Found out some faggot hacked into my wifi. My original password

I doubt he brute-forced it, there might be an exploit for your router. In such case he will do it again and it won't take long. Have you updated the router's firmware?

>>61271046
nope. not a big fan of having to update firmware. always paranoid something will fuck up.

router is a SmartRg 505n, do you know of any exploits for it. i have an old WRT54g that i am going to flash and i will probably put the 505n into bridge mode.

>>61271001

About 0.7328 seconds if it's in the wordlist

>>61271100
I don't know much about this stuff, but there are databases of known exploits and tools that use them, so in theory you could test it yourself. Still, just updating regularily is a safe and eady option. If they keep getting into your network, reduce your signal strengths or switch to cables altogether.

>>61271105
how long would "de34rfg5" take?

>>61271001

those are both really shit passwords, look up diceware - it's perfect for this application

coincidentally the second is far easier to brute force

>>61271046

why do you doubt that? brute forcing wpa2 can be done entirely passively on your local machine

>>61271132

It was not in any of my wordlists so maybe you'll get lucky.

[spoiler]You should generate a random 16+ character string and write it down on paper[/spoiler]

How accurate is the xkcd's secure memorable passwords?

>>61271194
100%

do special characters work with WPA/WPA2?

(!@#$%^&*)?

>>61271262
yes

>>61271262
Of course. Just generate a password for your wifi with KeePassX

>>61271270
>>61271271
oh nice! i guess that is a /thread for me

ill just use one with a similar structure to the one my bank forces me to use.

How long would it take?

Not long when he knows you visit 4chan and comes here to read your new password that you've posted for the world and its dog.

>>61271298
No seriously, generate a 16+ character password with a secure opensource password manager (KeePassX) it's more secure than anything you'd think up. The only thing more secure would be diceware with 6+ words I guess.

>>61271301
how will he know that when i already kicked him off?

>>61271316
dont feel like having to input such a long thing into my wifi printer but i will get around to it.

what advantage does keepass or diceware have over just randomly inputting 16+ chars myself?

What if he isn't getting on your wifi via password? What if he's already backdoored your entire router rendering changing the password completely useless.

>>61271357
A password generator / diceware is about a billion times closer to "true" randomness than our brains could ever get, making passwords much much harder to brute force or guess. Diceware is probably better for you if you want to use it on your printer, because you'd just have 6 or so words that the dice chose, so it's easy to remember

>>61271001
So is nobody going to mention that he probably used reaver to get your WPS pin? Try disabling WPS.

WPA2-EAP with TLS Certs!

>>61271388
WPS was already disabled.

>>61271375
>you'd just have 6 or so words that the dice chose, so it's easy to remember
couldnt i just go to urban dictionary and get 6 random words?

>>61271001
8 characters take less than a day with a top-end GPU I think
use something longer

>>61271404
I mean yeah, you could just do something like go to wikipedia and click random article a few times and use those for your password

>>61271155
>"""generate""""
>""""""""""random""""""""""
if a machine generates it, it can't be random

He exploited the WPS of your router. Disable it or better buy a router without it.

>>61271443
WPS was disabled

Instead of going to some shady website to generate a "strong" password. Just go to your python shell and type this:

import random
print ("".join(["abcdefghijklmnopqrstuvwxyz1234567890!?."[random.randint(0,38)] for i in range(12)]))

>>61271404
Disabling WPS doesn't make it unexploitable. Buy a new router without WPS

>>61271452
going to bridge my ISP router and use DDWRT once i dig my WRT54G out of storage and flash it.

File: kko.jpg (109KB, 962x592px) Image search: [Google]

109KB, 962x592px

>>61271001
Just do a factory reset

>>61271452
yes it does

>>61271001
turn off WPS, then never

File: 1493135262914.jpg (21KB, 720x428px) Image search: [Google]

21KB, 720x428px

>password is dankmemes
>use mac filter
>disabled ssid broadcast
>disable dhcp
>never been hacked

>>61271618
Clearly because none tried, I could get access in 10min tops

>>61271748
good luck my ip is 192.168.1.1

>>61271100

with [a-z]{5,12}[0-9]{1,4} it would be dead easy to crack with a cheap gpu and oclhashcat. Presuming he grabbed the 4-way handshake. And that leaves it to offline cracking.

So chances are easy/to medium difficulty.

With wps-pixie, it can be cracked in under a few seconds.

Is WPS off?

Probably not.

>>61271814
WPS was disabled at the time. FFS you are the third person I have had to tell this to.

>>61271835
Then read the other portion.

4 way handshake -> GPU cracking, easy password template. An oclhashcat prince attack would have done nicely in the scenario.

>>61271618
MAC filter is entirely useless for wireless, I hope you know that

>>61271846
>oclhashcat prince attack
How to into this? After reading up on it this seems interesting.

