Follow us on Twitter!
Society leans ever heavily on computers, if you have the power to take out computers you can take out society. - cubeman372
Thursday, April 17, 2014
Navigation
Home
HellBoundHackers Main:
HellBoundHackers Find:
HellBoundHackers Information:
Learn
Communicate
Submit
Shop
Challenges
HellBoundHackers Exploit:
HellBoundHackers Programming:
HellBoundHackers Think:
HellBoundHackers Track:
HellBoundHackers Patch:
HellBoundHackers Other:
HellBoundHackers Need Help?
Other
Members Online
Total Online: 18
Guests Online: 15
Members Online: 3

Registered Members: 82822
Newest Member: TheBunter
Latest Articles
View Thread

HellBound Hackers | Computer General | Cryptography

Author

WPA cracking.

stealth-
Member



Posts: 1003
Location: Eh?
Joined: 10.04.09
Rank:
Mad User
Posted on 13-10-10 04:33
Hey guys,

Forms have been quiet so I figured I'd pose a (stupid?) question. I recently cracked into a WPA encrypted network the standard way (Force deauth, capture handshake, crack..), and was actually very surprised at the speed it took to run through my dictionary list. The 10 character passphrase was cracked within about 40 seconds at a speed averaging about 500/kps.

If my calculations are right, then a fifteen character passphrase should pan out like this:

2^15 = 32768 possible values
32768/500kps = 65.536 seconds to try all possible values.

Did I do something wrong there? I don't know a whole lot about bit entropy, but the idea that it takes just over a minute to genuinely bruteforce a fifteen character password is shocking. I have serious doubts that many users use a passphrase longer than 10, much less 15, so wouldn't this effectively make WPA encryption unsecure for the typical user (who has no clue what's going on)?


The irony of man's condition is that the deepest need is to be free of the anxiety of death and annihilation; but it is life itself which awakens it, and so we must shrink from being fully alive.
http://www.stealt. . .
http://www.stealth-x.com
Author

RE: WPA cracking.

fuser
Member



Posts: 960
Location: in front of a computer (duh)
Joined: 05.04.07
Rank:
Mad User
Posted on 13-10-10 06:18
stealth- wrote:
Hey guys,

Forms have been quiet so I figured I'd pose a (stupid?) question. I recently cracked into a WPA encrypted network the standard way (Force deauth, capture handshake, crack..), and was actually very surprised at the speed it took to run through my dictionary list. The 10 character passphrase was cracked within about 40 seconds at a speed averaging about 500/kps.

If my calculations are right, then a fifteen character passphrase should pan out like this:

2^15 = 32768 possible values
32768/500kps = 65.536 seconds to try all possible values.

Did I do something wrong there? I don't know a whole lot about bit entropy, but the idea that it takes just over a minute to genuinely bruteforce a fifteen character password is shocking. I have serious doubts that many users use a passphrase longer than 10, much less 15, so wouldn't this effectively make WPA encryption unsecure for the typical user (who has no clue what's going on)?


I have to admit that was the fastest I've seen a WPA password got cracked.

I think in your case, you probably got lucky, or that you have a very good dictionary to back you up in cracking the wpa password. And it's can be as secure as how the user sets it up: if the passphrase is long and hard to guess, the longer it'll take for the cracker to bruteforce (or for you to guess it)

check this link for those interested in figuring out how to do it: http://docs.lucid. . .s_Networks


img.userbarz.com/51/10006.png
img.userbarz.com/146/29144.gif
img.userbarz.com/99/19602.jpg
img.userbarz.com/4/600.png
img.userbarz.com/45/8814.gif
img360.imageshack.us/img360/9231/bfbarlr0.jpg
[url=http://userbarz.com/][img]ht
catinthecpu@hotmail.com
Author

RE: WPA cracking.

stranac
Member



Posts: 149
Location:
Joined: 15.11.08
Rank:
God
Posted on 13-10-10 18:08
stealth- wrote:

If my calculations are right, then a fifteen character passphrase should pan out like this:

2^15 = 32768 possible values
32768/500kps = 65.536 seconds to try all possible values.

Did I do something wrong there?


You did something wrong. Your calculations are fine, except for one small detail: there are more than 2 characters possible.

For lowercase letters only there would be 26^15 = 1677259342285725925376 values possible.
Author

RE: WPA cracking.

stealth-
Member



Posts: 1003
Location: Eh?
Joined: 10.04.09
Rank:
Mad User
Posted on 14-10-10 02:32
stranac wrote:
stealth- wrote:

If my calculations are right, then a fifteen character passphrase should pan out like this:

2^15 = 32768 possible values
32768/500kps = 65.536 seconds to try all possible values.

Did I do something wrong there?


You did something wrong. Your calculations are fine, except for one small detail: there are more than 2 characters possible.

For lowercase letters only there would be 26^15 = 1677259342285725925376 values possible.


Ah, that's right! Like I said, I'm not exactly skilled with bit entropy. Thanks for the correction Smile

62^15 = 768909704948766668552634368
768909704948766668552634368/500/60/60/24/30/12 = 49441210451952589

49441210451952589 years sounds much better, but signifigantly higher than I imagined. Is that right?


The irony of man's condition is that the deepest need is to be free of the anxiety of death and annihilation; but it is life itself which awakens it, and so we must shrink from being fully alive.
http://www.stealt. . .
http://www.stealth-x.com
Author

RE: WPA cracking.


