![]() ![]() They are plain Wordlist dictionaries used to brute force WPA/WPA2 data captures with aircrack-ng. Below are some dictionaries that can be used with Backtrack or Kali Linux. But it at least gives you a decent chance. Maybe if you are reading this post a long time after it was written, then you might have the tool pre-installed in Kali. Also, most operating systems don’t make you actually type the password every time, so don’t feel too bad about making users remember long random strings. Needless to say, dictionary words are out. I'm not saying that will crack it - I'm usually unsuccessful during engagements cracking the WPA2 (which is why you need to rely on other methods). The most effective way to prevent WPA-PSK/WPA2-PSK attacks is to choose a good passphrase and avoid TKIP where possible. Then use a combinator attack using that wordlist twice, or combine it with an english dictionary. Use Cewl, or make it yourself, based on company names and words that mean something to their industry and business. I like creating a custom wordlist around the company itself. Most passwords I've seen are phrases or combinations of words that mean something to the company. When I've attempted to crack WPA2 passwords on pen tests, even with the computing power at my disposal, I have to be very judicious about what I give hashcat so I'm making the best guesses that I can, because I know its going to take a while. With on-board laptop GPU, I don't think you're going to get too much beter than that, although it depends on the card. Lets say you manage to double your speed - that's still 5 to 7 days. Even if you optimize, its still going to take a while to crack. 12 characters presents a pretty large keyspace as well. The WPA2 hash cracks relatively slowly, at least compared with other hashes. Now let’s take a look at Wifiphisher.Practically speaking, a 12 character WPA2 key is going to be difficult to crack. Please do NOT post questions on why it doesn’t work until you check if your wireless adapter can do packet injection. You may use others, but before you do, make certain that it is compatible with Aircrack-ng (packet injection capable). Here, I used the tried and true, Alfa AWUS036H. ![]() To do this hack, you will need Kali Linux and two wireless adapters, one of which must be capable of packet injection. But given the fact that I could have passively captured your keys hash, by the time you found out, it would be too late. In addition, you could always do this all manually, but now we have a script that automates the entire process. It takes my system about five days to crank through 45 million passphrases. Similar scripts have been around for awhile, such as Airsnarf, but this new Wifiphisher script is more sophisticated.
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |