Results 1 to 12 of 12

Thread: Where to get a wordlist? or make one?

  1. #1
    Join Date
    2014-Jan
    Posts
    1

    Where to get a wordlist? or make one?

    First of all, hope this is the right section.
    Say that I have managed to get handshake sucessefully, but,
    i've gone trough a 1.9GB wordlist I found using aircrack-ng
    and the key was not listed.

    The password I'm trying to get at, resembles more or so this:


    EF8A2F24C1D852DCA19A672222

    F9A7255CA3B2AF9BAB2638011A

    2D4AD04BEFD22B623B5CA9AB7A

    1D3D73698B0A1B95171611F4FB

    E60AEEAAC8

    E1614EE1AB8A

    570118A9A24F


    I'm completely lost at wether a wordlist that contains these kind of passwords exists, or is there a way I could make a
    wordlist suited for them, and if so, please give me a hand on how to. or should i use a diferent approach to decipher my handshake.cap file?

    again, begginer here, apologize if not the right section, or too ignorant.
    Thank you in advance.

  2. #2
    Join Date
    2013-Jul
    Posts
    841
    We do not mind helping new guys. First wordlists normally explore dictionaries or common passwords not random Alpha-numberic code. Your first four lines are probably impossible to brute force except with pico computers due to their length. Your last three are eight in length and ten in length. You could using a letter frequency approach (look up most used letters there is an order) possibly break this . Do to size of the files you will not be able to generate and store a dictionary. You could use a crunch aircrack-ng passthru. The problem here though is aircrack-ng. You cannot halt aircrack-ng and restart where you left off and this brute force take a long long time. The only way you are going to crack the last three is using elcomsoft/windows 7 64bit/two high end videocards like the ATI 5800 or higher. Elcomsoft has a save function and a mask attack which is the same as a crunch aircrack-ng passthru(ie computer generates the code). Try torrents for programs.

    If you want to crack WPA by brute force you need the right equipment. You can download large WPA dictionaries 8 or more in length again try torrents. Try looking at a different approach study reaver. See if the target has this flaw.

    /MTB

  3. #3
    Join Date
    2013-Oct
    Posts
    321
    Try these commands, they allow you to stop the bruteforce attack and then continue it from where you left off.

    Note:
    To stop the bruteforce attack you'll have to press Ctrl+c, don't forget to make a note of what crunch ended on.

    To start the attack:
    crunch <MinPasswordLength> <MaxPasswordLength> <CharacterSetToBeUsed> -d 4 | aircrack-ng <Handshake.cap> -e <APessid> -w -
    To continue from where you left off:
    crunch <MinPasswordLength> <MaxPasswordLength> <CharacterSetToBeUsed> -s <StartPoint> -d 4 | aircrack-ng <Handshake.cap> -e <APessid> -w -

    To start the attack:
    crunch <MinPasswordLength> <MaxPasswordLength> <CharacterSetToBeUsed> -d 4 | pyrit -e <APessid> -r <Handshake.cap> -i - attack_passthrough
    To continue from where you left off:
    crunch <MinPasswordLength> <MaxPasswordLength> <CharacterSetToBeUsed> -s <StartPoint> -d 4 | pyrit -e <APessid> -r <Handshake.cap> -i - attack_passthrough

    To start the attack:
    crunch <MinPasswordLength> <MaxPasswordLength> <CharacterSetToBeUsed> -d 4 | pyrit -e <APessid> -i - -o - passthrough | cowpatty -d - -r <Handshake.cap> -s <APessid>
    To continue from where you left off:
    crunch <MinPasswordLength> <MaxPasswordLength> <CharacterSetToBeUsed> -s <StartPoint> -d 4 | pyrit -e <APessid> -i - -o - passthrough | cowpatty -d - -r <Handshake.cap> -s <APessid>

    eg:
    crunch 8 32 abcdABCD1234 -d 4 | aircrack-ng Handshake.cap -e MyRouter -w -
    Ctrl+c
    crunch 8 32 abcdABCD1234 -s 1234567890AB -d 4 | aircrack-ng Handshake.cap -e MyRouter -w -

    Note:
    -d 4 = Limits the amount of times a character can appear next to its self.
    -s 1234567890AB = Is the start point, crunch will contiue to generate all combinations from here.

  4. #4
    Join Date
    2013-Nov
    Posts
    24
    you can use crunch to create a dictionary, or hashcat to bruteforce it. You can also set hashcat to use your GPU to speed up the bruteforce attack, but still would take forever. Unless you have a super fast computer, I would try different ways to get the passphrase. Like musket said, try reaver. Use wash to scan the AP to test it it has WPS locked or not, and if it doesn,t use reaver. This way you only have to bruteforce a PIN instead of a scrambled alpha numeric passphrase. Much much quicker.
    Visit my blog! PenTesting for Amateurs, by Amateurs -- Request your own tutorial, or send one to me to post.
    "thevanoutside" a Wordpress Blog!

