Brute forcing WPA2 becoming impossible?
#1
Just a general observation that it seems it's not really possible to brute force WPA2 anymore as manufacturers are putting longer more complex passwords on their devices as standard.

Take SKY for example, they're now using a 12 digit key, with a combination of A-Z, a-z and 0-9.  That's ((26*2) + 10)^12 for a total of 3,226,266,762,397,899,821,056 possible combinations.

Which even on modern hardware at 1MH/s would take: 37,341,050 days to solve.

It seems to me the core weakness of WPA2 was the default key length, and the manufacturers seem to be finally catching up to this.

Thoughts?
Reply
#2
Yeah it's getting more difficult.

Moderator: perhaps merge with this thread?
https://hashcat.net/forum/thread-11648.html
Reply
#3
No need to brute force if you know what you are doing.

Out of the box the success rate is still about: 39.71%
https://wpa-sec.stanev.org/?stats
Reply
#4
(03-10-2024, 08:00 PM)drsnooker Wrote: Yeah it's getting more difficult.

Moderator: perhaps merge with this thread?
https://hashcat.net/forum/thread-11648.html

Thanks, that was the crucial tip.
I converted the file with.
Code:
hcxpcapngtool -E wordlist WILLY.cap -o WILLY.hc22000
It seems that work is underway now
but unfortunately the "WILLY.pot" is empty
I'm going to test the word lists now
Thank you
Reply
#5
That probably won't work as expected:
Code:
$ hcxpcapngtool -E wordlist WILLY.cap -o WILLY.hc22000

To get full benefit of hcxpcapngtool it is mandatory to run an interactive tool (like hcxdumptool/hcxlabtool or AngryOxide) to retrieve as much as possible information from the target (in particular from a weak CLIENT).
Reply
#6
(03-12-2024, 10:10 AM)ZerBea Wrote: That probably won't work as expected:
Code:
$ hcxpcapngtool -E wordlist WILLY.cap -o WILLY.hc22000

To get full benefit of hcxpcapngtool it is mandatory to run an interactive tool (like hcxdumptool/hcxlabtool or AngryOxide)  to retrieve as much as possible information from the target (in particular from a weak CLIENT).

OK, I didn't get any more error messages, I thought it was correct. How do I have to do it right? I collected the data with airodump-ng and it is now in the WILLY.cap file.
what do I have to do now?
Reply
#7
That highly depend on the target:
- discover how many CLIENTs are associated to this NETWORK - is one of them weak (transmit PSK in the clear)
- get information about target AP (check IE TAGs of BEACON or PROBE RESPONSE - maybe serial number is present)
- reverse engineer firmware of the router
- run hashcat a9 attack on MAC and ESSID
- do md5sum/sha1sum on MAC or part of MAC or on serial number or part of the serial number and try result as PSK
- do md5sum/sha1sum on MAC or part of MAC or on serial number or part of the serial number and convert it by a translation table and use it as PSK
-do the same as mentiuone above but on a combination of the MAC and the serial number
- check for a pattern and run hashcat's MASK attack
- run (cleaned) word list & rule
Reply
#8
(03-15-2024, 02:27 PM)smit Wrote: As technology advances and encryption methods improve, brute-forcing WPA2 encryption is becoming increasingly difficult.

The use of strong, complex passwords and the implementation of security measures like WPA3 make it more challenging for attackers to gain unauthorized access.

However, persistent attackers may still attempt to exploit vulnerabilities or utilize advanced techniques, highlighting the importance of robust security practices and regular updates.

thanks for the explanation
Reply