what are some good word-lists for bruteforce attacks ?

install wget and make your own by crawling the web

File: 1479368787614.jpg (239KB, 1280x960px) Image search: [Google]

239KB, 1280x960px

>>57600310
rockyou.txt

>>57600310

probably one on shithub

/dev/random

>>57600310
download an archive of hacked accounts and it's easy.
eg. https://stricture-group.com/files/adobe-top100.txt

>>57600310
I've got a 10gb one called Super-WPA i found on gpu-hash.me, I've tested 200 million passwords and can't crack this WPA.

What's the best way to do it? Wordlist+rules or brute forcing with default wifi passwords?

I think most default wifi passwords are 8 or 10digits all capital or all lower case hex

File: Screenshot from 2016-11-20 09-48-05.png (41KB, 709x405px) Image search: [Google]

41KB, 709x405px

>>57600370

>>57600310
None because Bruteforcing relies too much on uncertainty. Maybe back before 2012, but bruteforcing has become an unreliable tactic of infiltration. Now a-days more and more people are using more numbers and symbols and such in their passwords.

>>57600370
WPS attack

>>57600399
tried wifite WPS pixie attack it just says failed to associate and can't get any successful tries on WPS pin attack either.

I saw an article about some dude using Amazon EC2 cloud computers to brute force WPA for $1.50 in bought computer time but I'm not sure what he's talking about. I see you can buy time on rigs with 4 nvidia cards or so and they're decently fast, not gonna brute force it in less than an hour or anything crazy though.

File: 1478881859977.gif (2MB, 240x244px) Image search: [Google]

2MB, 240x244px

>>57600310
nvidia drivers/windows 10

>>57600370
>I think most default wifi passwords are 8 or 10digits all capital or all lower case hex
(16^8*)*2+(16^10)*2 is about 2 trillion passwords. I wonder how long that would take

>>57600310
Is that not called a dictionary attack?

>>57600370
2 trillion is in few hours on a modern gpu

>>57600310
The NSA has all the dictionaries worth having in the current year.

>>57600767
Assuming you can test them as fast as you generate them. Also assuming there isn't any sort of protection in play against this (i.e. key stretching or a simple lockout after multiple failed attempts).

>>57601010
you get the 4 way handshake and test against the hash in that. my shitcan computer test 230 million keys overnight.

>>57600370
Depends on the APs. I mean where I live (UK) nearly everybody around here is with Virgin Media, whose default password are all 8 characters, lowercase a-z. It's still a huge set (at least I assume it is, maybe >>57600573 can maths it) and I got bored of waiting.

I find most of this stuff is much more fun in theory than in practice.

>>57601667
if you get the mac address you can look up the brand and some possible default passwords. All the ones I'm looking at are 10 character uppercase hex. so only 1 trillion combinations. probably could do it in under an hour if i rent an amazon cloud pc with multiple gpus

>>57601667
>8 characters, lowercase a-z
26^8 = only 200 billion lol

>>57600573
sorry but could you explain how to do that formula?

>>57601860
yeah it's combinations and permutations.

hexadecimal is numbers 0-9 and ABCDEF so 16 possible characters. 16 characters raised to the 10th power for 10 length password = a trillion or so.

for example a 1 length password in this format has 16^1 or 16 possible combinations:
[0-F]
a 2 length password has 16^2 or 256 possible combinations
[0-F] [0-F]

>>57601897
oh shit thanks so it's just
amount of characters it could be using^password length?
always wondered this

>>57601922
yeah

>>57601922
Americans don't learn combinatorics in HS?

Yeah if it allows repeatable characters it's (number of allowed characters)^(number of character places)

If repeatable characters aren't allowed it's (n!)/(n-k)! where n is number of allowed characters and k is number of character places.

If you're just looking at subsets (order of placements doesn't matter, think of lottery numbers) it's binomial coefficients.

>>57601996
>Americans don't learn combinatorics in HS?
UK fag, not sure if we were taught it I didn't pay much attention

>>57601996
this desu wondering how you don't know that lol. i learned combinations and permutations junior year in high school

https://aws.amazon.com/ec2/pricing/on-demand/

looking at the pricing of the GPU clusters. looks like you could rent a cluster of 32 for $8 an hour. atleast I think that's what they mean by vCPU, it does say GPU instance not sure why they would need 32 CPUs. damn thats not bad, 32 gpus shit that would probably be fast as hell if you used hashcat.

>>57600329
2nd this

>>57601716
Interesting did not know this, it's obvious in hindsight.

>>57601750
Cool.

>>57602006
UK here, I wasn't taught it but it sounds like higher maths and I was a dumb shit. Or am a dumb shit, I suppose.

>>57602096
ah nvm, actually the most expensive and best, $14 an hour, is 16 gpus. still blazing fast!

https://aws.amazon.com/blogs/aws/new-p2-instance-type-for-amazon-ec2-up-to-16-gpus/

File: huern.jpg (5KB, 225x225px) Image search: [Google]

5KB, 225x225px

>2016 + 0.91666666
>bruteforcing still exist
>
>install kali linux meme

>>57602263

Fux y00! Kali is amazing

>>57602179
Paying by the hour to rent hardware for bruteforcing shows quite a level of dedication. Wouldn't they throw a shit fit?

File: cocksure.jpg (136KB, 766x960px) Image search: [Google]

136KB, 766x960px

>>57602287
i would love for you to give me an example...
>inb4 metasploit being used on an unpatched 4yo vuln
>maybe aircrack if you are willing to buy a nice antenna

>>57602415
>aircrack
>antenna
Is this really necessary?

>>57602327
>Wouldn't they throw a shit fit?
? what do you mean? i would just download nvidia drivers and ocl hashcat, then i have a hccap file i want to bruteforce. it would prob take an hour or less.

>>57602630
to clarify: I'm not bruteforcing by repeatedly trying to login to the wifi, I have a WPA handshake file which contains a salted hash that you can brute force

>>57600310
Look up fluxion

>>57600370
why would you brute force a wifi?

>Rainbow Table

>>57603418
Proof of concept / just 'cause / shits and giggles. I don't need free WiFi, I'm just a nerd.

File: 1457187960415-0.jpg (149KB, 565x575px) Image search: [Google]

149KB, 565x575px

>>57603516

>>57603418
I've been trying to figure out how the fuck to use Amazon AWS for the past hour but I'm guessing you have to have credentials not just money to rent a GPU cluster. That or their website is a lost cause and completely broken. Anyone ever tried using it before? Keeps telling me I'm only eligible for free tier but can't find and way to sign up for paid tier and can't find anything about it on google.

>>57603554
Y-you too

>>57603495
This. Rainbow tables are 20% faster than bruteforcing.

>>57603558
You need to make an account. Google also has Google Compute which is their direct competition for AWS and Microsoft has Azure. Pick whichever you want and have fun.

All of them require accounts with billing enabled and a payment method on file. You won't be billed if you stay in the free-tier and if you cancel before the free period ends in most cases. Read the billing terms and see.

>t someone who works with AWS for a living and used to work with Google Cloud Storage and Compute.

File: 1203587989733.jpg (108KB, 330x400px) Image search: [Google]

108KB, 330x400px

>>57600310
love, secret, sex, God

>>57604467
>>57604467
If you've can access a decent rainbox table, the decent ones for Ophcrack were expensive.

>>57600370
you probably found the dumbest way to crack a wpa

>>57600310
>le epik haxor xD
>frogposting
>even considering a bruteforce attack
>>>/reddit/

File: 1462787858527.jpg (54KB, 640x640px) Image search: [Google]

54KB, 640x640px

>>57600310
>wordlist attack
>brute force attack
Pick one, luser.