Results 1 to 12 of 12

Thread: Fastest way to hack WPA and WPA2?

Hybrid View

Previous Post Previous Post   Next Post Next Post
  1. #1
    Join Date
    2016-Apr
    Posts
    32

    Fastest way to hack WPA and WPA2?

    Hey y'all,

    Just wondering if anyone knows the fastest method to hack a WPA and WPA2 WIFI password?

    I have been using aircrack-ng in conjunction with reaver, but it is taking hours and hours to crack, 12hr plus.

    Are there any faster methods please guys?
    Last edited by Cryptic-F; 2016-04-11 at 17:33.

  2. #2
    Join Date
    2016-Jan
    Posts
    99
    pixiedust or.. just ask the neighbours

  3. #3
    Join Date
    2016-Apr
    Posts
    32
    Thanks, I will get stuck into pixiedust then

    Haha lol!

  4. #4
    Join Date
    2016-Jan
    Posts
    51

    Cool

    depends!!!.... does the ap have wps enabled if yes you can always use reaver or bully, if wps is locked you could try vmr-mdk, else if wps is not enabled the fastest way is social engineering by using the evil twin method whereby u need two wireless cards... hope this helps..

  5. #5
    Join Date
    2013-Dec
    Location
    UK
    Posts
    13
    definitely pixiedust (assuming WPS is turned on, usually is by default) but saying that not all AP's are receptive to this attack and sometimes still resorted to to "old school" methods witch are generally hit and miss no matter how big your wordlist is

  6. #6
    Join Date
    2016-Apr
    Posts
    4
    Everyone talks about WPS bruteforcing like its a great method, but reality is most routers are protected from this, except a few made between 2007 and 2012 that havent had firmware upgrades.

    WPS bruteforcing, even in the best of circumstances with no lockouts and a router that can handle lots of requests without crashing, is a slow method (hours to days)

    WPS Pixiedust only works on a few models, but could be a good and fast method, although I havent found a model it worked on yet.

    The best and fastest way with the highest success rate in my opinion is: capture the handshake and bruteforce it offline with oclhashcat + GPU

    I can run through the 9 million 8-63 character passwords in rockyou.lst in just a few minutes on my AMD R9 290 GPU. Even with my laptop and Nvidia G755M I can hit the whole list in about 12minutes.

    In my experience, I would guess that about 30% of wireless networks (or higher) can be cracked with rockyou.lst

  7. #7
    Join Date
    2016-Apr
    Posts
    32
    Quote Originally Posted by Arch3r View Post
    Everyone talks about WPS bruteforcing like its a great method, but reality is most routers are protected from this, except a few made between 2007 and 2012 that havent had firmware upgrades.

    WPS bruteforcing, even in the best of circumstances with no lockouts and a router that can handle lots of requests without crashing, is a slow method (hours to days)

    WPS Pixiedust only works on a few models, but could be a good and fast method, although I havent found a model it worked on yet.

    The best and fastest way with the highest success rate in my opinion is: capture the handshake and bruteforce it offline with oclhashcat + GPU

    I can run through the 9 million 8-63 character passwords in rockyou.lst in just a few minutes on my AMD R9 290 GPU. Even with my laptop and Nvidia G755M I can hit the whole list in about 12minutes.

    In my experience, I would guess that about 30% of wireless networks (or higher) can be cracked with rockyou.lst
    I have been having terrible responses with reaver and pixie the past few days, they do not actually work on any router i have attempted to crack.. they just bog out and give void messages.

    After realizing these methods are more or less useless i decided to capture a handshake, i am currently attempting to crack the handshake via crunch.

  8. #8
    Join Date
    2013-Jul
    Location
    United States
    Posts
    520
    You will get nowhere with crunch dude. Pixie Dust is the best option in the case that you are attacking a supported chipset (Ralink, MediaTek, Celeno, Raltek, and Broadcom eCos), otherwise I would resort to looking for default algorithms, default keyspaces, default wordlists, etc.

    Pixie Dust is so versatile because in most cases you avoid lockouts and the whole process can be completed in under 4 seconds (though it can take a few minutes depending on the case). I have found so much success with Pixie Dust, you just need to be in the right circumstances and that isn't always possible for some people.

  9. #9
    Join Date
    2016-Apr
    Posts
    10
    Quote Originally Posted by soxrok2212 View Post
    You will get nowhere with crunch dude. Pixie Dust is the best option in the case that you are attacking a supported chipset (Ralink, MediaTek, Celeno, Raltek, and Broadcom eCos), otherwise I would resort to looking for default algorithms, default keyspaces, default wordlists, etc.

    Pixie Dust is so versatile because in most cases you avoid lockouts and the whole process can be completed in under 4 seconds (though it can take a few minutes depending on the case). I have found so much success with Pixie Dust, you just need to be in the right circumstances and that isn't always possible for some people.

    I'm trying to test Huawei Router (Ralink RT2860) but it constantly gives me an error "WPS transaction failed (0x04)" and I can't get any m3, m4 messages or e-hashes. Please, any solutions?

    [P] WPS Manufacturer: Ralink Technology, Corp.
    [P] WPS Model Name: Ralink Wireless Access Point
    [P] WPS Model Number: RT2860

  10. #10
    Join Date
    2016-Apr
    Posts
    5
    Get closer to the router if possible dude

  11. #11
    Reaver is definitely the way to go for cracking WPA/WPA2. Play around with the options untill you find one which steadily tries pins. With -d (number of seconds) you can set time after how much seconds the next pin will be tried.

    Most of the times, this combination does the trick for me;

    reaver -i (interface) -c (channel) -b (BSSID) -vv -L -N -S --no-nacks --win7 -d 30 -x 60

    Also check with wash -i (interface) if the AP is WPS locked.

  12. #12
    Join Date
    2015-May
    Posts
    25
    I tried pixie dust(wifite) against D-link routers, cracks in seconds, but when tried against TP-Link routers, it fails and says WPS not found, tried VMR-MDK, routers locks out. Cracking with wordlist is just by luck if the passphrase is in dictionary.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •