please can someone assist me in cracking this wpa .cap file. i already used rockyou and darkcode wordlist. can anyone help get the password out?? :)
p.s trying to impress a friend lol
>p.s trying to impress a friend lol
Do you just love sucking his dick or something?
Or maybe even your own?
>lol check me out im so cool i can hack wifi (but i cant really cuz i asked someone how to do it lol) lol
Pixiedust (WPS) - Low success rate - Almost instant (20-30 seconds)
Reaver (WPS) - Medium success rate - 12 hours to 24
Raw cracking of the .cap - Almost zero success rate (unless the user is complete dumbshit) - 5 minutes to quadrillion years, not counting how much electricity you'll waste.
Of course, you can always steal his password from one of his devices, provided you can get temporary phisical access or just hack in one of them via MiTM or when you're shitfaced at the pub.
Seriously, brute forcing the is the last things I would do.
I suppose you don't know shit about it or just trolling.
It cracks the 8 digit pin, so no, doesn't need wordlist. But you need to be close to the router, and is a real time attack (can't be done offline or be outsourced like the pcap).
Newer routers might lock you out after a few attempts, but there are workaround on this.
Hey guys not OP here
As i understand, if i have WPS enabled, everyone can easily hack into router because of those 8 (right?) digit number on a router
If WPS is turned off, and router uses WPA2 security, there's practically no way to crack it unless i have super computer or i get VERY lucky aka pass is 123
Am i right?
WPS is much easier to crack yes. doesnt mean you cant crack the WPA2 key...
WPA2 just takes muchmuchmuchmuchmuchmuchmuchmuch more time ... about 100 years if you have a proper password.
>password is 123
WPA2 enforces a password length which is 8 characters so, no, you can't use 123 as a password, you could do 00000123 or something like it however.
Reaver exploits an issue in how WPS works, it has nothing to do with WPA/WPA2 or any other type of encryption, it's an attack on WPS itself and how the 8 digit PIN (not password) is hashed when a WPS connection is set up.
Most routers in the past 3+ years have been patched to account for Reaver attacks either by fixing the actual exploit making it useless or they have a workaround which prevents the multiple constant attempts to connect with PINs over and over again. The router will detect that multiple successive attempts have been made, none of them being successful, then it'll just lock out the potential for attempts for a period of time, sometimes short (like 15 mins) and other times long (for 24-48 hours) so it's impractical to even bother.
You can have a router and totally disable WPS completely but if it's a vulnerable one that has not been patched Reaver will still work which is why it became popular in the first place - not because it worked on wide open routers but more because even when people supposedly disabled the WPS on their hardware it would still accept a WPS connect request hence Reaver would still work.
That's not the case anymore.
>WPA2 just takes muchmuchmuchmuchmuchmuchmuchmuch more time ... about 100 years if you have a proper password.
Yeah, i guess pass is always crackable, but let's talk about 1-day job attacks
I'm currently studying for CCNA and i was thinking about learning this netsec area as it is quite connected to my area and is quite interesting
What tools do hackers use if they want to hack into routers? i've seen people mentioning reaver, aircrack etc, which are (is i understand) programs all collected in kali
What do you use to crack WPS?
Social engineering, Ask employees, Cleaners and get in the building. Get physical access...
"Hacking" people has a bigger success rate since network is protected against attackers. Employees mostly not.
Nothing, really, because at the present time it's all just circumstance when someone does crack a wireless key like the OP appears to be hoping for.
Until some other exploit comes along to make things easier or you happen upon a router that's still unpatched for Reaver, it's just a hurry up and wait situation.
There's always social engineering or physical access which is a cakewalk compared to actual brute forcing a proper WPA/WPA2 key in 1,000 lifetimes.
>WPS is turned off
Some routers will ignore this flag. WPS will not be advertised ( wash -i mon0 won't show it) but will still answer manual requests. So you should actually test if turning off works for you.
Otherwise yes, WPA2 is pretty secure, given the pass is not in a wordlist.
Here's an example:
>lowecase (26 char)
>8 char lenght
Let's say you have 2x AMD HD 6990, gfx that cracks ~350K pmk/s ( http://thepasswordproject.com/oclhashcat_benchmarking ) it will take
165 hours, little less than 7 days for just a lowecase alpha 8 chars.
