need some more suggestions on cracking a wpa2 handshake capture...

[xsysudo]

Hi everyone. I'm new here.
Need some suggestions on cracking a wpa2 handshake capture:
Reaver failed wps pins but I got de handshake cap file using wifite. That's it. Already tried a lot of dictionaries on aircrack lots of time wasted and nothing... any more ideas?
Thanks

[white-knight]

Reaver is your best bet , just cause it failed dont mean it wont work , try to learn more about using it .

You can try bruteforce against the handshake but it can take a day or a lifetime to crack it. maybe try to get more info on the manufacture  when scanning , google to find default pins or default passwords might get lucky . the more info you have the better .

If you cant do that try other ways of getting it , this question is asked alot here so look around you might find ur answer ..

When all else fails just go ask for the password and nudes . thats what i do 

[phoenixcoder]

You can send the cap here and I'll take care of it.

http://timourrashed.com/wpa-cracker-online-service/


Sent from my iPhone using Tapatalk

[blindfuzzy]

You can send the cap here and I'll take care of it.

http://timourrashed.com/wpa-cracker-online-service/


Sent from my iPhone using Tapatalk

This is unnecessary. You can just look for the information on how to do it yourself versus paying someone to do it.

[blackrat]

Evil-Twin ?? (not for handshake cracking but i find it successful)

[phoenixcoder]

This is unnecessary. You can just look for the information on how to do it yourself versus paying someone to do it.

True people can look up the info, however brute forcing and using wordlists require extensive computing power that most people do not have at their disposal.

Thus the question will be "how fast or crucial do I require the password?"

That's completely up to the interested party to answer


Sent from my iPhone using Tapatalk

[xsysudo]

I've got Aircrack running on a intel i5 plus GeForce GTX 430 and 8GBDDR for almost 3 weeks and still nothing... The dic file is the generic "acdcdictionary.txt" 27GB.

Maybe i should get other appropriate dic file for local and nacional Portuguese words but can't find it any... Any links to get more custom dic wordlists?

Also tried on some free online has crack sites like wpa-sec.stanev.org and www.OnlineHashCrack.com but no results.

I know i must be patient but the i am beginning to lose hope on this one.
Reaver locks the router after some attempts, even with --ignore-locks -d 61 commands.

BTW the equipment is a TECHNICOLOR TG784n V3 from Vodafone Portugal.

Thks

[white-knight]

No matter the power of your machine and time you have you still might not get the password in a dictionary..

The only way you can crack the password with a DICTIONARY is if the password is actually in it .

Since you have the brand info try to look up default passwords and info  and maybe how the security of the WPS is set up.


http://www.techarp.com/showarticle.aspx?artno=763

scroll down some and you can read of the defaults  , then maybe try something similar first.

You could always try a paid version of online cracker .

[phoenixcoder]

I've got Aircrack running on a intel i5 plus GeForce GTX 430 and 8GBDDR for almost 3 weeks and still nothing... The dic file is the generic "acdcdictionary.txt" 27GB.

Maybe i should get other appropriate dic file for local and nacional Portuguese words but can't find it any... Any links to get more custom dic wordlists?

Also tried on some free online has crack sites like wpa-sec.stanev.org and www.OnlineHashCrack.com but no results.

I know i must be patient but the i am beginning to lose hope on this one.
Reaver locks the router after some attempts, even with --ignore-locks -d 61 commands.

BTW the equipment is a TECHNICOLOR TG784n V3 from Vodafone Portugal.

Thks

Technicolor's password falls in the keyspace of 10 char that can vary among the following chars "0123456789ABCDEF"

In other words, you will have to try a maximum of 16^10=1,099,511,627,776 combinations so even if your hardware can crack 100k passwords per second it will take you roughly 4 months. At a speed of 6k (average of most hardware), it will take you 70 months or 6 years.

Hope that clears things up

[0E 800]

I wouldnt trust wifite. I havent used it in a while, does it even us wlan0mon interface?

To verify the handshake, try:

Code: [Select]

pyrit -r your.cap analyze
You might want to try out:

https://github.com/SilentGhostX/HT-WPS-Breaker

https://github.com/nxxxu/AutoPixieWps

Both are automated Pixie attacks.

[rogue.hackz]

https://github.com/SilentGhostX/HT-WPS-Breaker

Hmm...looks like that tool has been released like a few hours ago lol.

Anyway haven't tried that tool but what I can say is that I tend to stay away from tools that try to be too many things at the same time cos they tend to fail massively for the most part. Jack of all trades but master of none, better to mess around and learn individual toolset yourself and know what works and what not other than relying on something automated.

@OP: Incase you wanted some free external service like WPA Cloud Cracking online you might wanna check this out:

wpa-sec.stanev.org

If you don't have the hardware it's better to get it done else where than wasting your cpu cycles and waiting forever.

[phoenixcoder]

@OP you can also send the handshake to me via direct message and I'll be more than happy to give it a shot

[xsysudo]

@OP you can also send the handshake to me via direct message and I'll be more than happy to give it a shot

PM failed. Not sure if I can post the link of the cap file here... Valid for 48h
http://expirebox.com/download/b4c40b16419a7ae2dd010c3dbef1b0a7.html