12 character WPA2 password
#1
What's the best way to attack a 12 character WPA2 password. Everything I tried about takes too long. Estimated time from 14 days to 10 years. I tried hybrid, rules. Also when I create a wordlist from
the Maskprocessor its huge. If you don't know the password you have to try all kinds of passwords for hybrid and I made my own wordlist with 9 characters and with 6 characters with a rule to append. Can someone tell me what's the best way hashcat or oclhashcat. IM only getting approx. 2500 H/s on GPU. Thanks.
#2
My opinion is that you must increase your computing power
#3
2500H is extreme slow. Make sure to read this:

https://hashcat.net/wiki/doku.php?id=fre...ck_so_slow
#4
(04-30-2015, 09:53 AM)atom Wrote: 2500H is extreme slow. Make sure to read this:

https://hashcat.net/wiki/doku.php?id=fre...ck_so_slow


I have a laptop with on-board video. Since my speed is slow should I use hashcat and what would be the best approach with WPA2.
#5
Practically speaking, a 12 character WPA2 key is going to be difficult to crack. The WPA2 hash cracks relatively slowly, at least compared with other hashes. 12 characters presents a pretty large keyspace as well. Even if you optimize, its still going to take a while to crack. Lets say you manage to double your speed - that's still 5 to 7 days. With on-board laptop GPU, I don't think you're going to get too much beter than that, although it depends on the card.

When I've attempted to crack WPA2 passwords on pen tests, even with the computing power at my disposal, I have to be very judicious about what I give hashcat so I'm making the best guesses that I can, because I know its going to take a while. Most passwords I've seen are phrases or combinations of words that mean something to the company. I like creating a custom wordlist around the company itself. Use Cewl, or make it yourself, based on company names and words that mean something to their industry and business. Expand that list out using best64. Then use a combinator attack using that wordlist twice, or combine it with an english dictionary. I'm not saying that will crack it - I'm usually unsuccessful during engagements cracking the WPA2 (which is why you need to rely on other methods). But it at least gives you a decent chance.
#6
you can't bf 12 characters. no matter what algo.