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 14-10-10 04:51
sorry if this sounds retarded but how could you crack into WEP or WPA protected network. I know i am a noob at hacking and stuff but everyone has a starting point.
Thanks.
Author

RE: WPA cracking.

stealth-
Member



Posts: 1003
Location: Eh?
Joined: 10.04.09
Rank:
Mad User
Posted on 14-10-10 05:35
haky2g wrote:
sorry if this sounds retarded but how could you crack into WEP or WPA protected network. I know i am a noob at hacking and stuff but everyone has a starting point.
Thanks.


There are a plethora of articles all over the web that explain this, and I believe one was actually linked to in an above post. Look into tools like aircrack, google it, and you'll do fine.


The irony of man's condition is that the deepest need is to be free of the anxiety of death and annihilation; but it is life itself which awakens it, and so we must shrink from being fully alive.
http://www.stealt. . .

Edited by stealth- on 14-10-10 05:45
http://www.stealth-x.com
Author

RE: WPA cracking.


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 14-10-10 06:02
Well, didn't you change your tone to a friendlier one in a big hurry? Pfft
Anyhow, you're still generous with your numbers, 62 would only account for upper case, lower case and numbers; no other symbols accounted for. Even if we just take the standard ascii table minus the first bunch of special values, we'd still end up with ((2^7)-32)^15 combinations. And that's just for the set 15 character length, it still leaves out the 1, 2, 3 ... 13, 14 lengths you'd try before reaching 15.
Why you are surprised about the dictionary being quick eludes me. A dictionary contains far, far less instances to try, just to begin with.
A long time to bruteforce is pretty much how these things are designed. The thought is generally that you shouldn't be able to reverse it and so, the option you are left with (trying combinations) should realistically take too long to manage within a reasonable amount of time since there really is no other way to defend against it.


Author

RE: WPA cracking.

stealth-
Member



Posts: 1003
Location: Eh?
Joined: 10.04.09
Rank:
Mad User
Posted on 14-10-10 06:22
COM wrote:
Well, didn't you change your tone to a friendlier one in a big hurry? Pfft


Heh, so you noticed that? I reread his question and realized I was being a bit harsh.

Anyhow, you're still generous with your numbers, 62 would only account for upper case, lower case and numbers; no other symbols accounted for. Even if we just take the standard ascii table minus the first bunch of special values, we'd still end up with ((2^7)-32)^15 combinations. And that's just for the set 15 character length, it still leaves out the 1, 2, 3 ... 13, 14 lengths you'd try before reaching 15.


I know, I figured the number I was left for 62 characters was still large enough to get what I was asking across, however.

Why you are surprised about the dictionary being quick eludes me. A dictionary contains far, far less instances to try, just to begin with.
A long time to bruteforce is pretty much how these things are designed.


I was surprised at the dictionary attacks speed because I was imagining something along the lines of an hour, likely more. I suppose after cracking WEP in about 5 minutes, I was expecting WPA to take at the very least longer than WEP did, regardless of the method.

The thought is generally that you shouldn't be able to reverse it and so, the option you are left with (trying combinations) should realistically take too long to manage within a reasonable amount of time since there really is no other way to defend against it.


Yeah, I understand the idea behind it, it's just a few trillion years seems ridiculous and I figured my math must've been off.

Thanks for the response, COM.


The irony of man's condition is that the deepest need is to be free of the anxiety of death and annihilation; but it is life itself which awakens it, and so we must shrink from being fully alive.
http://www.stealt. . .

Edited by stealth- on 14-10-10 06:23
http://www.stealth-x.com
Author

RE: WPA cracking.


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 02-03-11 13:41
Yall are missing one MINOR detail. If for example the password is aardvark, and your all encompassing dictionary is 30MB, it will find aardvard in about 2 seconds. However if your password is the much shorter xray, it will take about 10-15 minutes (or longer). It has more to do with where in the dictionary the correct password is found than how long or complex the password is.
Just my $.02
Author

RE: WPA cracking.


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 02-03-11 19:56
yeah you do must have a good dictionary cuz all my network connections are wpa and backtracks wordlists are all outdated. i downloaded the 14mb wordlist collection and even those didnt crack the passphrase. i know there is a 30Gb wordlist but it would take a very long time even if your speed is 4000 keys/s.


Author

RE: WPA cracking.

stealth-
Member



Posts: 1003
Location: Eh?
Joined: 10.04.09
Rank:
Mad User
Posted on 03-03-11 02:38
txwooley wrote:
Yall are missing one MINOR detail. If for example the password is aardvark, and your all encompassing dictionary is 30MB, it will find aardvard in about 2 seconds. However if your password is the much shorter xray, it will take about 10-15 minutes (or longer). It has more to do with where in the dictionary the correct password is found than how long or complex the password is.
Just my $.02


We didn't "miss" that, we didn't talk about it because it was obvious enough already. The password I was referencing in this text was far down the alphabet, not to worry.

Also, for future references please remember to check the date of threads before you dig them up from the grave.


The irony of man's condition is that the deepest need is to be free of the anxiety of death and annihilation; but it is life itself which awakens it, and so we must shrink from being fully alive.
http://www.stealt. . .
http://www.stealth-x.com