12-15-2017, 04:14 AM
(12-14-2017, 10:14 AM)Kangaroot Wrote: Knowing ISP for particular AP can dramatically reduce keyspace to iterate through, but what methods you'd use if user changed SSID name to 'abracadabra'. How will you find ISP being used?
ISP's use specific Modems. When you do a generic wifi scan you can capture the MAC of any device in range. With any vendor lookup, it can tell you the brand of that modem/router you're seeing.
Not sure about you but where I am located its pretty easy to define what a "changed" ESSID is related to its BSSID. We have two major ISP's and one uses PACE/Actiontec Modems, where as the competition uses Motorola/Arris. If it's an aftermarket Router then you can assume it's not going to use the default ISP's passphrases.
You might want to investigate WPS attacks first before jumping into WPA cracking basing on your questions. It's like an easy mode for harvesting password data.
Also a quick search reveals these modems... Further investigating shows a serial which shows a Wifi ESSID and a false password showing the length. You should be able to figure out the rest, its not as hard as you think. But I hate doing someone else's job so I'mma leave the learning to you by searching the web.