Tactic for cracking WPA password
#1
Im looking for a good tactic for cracking WPA passwords.
What is the best attack to start with (Dict, Mask etc.) and what wordlist to use?

Thanks
Reply
#2
https://weakpass.com/wordlist
Reply
#3
(06-02-2023, 09:30 PM)Undercoverdog Wrote: Im looking for a good tactic for cracking WPA passwords.
What is the best attack to start with (Dict, Mask etc.) and what wordlist to use?

Thanks

You have to figure out for indicatives of what kinf of password the network is using, customized or default? If customized the go with dictionary and then rules on it.
is default, well in this case, you need to get information about the router maker to look for a default mask you could apply on Hashcat.
Reply
#4
A promising attack always starts with a state of the art tool to attack the target over the air.
Dumping a BEACON and a 4way handshake or a PMKID only is far from that.

Once you got a pcapng dump file that contain all this information you have to analyze it.
https://github.com/ZerBea/hcxtools/issues/265

First test if the PSK is inside the pcapng file. Some CLIENTs transmit it in the clear.

Now test if the PSK is calculated from the BSSID (or part of the BSSID).

Than test if the PSK is calculated from the ESSID (or part of the ESSID).
https://forum.hashkiller.io/index.php?th...ost-332565

Check if a keygen exists:
https://github.com/routerkeygen/routerkeygenPC

Check if the key space is known (hcxpsktool):
https://github.com/ZerBea/hcxtools

Than try some common wordlists:
https://wpa-sec.stanev.org
https://hashmob.net/resources/hashmob

Generate a base list from known PSKs (hcxeiutool) and run a rule on it.

Find a pattern and run a mask (e.g. AndroidAP: ?l?l?l?l?d?d?d?d).
Reply
#5
(06-03-2023, 07:59 AM)ZerBea Wrote: A promising attack always starts with a state of the art tool to attack the target over the air.
Dumping a BEACON and a 4way handshake or a PMKID only is far from that.

Once you got a pcapng dump file that contain all this information you have to analyze it.
https://github.com/ZerBea/hcxtools/issues/265

First test if the PSK is inside the pcapng file. Some CLIENTs transmit it in the clear.

Now test if the PSK is calculated from the BSSID (or part of the BSSID).

Than test if the PSK is calculated from the ESSID (or part of the ESSID).
https://forum.hashkiller.io/index.php?th...ost-332565

Check if a keygen exists:
https://github.com/routerkeygen/routerkeygenPC

Check if the key space is known (hcxpsktool):
https://github.com/ZerBea/hcxtools

Than try some common wordlists:
https://wpa-sec.stanev.org
https://hashmob.net/resources/hashmob

Generate a base list from known PSKs (hcxeiutool) and run a rule on it.

Find a pattern and run a mask (e.g. AndroidAP: ?l?l?l?l?d?d?d?d).

With regard to running wordlist attacks (such as using the one's you suggested, or the 3wifi dict) what, in your experience, are the best rules to run in congruence with these? I've recently been trying best64 with both wpa-sec's 'cracked' and 3wifi's key/pass dict and have had less than desirable results (only cracking 2 out of 48 WPA/WPA2-PSK hashes from a testing environment) in both cases; and the two which cracked could have been cracked with rockyou...

Any advice much appreciated.
Reply
#6
It doesn't make sense to run a rule on a wordlist that contain compounds (e.g. password12345).
But if you break down the words into basic words (e.g. password) and apply a rule (e.g. apply years) you get this candidates:
password1990
password1991
....
password2022

For me they look much better than:
password123451990
password123451991
...
password123452022
Reply
#7
(06-11-2023, 07:40 PM)ZerBea Wrote: It doesn't make sense to run a rule on a wordlist that contain compounds (e.g. password12345).
But if you break down the words into basic words (e.g. password) and apply a rule (e.g. apply years) you get this candidates:
password1990
password1991
....
password2022

For me they look much better than:
password123451990
password123451991
...
password123452022

I see. I've obviously overlooked the contents of these particular worlists and just ran them without due consideration as that obviously makes sense.

Do you favour any particular wordlists for use with rules that you find productive? And, generally speaking, is it more beneficial to run attacks with rules on smaller wordlists?
Reply
#8
A big basic word list & rules result in a huge word list. PBKDF2 is a slow algo. Running such a big word list will take a lot of time.
Usually I break down -R output of hcxpcapngtool:
hcxdumptool -> hcxpcapngtool -> hcxeiutool -> hashcat & rules

The same can be done on
https://wpa-sec.stanev.org/dict/cracked.txt.gz
and the tiny list of
https://hashmob.net/resources/hashmob

Please notice, that you have to pre-process the word lists mentioned above before you add rules:
break down ito basic words
remove improbable words

Please also notice that this procedure only works on user defined PSKs.

On default PSKs you have to discover the key space and/or a pattern.

Complex long default PSKs are unbreakable if you don't know the algo how they are calculated.
In some cases it it might be possible to find them in the WiFi traffic:
https://github.com/evilsocket/pwnagotchi...-598597214
Reply
#9
Okay, thank you very much Smile I'm also wondering, if I may, what (if any at all) difference there might be in cracking efficiency/probability between hashes derived (w/ hcxdumptool & hcxpcapngtool) from EAPOL M1M2 challenge ('halfway handshakes') vs M2M3 authorized ('4 way handshake') captures?

In my current test environment I had hcxdumptool set to not send disassociation frames and, therefore, my resulting hashes are largely derived from M1M2 challenge (as well as some PMKID) captures.

So with regard to the thread topic (tactics for WPA cracking) is there any advantage/disadvantage in going for certain kinds of handshake captures over others for cracking efficiency/probability, presupposing the use of hcxdumptool/hcxpcapngtool?
Reply
#10
Majro advantage is that you get on every entry of the wpa-supplicant.conf an EAPOL M2 from the CLIENT. That may include false tries (e.g.: pasword1 instead of password1) or an entire PSK change history (in both cases high value of ----attemptclientmax is mandatory).
If the ESSID (salt) doesn't change, you can get advantage of hashcat's reuse of PBKDF2.

In other words:
PMK, M2M3 or M3M4, or M1M4 is useful if your goal is to break a single NETWORK
hcxdumptool is able to run this old school attacks, but it isn't the goal.

M1M2 is useful to break an entire system (history, pattern, iterations).
This is the goal.
Reply