted and stripped out all duplicates, and am left with a 6.1GB file containing 494,564,103 words. I'm going to call this list "ForRealz-Super-WPA", and put it in my toolbox :) Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.