Description: How to Bruteforce WPA with very excellent performance from GPU
Tags: WPA Cracking , Bruteforce , no dictionary , GPU ,
Disclaimer: We are a infosec video aggregator and this video is linked from an external website. The original author may be different from the user re-posting/linking it here. Please do not assume the authors to be same without verifying.
HI Kurapik0.
Just a question, are you able to use the GPU to crack the wpa using VMware or do you have to use it on a physical machine? I get it running, but dont see much of a speed improvement - i have a GTX 275 and running BT in VMware - my CMD is as follow:
/pentest/passwords/jtr/john --stdout --incremental:all | pyrit -e wlan-ap -i - -o - passthrough | cowpatty -r GPU-01.cap -d - -s wlan-ap
nice vid, but you didn't need to deauth cause you already had the handshake lol, oh and what GPU were you using?
For this VDO I've been using the real physical machine ,I think VMWare is not support for GPU you can check by following this command "pyrit list_cores" you will see graphic card but i dont think it works in VMWare
GPU is to Build the speed of cracking I have 2 Graphic card I can build to 20000+ key/sec
I've been using GeForce GTX 285 , CUDA Testla C1060
You clearly don't have a good understanding of WPA cracking. Brute forcing is only a viable option if you know that the default password will be a certain combination of characters.
This is because if you were to brute force a-z A-Z 0-9 !?$£ for 8 - 64 character length you would end up with millions of PB's of data... The only effective way is to use pyrit with a word list optimized for WPA... i have a 6.8 GB file of nearly a billion keys that i crack with pyrit going at 90,000 keys/s so it only takes my 2 hours to go through...
Middle
I really comfirm Middle This is the Bruteforce technique becourse john the Ripper can provide bruteforce attack and if you are using pyrit with dictionary you will spend too much time for "Batch" for every difference SSID ,If I used the same as your way I can Crack 2,500,000 keys/s but I think dictionary attack is not good while compare with Bruteforce .
can't you make the text visible more clearly plzzzzz or make it more readable
it was pathetic i was unable to see no text at all
Nope you are wrong again, you are thinking that i am saying to make a database to crack the specific ESSID, that method is even worse than the one you have detailed.
I use a simple word list attack, no prperation needed i jsut have my 680 million word dictionary and test the handshake against each one. Essentially the same as you but not generating the words as i go, because that slows down the attack and makes it retarded as it will last for eternity.
You clearly do not know what you are talking about and i don't appreciate users mis-informing others.
Middle
@ ricky - change the video to HD, and you will be able to clearly see what he has typed.
@ Middle
Assuming you are using - attack_db to crack WPA, my question would be, how long does it take you to create the batch after you added the essid? I am following the steps found on Pyrits wiki: http://code.google.com/p/pyrit/wiki/Tutorial but it takes me about 12 hours to batch....
My WPA wordlist is 1.5 Gigs = 10Million words. I have a 13 Gig wordlist but I assume that will take about 2 days to run through…
Any suggestions?
@Middle - So how successful do you think you will be most of the time with your word list?
Besides brute forcing would only be a viable option, if you can't crack the WPA hashes with your own word list.
For instance, if someone were to crack my wpa key, they would have to use brute forcing, since a word list file would be completely useless.
@Hugol - There is no point making a batch database/rainbow table. unless you are going to be cracking that ESSID multiple times; as it takes just as long to make the table as it does to run through the word list!
@infiltrator - Well with my word list it is a case of its as good as you will get with a word list. My list is comprised of your 13Gb one + about 10 others and then cut down for WPA cracking so it is only 6.8Gb however it is perfect for WPA cracking.
And yes i agree that a brute force is the only sure fire method of cracking a WPA key that isn't in a dictionary, however unless you have your own pyrit cluster that is working at over a million keys a second its not really do able; even then it is still ridiculously impractical.
Just think if you were to use crunch to make brute force a WPA key and you used:
8-16 a-z A-Z 0-9
That would look logical if you piped it into pyrit, but if you piped it into a text file to make a dictionary
8-16 a-z A-Z 0-9 > MySeveralPetaBytesOfStorage.txt
Then used it with pyrit you begin to see why brute forcing is ridiculous!
However bruteforcing can be used if you know that the default key for a certain brand of router is a certain mix of digits and a certain length.
I have written a very good guide to all this but it is hosted in a a rather unsanitary place.
In short: Bruteforcing is a no no unless you know that it is a default router key of which you know the specifications, and rainbow tables (batch) is a no no unless you plan on cracking an ESSID multiple times. That leaves you with the one viable option of using a word list with pyrit.
I use my 6.8Gb optimised word list (Which is better than your 13 GB one, i know because i used it to make the 6.8Gb word list)with my 5870 to crack a handshake in ~2 hours. If that word list doesn't crack it i move on.
would love to see your guide - maybe email?
Well it is formatted with Mybb so it would look awful, i have made several tutorials on a forum and i must make them into an ebook one day, just not sure about the best way of going about it...
@Middle, if you don't mind me asking. What do you use for generating your own wordlist file?
Well i use my 6.8GB word list as a base, that consists of the 13GB word list, and ten as i said about 10 other lists i have gathered over the years. Then i add to that for each individiaul case. If it is a default ESSID i may use crunch to add something to the list, or if it is someones personal ESSID i would use CUPP to make an extra list and try that as well.
@Middle, I have heard of those two tools CUPP and Crunch but have never really thought of using them.
In the past, I have used freeware tools such as passgen to generate random passwords and save them to a text file.
So far I've only managed to get my wordlist to 1GB. I still have a long way off.
Anyway, thanks for sharing that up, I really appreciate.
This isn't my hosting: http://le-ona.com/host/WPA%20word%20list.zip
This was someone downloaded my Word list and re upped it some where else because my host was awful
i think it is a 1.4Gb download expands to 6.8 i believe
Enjoy!
Any Chance we can get some sound?
Middle, the site hosting your word list optimized for WPA is closed. Can I get it somehow?
Thanks