  5. #5
    Join Date
    2013-Nov
    Location
    the state of oppression
    Posts
    16
    does any one no of any good religous themed wrdlists??

  6. #6
    Join Date
    2013-Oct
    Posts
    321
    What the others said is probably your best option, unless you know more about your target.

    At the moment I'm working on the BTHub3 and BThub4 routers.
    I've created a huge 3TB+ wordlist that covers every possible combination, I then managed to greatly reduce the size of it by removing useless combinations.
    My wordlist is now under 1TB and Im still reducing it even further, its a bit of an ongoing hobby. LOL
    Last edited by slim76; 2014-01-05 at 00:02.

  7. #7
    Join Date
    2014-Jun
    Posts
    1

    I have spent way too much time on this with no solution.

    Quote Originally Posted by polyphemus View Post
    you can use crunch to create a dictionary, or hashcat to bruteforce it. You can also set hashcat to use your GPU to speed up the bruteforce attack, but still would take forever. Unless you have a super fast computer, I would try different ways to get the passphrase. Like musket said, try reaver. Use wash to scan the AP to test it it has WPS locked or not, and if it doesn,t use reaver. This way you only have to bruteforce a PIN instead of a scrambled alpha numeric passphrase. Much much quicker.
    I'm very new to kali, and let me say so far I love it. Me and my neighbor have been doing some contests. I setup a router with a password and he trys to get it and he does the same. The rules are the password is WPA2 and has to be 8 - 20 characters in lengths. you can use a-z and 0-9. I don't use words so I"m going to bed he does the same. I have an older laptop than he does however I do have a nice desktop. I have captured his handshake with wifite. I have been trying to rack my brain on how to use cudahashcat to do a bruteforce on this password with those rules. I just can't figure how to make either rules or masks to properly attempt this take correctly. I have the cudahashcat64 for my windows machine with a decent graphics card.

    I hope this isn't too noob but I searched the forms and couldn't find a real solution I could understand.

    Thanks so much in advance.

    DrClaw

  8. #8
    Name Taken Guest
    I have been compiling my own wordlists from various sources online. Kali already come with dozens of wordlists in /usr/share/wordlists which can be a good place to start.

    The Btrfs filesystem has a feature similar to Windows NTFS compression called transparent compression which can reduce the size of wordlists from hundreds of gigabytes to less than a dozen.

    Code:
    apt-get install btrfs-tools
    
    mkfs.btrfs /dev/sdb1
    
    mount -o compress-force=zlib /dev/sdb1 /mnt
    After combining dozens of smaller wordlists into a big one, use

    Code:
    grep -E '^[0-9a-zA-Z]{8,}$' wordlist.txt > wordlist.stripped.txt
    to remove all passwords less than 8 and contain non alphanumeric characters.

    7zip offers the best compression to reduce the size even further to a few gigabytes for archiving, transferring, etc.

    Code:
    7za a -t7z -m0=lzma -mx=9 -mfb=64 -md=32m -ms=on wordlist.stripped.7z wordlist.stripped.txt
    The second best compression algorithm is Tar's XZ

    Code:
    tar -cJf wordlist.stripped.tar.xz wordlist.stripped.txt
    CPU cracking is pretty futile at only a few K passwords/s. Pyrit is very outdated and does not scale well with multiple and/or new GPUs. The best GPU cracking tool is oclHastCat. For comparison, a mid range CPU can crack at 2-3k passwords per second verse 150K/s with a single R9 280X.
    Last edited by Name Taken; 2014-06-17 at 01:54.

  9. #9
    Join Date
    2013-Jun
    Posts
    125
    A wordlist generator that I have been working on but finally got the time to finish it...i might think of adding some more features if i have enough time.

    adstar v1.0 wordlist generator. Created by: repzeroworld



    Download Link:

    http://www42.zippyshare.com/v/18247964/file.html

    optional arguments:
    -h, --help show this help message and exit

    -o [OUTPUT_PATH] Path to output wordlist. -o without a value will
    result in output to terminal.

    -b BEGINING_OF_WORD example '-b repzero' will place 'repzero' at the
    beginning of each word generated'

    -e END_OF_WORD example '-e repzero' will place 'repzero' at the end
    of each word generated.

    -r REPEAT_A_CHARACTER
    no. of times to repeat a character,e.g, '-r 2' will
    generate all combination of words INCLUDING words with
    each character being repeated a maximum of 2 times.

    Mandatory/Required Arguments:

    -s STRING string of characters to make wordlist
    from,EXAMPLE1:'-s abcd' will generate a wordlist
    containing characters'a','b','c' 'and'
    'd'.EXAMPLE2:'-s 'my name is repzero'' will generate
    all combinations with the strings 'my', 'name', 'is'
    and 'repzero'.