>>61271001
The fact that he did all that so you would know he was there instead of keeping it on the down low shows he's not a real hacker. Any skiddy can use wifite or fern to crack a weak key but few will actually try to go after the machines on the network.

>>61271748
been 50 minutes now faggot and still not hacked

>>61271271
>>>>>>>>>>>Thiiiiiiiiiiiiiissss

if(anon == paranoid){

password.length() >= 14;

}

>>61271424
I use a zener HWRNG, faggot.

>>61271814
Pixie is a meme. I've used wash to find at least 10 APs that I used it on and it fails every time.

It's much easier to just sit and passively sniff with airodump. Eventually someone will pop on the network and you'll get the handshake or you can run a de auth attack and boot someone off if you aren't terribly concerned about them noticing a brief service interruption.

>>61272093
Even on at top end password cracker it would take over a year to brute force an 8 character WPA password. More likely they got physical access to the device and that was their way in.

OP here, I am a fucking idiot.

I just remember that about 2 weeks ago a friend brought over one of his clients computers for me to look at because his computer was acting funny and would not power on 100% of the time. Finally got the computer to cooperate and then I connected it to my wifi.

Not sure why the computer was still on my DHCP client list but I am pretty sure that was the computer because it was a mid tower and the host name of the suspected leech had the word "tower" in it.

>>61272213
Maybe not. There are cracking services out there that use server farms to crack it in like a few hours. But you gotta pay.

>>61271001
Encode it into base64.

>>61271001
you actually changed it to something shorter
wew lad

>>61271424
stop spreading bullshit
>>61272140
so you are just going to compare function return value and then do nothing? genius

>>61272328
it was all pointless

see this
>>61272226

and my neighbors never seemed like the l337 haxor type anyways.

>>61271001

Thanks for telling me your new password.

>>61272195
As for it failing, then I can only say you're either failing to use reaver/bully/pixiewps commands correctly. Or there anon vulnerable around you.

But it works.

>>61272093
Look on youtube for tutorials. It's a bit more involved but it generally works like this: it creates a statistical template for passwords. OP's password falls under more conventional ones. All you'd have to do is something like [a-z]{5-11}[0-9]{1,4} and poof, it'll work.

GPU cracking is nothing to scoff at

>>61272440
congratulations kiddo! have fun walking around the earth looking for the AP that it works with.

you passwords are both weak you need something long and random

>>61271001
>Changed it
you retard, you should have fucked with him.

reroute all his HTTP images to goatse, all his porn to scat, then inject JS like this dude did https://www.youtube.com/watch?v=0QT4YJn7oVI so you can continue to own him more or less forever even if he decides to log off your wifi.

>>61273256
it was a false alarm
see this
>>61272226

but the first thing that came to mind when i saw that unknown client was "reeeeee some guy is going to get me v&'ed!!!!" and i immediately reboot my router and changed my SSID and password.

>>61271760
>>61272107
cant tell if troll or retarded

>>61271001
Just do what I did and set up an authoritative DNS server that serves up lemonparty.org no matter what site you try to go to.

>>61273346
>i immediately reboot my router and changed my SSID and password
Good idea OP that sure should show FBI who's the boss

>>61273349
cant tell if troll or retarded

>>61273691
how else would you expect someone to boot a leech off their network? you fucking nigger.

>>61271137
As far as I know, it's just more likely that somebody found an exploit than devoted a lot of time and computing power to cracking a private wifi network

I'm going to ask here because I cannot for the life of me figure out how to do this.
I've discovered that my router uses a rather simplistic default password, it uses a format like this:
Adjective + Noun + 3 Digits (e.g. ‘manywrestler493’)
I've been trying to crack the handshake using hashcat. I've got an adjective dictionary, and a noun dictionary. I can successfully get hashcat to check every combination of the two dictionaries using combinator mode, but I’m not sure how to tell it to brute force the last three digits. If I try to use a rule set it complains that rules can only be used in attack mode 0. I think maybe I might have to combine the two dictionaries outside of hashcat, and then use attack mode 0 instead of attack mode 1. Can anyone either help me get hashcat to behave how I want, or help with combining the two dictionaries?
Sorry to ask stupid questions, Google has failed me.

>>61272140
>>61272353

sorry, i meant:

class paranoidAnon{

static void anonPwd(String str){

if(anonaPwd.length() < 14){

System.out.println("nope");

}

else{

System.out.println("Seriously, just
download KeePassX and generate
a pwd; it is not *truly* random, but it
is a great pwd manager and you can
generate and store 40 char complex
pwds easily.");
}
}
}

call as needed?

>>61276427
fuuuuuu! muh 4mattin!

>>61274660
Create a dictionary for the three digits. It is only a 1000 combinations anyway.

>>61276971
Hashcat only lets you use two dictionaries at once.

>>61271835
Was it actually off or is your router one of the shitty ones that don't actually disable it when it's off?