The gfx will also run at full speed, so expect a juicy electricity bill.
I got most from torrent and private stuff, never trusted online services when I don't have access to the list. Also they might log what you search and insert in other lists, you know, for science.
Typing your super password to a third party service to check if it's secure it's kinda stupid idea desu senpai.
If you're entering in the hacking world, you should be creative:
- Find a way to disable his router. (not that hard).
- Find a way to create a DNS server that redirects every request to a page that ask wireless password and save it.
- Find a way to "create a wireless router" with a similar SSID in linux(of course you'll need an wireless USB adapter or something like that).
- Let him connect without ask for a password. He'll realize that he is not connected and he will connect in your fake SSID.
- Wait until he/she open some webpage and enter the wireless password.
And done, you have his/her ultra secure WPA password.
Hack WPA could be very, very hard or even impossible if you don't use your creativity.
Yeah, but requires either dumb victim, or you be able to recreate the real router admin page, otherwise it's easy to spot, and so many things can go wrong.
User will just pick a new password for wifi, and that will be useless for you.
I'd rather use the fake AP to deliver a browser exploit (java/flash/whatever...) to exfiltrate the password.
>inserted into router OS
Requires physical access to reflash the router in most cases, or to a pc connected with ethernet + admin credentials.
Could be done, but frankly overkill to syphon just the wifi password.
And in most cases, routers already have some backdoor kindly provided by manufacturer.
Yeah, could fail, but you can create a window who asks for a password, does not need to be in a webpage.
Most of them are dumb, but there is a lot of stuff you can do to make it more real and not suspicious. Like just send some .exe file as an Flash or Java update, this file will remove saved Wi-fi passwords, catch keyboard data and send it to you.
You know, there is a lot of things to do. First of all you need to set a profile victim, them you start to plan.
>Not if the router has telnet or ssh access available
This still assumes you have access to the internal network, which you don't.
> inb4 shitty router that expose admin interface to public IP
worth a try, and he can already infer the router brand by its MAC address, and possibly even precise model number remotely with pixie.
>And in most cases, routers already have some backdoor kindly provided by manufacturer.
>Yeah, could fail, but you can create a window who asks for a password, does not need to be in a webpage.
He is making a bet with his friend that he can't find out the wifi password. I assume even the dumbest guy would get suspicious if by some coincidence a window plops up on his screen and asking for a wifi password a few days later.
>Yeah, could fail, but you can create a window who asks for a password, does not need to be in a webpage
True but why would you have to put in your password which is most likely saved in your device? and you didn't change it? And you can connect to it in first place? like... srsly. you should kill yourself if you fall for that.
I have random 50 letter long WPA2-AES pass, A-Z,a-z,0-9, !#$@% am I safe?
WPS turned off
Scriptkiddie lives next to my house and I would not be happy if he could access info about my shitposting on int and pol
That's is why I said:
YOU NEED TO CREATE A PROFILE OF THE VICTIM.
Who does not do it BEFORE an attack is a complete idiot.
Yes, I think you're right, he need to plot something.
if your router isn't vulnerable to WPS attacks
In the old days, we delivered something, not requested boring bullshit.
Fucking internet people can't google the solution, hm?
Bring your friend a ring or something.
Btw: Are you from India?
with "off with the math" I mean that it doesn't compute the exact number of chars you input, but up to.
Try it using lalpha, 1 char. ( 26^1 = 26)
>26 password combinations
lalpha, 2 chars (26^2 = 676)
>702 password combinations.
This is because it adds the possibility of the password being 1 char also. So 676 + 26 = 702
Let's say I'm looking for a password that is exactly 8 chars, because I already know the length, the math will be off.
I see nowhere in that page explaining that.
>Wait until he/she open some webpage and enter the wireless password.
You are reading what you are writing m8?
What you wanna say is the "evil twin" methode... but you failed to explain it.
"sup guys so i want to rob my neighbor's house but I just can't copy his door key, can anyone help me?
it's just to impress a friend lol :D"
>Call me and idiot but wait until anyone tips in 10 hours his wpa passwd in a totally dumb way of a "webpage", dat logic
Explain me what the sense of this attack is? Pls Iam waiting.