Posts: 5
Threads: 2
Joined: Mar 2024
Just a general observation that it seems it's not really possible to brute force WPA2 anymore as manufacturers are putting longer more complex passwords on their devices as standard.
Take SKY for example, they're now using a 12 digit key, with a combination of A-Z, a-z and 0-9. That's ((26*2) + 10)^12 for a total of 3,226,266,762,397,899,821,056 possible combinations.
Which even on modern hardware at 1MH/s would take: 37,341,050 days to solve.
It seems to me the core weakness of WPA2 was the default key length, and the manufacturers seem to be finally catching up to this.
Thoughts?
Posts: 102
Threads: 2
Joined: Jul 2016
Yeah it's getting more difficult.
Moderator: perhaps merge with this thread?
https://hashcat.net/forum/thread-11648.html
Posts: 1,042
Threads: 2
Joined: Jun 2017
03-11-2024, 09:22 AM
(This post was last modified: 03-11-2024, 10:34 AM by ZerBea.)
No need to brute force if you know what you are doing.
Out of the box the success rate is still about: 39.71%
https://wpa-sec.stanev.org/?stats
Posts: 5
Threads: 1
Joined: Mar 2024
(03-10-2024, 08:00 PM)drsnooker Wrote: Yeah it's getting more difficult.
Moderator: perhaps merge with this thread?
https://hashcat.net/forum/thread-11648.html
Thanks, that was the crucial tip.
I converted the file with.
Code:
hcxpcapngtool -E wordlist WILLY.cap -o WILLY.hc22000
It seems that work is underway now
but unfortunately the "WILLY.pot" is empty
I'm going to test the word lists now
Thank you
Posts: 1,042
Threads: 2
Joined: Jun 2017
That probably won't work as expected:
Code:
$ hcxpcapngtool -E wordlist WILLY.cap -o WILLY.hc22000
To get full benefit of hcxpcapngtool it is mandatory to run an interactive tool (like hcxdumptool/hcxlabtool or AngryOxide) to retrieve as much as possible information from the target (in particular from a weak CLIENT).
Posts: 5
Threads: 1
Joined: Mar 2024
(03-12-2024, 10:10 AM)ZerBea Wrote: That probably won't work as expected:
Code:
$ hcxpcapngtool -E wordlist WILLY.cap -o WILLY.hc22000
To get full benefit of hcxpcapngtool it is mandatory to run an interactive tool (like hcxdumptool/hcxlabtool or AngryOxide) to retrieve as much as possible information from the target (in particular from a weak CLIENT).
OK, I didn't get any more error messages, I thought it was correct. How do I have to do it right? I collected the data with airodump-ng and it is now in the WILLY.cap file.
what do I have to do now?
Posts: 1,042
Threads: 2
Joined: Jun 2017
03-12-2024, 08:32 PM
(This post was last modified: 03-12-2024, 08:33 PM by ZerBea.)
That highly depend on the target:
- discover how many CLIENTs are associated to this NETWORK - is one of them weak (transmit PSK in the clear)
- get information about target AP (check IE TAGs of BEACON or PROBE RESPONSE - maybe serial number is present)
- reverse engineer firmware of the router
- run hashcat a9 attack on MAC and ESSID
- do md5sum/sha1sum on MAC or part of MAC or on serial number or part of the serial number and try result as PSK
- do md5sum/sha1sum on MAC or part of MAC or on serial number or part of the serial number and convert it by a translation table and use it as PSK
-do the same as mentiuone above but on a combination of the MAC and the serial number
- check for a pattern and run hashcat's MASK attack
- run (cleaned) word list & rule
Posts: 5
Threads: 1
Joined: Mar 2024
(03-15-2024, 02:27 PM)smit Wrote: As technology advances and encryption methods improve, brute-forcing WPA2 encryption is becoming increasingly difficult.
The use of strong, complex passwords and the implementation of security measures like WPA3 make it more challenging for attackers to gain unauthorized access.
However, persistent attackers may still attempt to exploit vulnerabilities or utilize advanced techniques, highlighting the importance of robust security practices and regular updates.
thanks for the explanation