02-23-2014, 01:07 PM
(This post was last modified: 02-23-2014, 01:13 PM by Walkman950.)
Good morning all,
Long time lurker - first time posting. I've recently got a new Sky router from sky simply to update my old one, after giving me fibre FOC. Post is quite long, apologies for this and I thank you in advance if you have had patience to read and help.
I haven't changed any WPA/2 passwords as of yet as I have found this system to be quite secure so far. I have tried both bully and reaver attacks through virtual machines running BackTrack 5 R3 & The-Distribution-Which-Does-Not-Handle-OpenCL-Well (Kali) Linux, as well as a fully native installation on a Dell Latitude D420, using the inbuilt wireless adapter, as well as an Alfa one I purchased a few months back.
I was able to crack my last sky router with Reaver but this one seems to be protected against the WPS attacks, so now I am trying to crack it using a brute force attack.
I originally was using a combination of 'crunch' and Aircrack-ng, which allowed for the codes to be generated whilst cracking, meaning a ridiculously sized file was not necessary to work from as a word list.
As I know my Sky router has the original passkey, I know this is only uppercase alphabetical which is no longer or shorter than eight characters long. Now as I know this code will work from AAAAAAAA to ZZZZZZZZ like this;
AAAAAAAA
AAAAAAAB
AAAAAAAC
--
ZZZZZZZX
ZZZZZZZY
ZZZZZZZZ
^ Start, to finish respectively; I used the following options with crunch & aircrack;
./crunch 8 8 ABCDEFGHIJKLMNOPQRSTUVWXYZ -t ,,,,,,,,|aircrack-ng -w- -b MACADDRESSHERE '/root/CAPFILEHERE.cap'
As well as running on a separate machine in the reverse order, by adding the '-i' flag.
Considering I'm running that on what I regard to be a fast computer (8 core FX8350, clocked to 4.8ghz, 16gb ram, SSD, Asus 990FX Sabertooth mobo), it still only manages an absolute max of around 10,000 keys/s.
I thought there must be a faster way, which is when I discovered hashcat. Now I don't have the exact code to hand, but I used the code -m 2500 and cracking uppercase alphabetical only. This is being done on two identical X3D HD7850 2GB cards, overclocked, I can achieve around 120,000 h/s, running under windows 8.1.
What I am looking to do is run the same code on the WPA .cap with handshake included by running so any two characters are not the same together in each password tested.
ie; instead of AAAAAAAA, make the code stop it from duplicating the same letter next to eachother;
ABABABAB
ABABABAC
ABABABAD
--
GHGHGHGH
GHGHGHGI
GHGHGHGL
I saw a similar post mentioning mp64 and some other information, but as far as my oclHashcat folder (v 1.01) I cannot see mp64 anywhere or how to get it. I'm looking to do this as I've noticed on my last three routers (could be coincidence) but there has not been the same character next to eachother in each passcode. This should cut down the amount of keys to test also. Currently 8 characters with 26 possibilities puts 8 to the power of 26 working out to 208billion or so possible keys. Which appears with my setup will run for 26 days.
Is this a plausible way to cut down the hashing time, or does anyone have any other suggestions?
Could someone please help point me in the right direction? I hope I've explained this well enough! Any questions please feel free to ask, and apologies in advance if I've been unclear.
I look forward to the help!
Many thanks,
Sam
Long time lurker - first time posting. I've recently got a new Sky router from sky simply to update my old one, after giving me fibre FOC. Post is quite long, apologies for this and I thank you in advance if you have had patience to read and help.
I haven't changed any WPA/2 passwords as of yet as I have found this system to be quite secure so far. I have tried both bully and reaver attacks through virtual machines running BackTrack 5 R3 & The-Distribution-Which-Does-Not-Handle-OpenCL-Well (Kali) Linux, as well as a fully native installation on a Dell Latitude D420, using the inbuilt wireless adapter, as well as an Alfa one I purchased a few months back.
I was able to crack my last sky router with Reaver but this one seems to be protected against the WPS attacks, so now I am trying to crack it using a brute force attack.
I originally was using a combination of 'crunch' and Aircrack-ng, which allowed for the codes to be generated whilst cracking, meaning a ridiculously sized file was not necessary to work from as a word list.
As I know my Sky router has the original passkey, I know this is only uppercase alphabetical which is no longer or shorter than eight characters long. Now as I know this code will work from AAAAAAAA to ZZZZZZZZ like this;
AAAAAAAA
AAAAAAAB
AAAAAAAC
--
ZZZZZZZX
ZZZZZZZY
ZZZZZZZZ
^ Start, to finish respectively; I used the following options with crunch & aircrack;
./crunch 8 8 ABCDEFGHIJKLMNOPQRSTUVWXYZ -t ,,,,,,,,|aircrack-ng -w- -b MACADDRESSHERE '/root/CAPFILEHERE.cap'
As well as running on a separate machine in the reverse order, by adding the '-i' flag.
Considering I'm running that on what I regard to be a fast computer (8 core FX8350, clocked to 4.8ghz, 16gb ram, SSD, Asus 990FX Sabertooth mobo), it still only manages an absolute max of around 10,000 keys/s.
I thought there must be a faster way, which is when I discovered hashcat. Now I don't have the exact code to hand, but I used the code -m 2500 and cracking uppercase alphabetical only. This is being done on two identical X3D HD7850 2GB cards, overclocked, I can achieve around 120,000 h/s, running under windows 8.1.
What I am looking to do is run the same code on the WPA .cap with handshake included by running so any two characters are not the same together in each password tested.
ie; instead of AAAAAAAA, make the code stop it from duplicating the same letter next to eachother;
ABABABAB
ABABABAC
ABABABAD
--
GHGHGHGH
GHGHGHGI
GHGHGHGL
I saw a similar post mentioning mp64 and some other information, but as far as my oclHashcat folder (v 1.01) I cannot see mp64 anywhere or how to get it. I'm looking to do this as I've noticed on my last three routers (could be coincidence) but there has not been the same character next to eachother in each passcode. This should cut down the amount of keys to test also. Currently 8 characters with 26 possibilities puts 8 to the power of 26 working out to 208billion or so possible keys. Which appears with my setup will run for 26 days.
Is this a plausible way to cut down the hashing time, or does anyone have any other suggestions?
Could someone please help point me in the right direction? I hope I've explained this well enough! Any questions please feel free to ask, and apologies in advance if I've been unclear.
I look forward to the help!
Many thanks,
Sam