EvilZone
Hacking and Security => Hacking and Security => : Super_mario666 June 15, 2013, 11:32:23 PM
-
does any one know were i can find a really good wordlist to use with fern wifi cracker?
-
What makes a wordlist good? good for what.
-
The target dictates the wordlist.
-
The target dictates the wordlist.
the target is a home router with WPA encryption( in case you haven't noticed im fairly new at this)
-
I'd say this (http://www.aciddr0p.net/pwls.html) is a fairly decent password list resource.
-
I'd say this (http://www.aciddr0p.net/pwls.html) is a fairly decent password list resource.
very nice +1.
-
the target is a home router with WPA encryption( in case you haven't noticed im fairly new at this)
have you even tried to figure out what kind of router? because that as well could determine that a word list will be useless. Any number of routers now have their WPA passwords randomly generated and printed on a sticker on them. no dictionary attack is going to scratch that.
-
have you even tried to figure out what kind of router? because that as well could determine that a word list will be useless. Any number of routers now have their WPA passwords randomly generated and printed on a sticker on them. no dictionary attack is going to scratch that.
the router is my neighbors so i dont know exactly what kind he has. but just in case it was what you described what would you suggest?
-
i use this (http://area51archives.com/files/pass_list.rar) when it comes to using a wordlist. It has over 4.9 million passwords.
-
Using wordlists is a for a very specific cracking. Bruteforce is the way to go most of the time, but it can takes years...
Edit: aren't you supposed to crack WPA with handshakes and all that? AFAIK you don't need to bruteforce a lot. With WPA2 it is different.
-
http://blog.g0tmi1k.com/2011/06/dictionaries-wordlists.html (http://blog.g0tmi1k.com/2011/06/dictionaries-wordlists.html)
This site has good collection of wordlist. Also take some to read other post on that site. We will surly be benefited. As you said you are new to this.
-
One thing to check is if they changed the SSID, this is often an indication that someone edited the router configuration.
If they didnt you can easily trace back the the ISP, check for their password configuration.
In certain cases ive found those to be extremely poor for example an 8 digit random generated string, which is viable to bruteforce.
Other cases use defaults of 10 char lower/upper/digits, basically your screwed unless you have some very very powerfull GPU setup.
One thing that you might wanna do is learn how people contruct passwords.
Ive encountered many passwords and for example routers with ; 12345678
My lucky day :P
Often people do something like this ; banana
Than the router says; "minimum of 8", the person thinks "shit".
Adds a "12" so it becomes banana12.
:)
-
the router is my neighbors so i dont know exactly what kind he has. but just in case it was what you described what would you suggest?
Well getting more information about it is always your best bet, so a program like netstumbler(if you have a non built in wireless adapter) can be very useful. For one it will still find networks that are not broadcasting. Anyway now that you are armed with the SSID, if it is a default setup and a wireless modem/router purchased from a company often they will stick to a very "easy" to spot naming convention. ie ATT 2wire(###) Now that we know that, we can look at how they configure their network passwords. 10 characters! oh but wait its not alphanumeric, its just numeric. ease to brute force crack=super easy. In essence once you hit 10 billion passwords you have either cracked the password, or learned that the user changed it. If the user changed it now you need to broaden your horizons to brute force alphanumeric, or try a dictionary attack.
Also as stated the exact encryption being used is sometimes vulnerable to other sort of attacks that can work much faster than brute forcing it.
As you have seem to yet discover, hacking is far more about knowledge than a magical button you hit to own. i would suggest reading up on security vulnerabilities on the various wireless encryption schemes, the difference between brute forcing and dictionary attacks, as well as when to use them.