    -l WORD_LENGTH length of words in word in wordlist,EXAMPLE: '-l 4'
    will generate words that are 4 characters in length
    ONLY
    Last edited by repzeroworld; 2014-10-04 at 03:14. Reason: web link change

  10. #10
    Join Date
    2013-Jun
    Posts
    125
    Quote Originally Posted by repzeroworld View Post
    A wordlist generator that I have been working on but finally got the time to finish it...i might think of adding some more features if i have enough time.

    adstar v1.0 wordlist generator. Created by: repzeroworld


    Download Link:

    http://www39.zippyshare.com/v/83107169/file.html

    optional arguments:
    -h, --help show this help message and exit

    -o [OUTPUT_PATH] Path to output wordlist. -o without a value will
    result in output to terminal.

    -b BEGINING_OF_WORD example '-b repzero' will place 'repzero' at the
    beginning of each word generated'

    -e END_OF_WORD example '-e repzero' will place 'repzero' at the end
    of each word generated.

    -r REPEAT_A_CHARACTER
    no. of times to repeat a character,e.g, '-r 2' will
    generate all combination of words INCLUDING words with
    each character being repeated a maximum of 2 times.

    Mandatory/Required Arguments:

    -s STRING string of characters to make wordlist
    from,EXAMPLE1:'-s abcd' will generate a wordlist
    containing characters'a','b','c' 'and'
    'd'.EXAMPLE2:'-s 'my name is repzero'' will generate
    all combinations with the strings 'my', 'name', 'is'
    and 'repzero'.

    -l WORD_LENGTH length of words in word in wordlist,EXAMPLE: '-l 4'
    will generate words that are 4 characters in length
    ONLY

    HOW TO USE ADSTAR WORDLIST GENERATOR (VIDEO BY JAY DEE)

    video link

    *YOUTUBE*
    Last edited by g0tmi1k; 2014-12-09 at 14:45. Reason: Youtube

  11. #11
    Join Date
    2015-Nov
    Posts
    3

    Is there a way to set up where it ends in order to use multiple computer?

    Quote Originally Posted by slim76 View Post
    Try these commands, they allow you to stop the bruteforce attack and then continue it from where you left off.

    Note:
    To stop the bruteforce attack you'll have to press Ctrl+c, don't forget to make a note of what crunch ended on.

    To start the attack:
    crunch <MinPasswordLength> <MaxPasswordLength> <CharacterSetToBeUsed> -d 4 | aircrack-ng <Handshake.cap> -e <APessid> -w -
    To continue from where you left off:
    crunch <MinPasswordLength> <MaxPasswordLength> <CharacterSetToBeUsed> -s <StartPoint> -d 4 | aircrack-ng <Handshake.cap> -e <APessid> -w -

    To start the attack:
    crunch <MinPasswordLength> <MaxPasswordLength> <CharacterSetToBeUsed> -d 4 | pyrit -e <APessid> -r <Handshake.cap> -i - attack_passthrough
    To continue from where you left off:
    crunch <MinPasswordLength> <MaxPasswordLength> <CharacterSetToBeUsed> -s <StartPoint> -d 4 | pyrit -e <APessid> -r <Handshake.cap> -i - attack_passthrough

    To start the attack:
    crunch <MinPasswordLength> <MaxPasswordLength> <CharacterSetToBeUsed> -d 4 | pyrit -e <APessid> -i - -o - passthrough | cowpatty -d - -r <Handshake.cap> -s <APessid>
    To continue from where you left off:
    crunch <MinPasswordLength> <MaxPasswordLength> <CharacterSetToBeUsed> -s <StartPoint> -d 4 | pyrit -e <APessid> -i - -o - passthrough | cowpatty -d - -r <Handshake.cap> -s <APessid>

    eg:
    crunch 8 32 abcdABCD1234 -d 4 | aircrack-ng Handshake.cap -e MyRouter -w -
    Ctrl+c
    crunch 8 32 abcdABCD1234 -s 1234567890AB -d 4 | aircrack-ng Handshake.cap -e MyRouter -w -

    Note:
    -d 4 = Limits the amount of times a character can appear next to its self.
    -s 1234567890AB = Is the start point, crunch will contiue to generate all combinations from here.
    Since -s is the starting point, I'm wondering if there is any options to specify a stoping point. This would allow me tu use multiple computers in order to split the job and do the task faster...?

  12. #12
    Join Date
    2013-Jul
    Posts
    841
    First Reference this:
    .
    http://adaywithtape.blogspot.com/201...runch-v30.html

    Do a crunch aircrack-ng passthru and use the -e command with crunch

    If you cannot find out how to do passthrus post here. We think pyrit is faster but as we only use elcomsoft windows based others in these forums should advise you on methods of increasing speed.

    MTeams

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •