+- hashcat Forum (https://hashcat.net/forum)
+-- Forum: Support (https://hashcat.net/forum/forum-3.html)
+--- Forum: hashcat (https://hashcat.net/forum/forum-45.html)
+--- Thread: Question : Strength of routers default password (/thread-7691.html)
Question : Strength of routers default password - Nay - 07-27-2018
Hello there,
My friend just got his router changed and while talking with him I strongly suggested to change its default password to something both ok to remember and hard to crack/guess. As he thought the default password was good enough, I made a try and get some handshake exported in hccapx (with his approval of course)
In short, the format is 13 characters that are lower-alpha + num. Under a mask attack, hashcat gives me an Overflow that I understand, it is non doable in term of time.
Therefore :
- As passwords weaknesses often lie in users' choice and predictability, should we assume that routers default passwords are way better than anything we could choose, and let's say, not crackable ?
- Regarding such format, is there any other way to improve an attack than :
hashcat -O -m 2500 -a 3 try.hccapx -1 ?l?d ?1?1?1?1?1?1?1?1?1?1?1?1
Thank for your opinions,
RE: Question : Strength of routers default password - undeath - 07-27-2018
Often the algorithms to create those default passwords are weak. There are several instances of such algorithms having been reversed, allowing to crack such a default password with very few tries. Default passwords should not be trusted.
see for example those threads: https://hashcat.net/forum/thread-6170.html https://hashcat.net/forum/thread-4463.html
or this very detailed article documenting the reversing of one specific router: https://deadcode.me/blog/2016/07/01/UPC-UBEE-EVW3226-WPA2-Reversing.html
RE: Question : Strength of routers default password - Nay - 07-27-2018
Really good information there, thanks undearth