Help needed with hccap cracking (WPA/WPA2 passwords)

[Biokinetix]

Hey guys! i realy do appologise if I'm posting this in the wrong section. Ok, so I have been using KALI linux for a while now and have become pretty successfull at hacking wifi AP passwords. Been using the aircrack suite in combination with Reaver, Wifite, Bully ect. Cracking WPS enabled routers have become a piece of cake. However, cracking newer routers or AP without WPS enabled is quite another story. I have spend a LONG time trying to crack some of them.

I managed to capture a few handshakes for various AP's witch I have already converted to ".hccap" files to be able to crack them with CudaHashCat. I have some big wordlists and also created some of my own custom wordlists using Crunch. I created a pretty big wordlist in crunch using gathered information about the owner of the AP. But unfortunately I havent had any success so far. Been running hashcat for weeks while trying different modes eg brute-force, hybrid dict + mask ect.

Im someone that will try all available options before asking for help. I even did a "Evil Twin" attack and had everything set up but my signal just wasnt strong enough to get clients to connect with my AP instead of the original AP. So yes, I realy have tried.

So basicaly I'm stuck at cracking these passwords. Any help with cracking these passwords will be much appreciated. I have included:

Original handshake capture cap files
WPA cleaned cap files
Hashcat ready hccap files

Thanx guys

[iikibT]

WPS is inherently insecure, WPA2 not that much, there aren't many shortcuts. If you have multiple APs with same SSID but different passwords, you can benefit from precomputing, else you will probably not get much better speed than with aircrack-ng. Download some of the big dictionaries and get cracking. If the password is not in any dictionary you can get your hands on, you are mostly out of luck. Good luck brute forcing 8+ chars password. My success with random APs and 5GB dictionary was less than 10%, but I didn't try larger dictionaries, brute forcing or hybrid attacks. Seeing as you put more effort into it perhaps you can get a better success rate, but don't expect to get every AP.

I would recommend going with Evil Twin. It requires a good enough signal and one not-very-bright client, but will save you all the time and is more rewarding.

I am new to the field myself, I hope my answer helps in any way, you will probably get better answers soon.

[0pt1musPr1m3]

Im someone that will try all available options before asking for help. I even did a "Evil Twin" attack and had everything set up but my signal just wasnt strong enough to get clients to connect with my AP instead of the original AP. So yes, I realy have tried.

Signal is not enough. The victim has to be dumb enough to click on the connect button - not be asked for a password and still not notice something fishy. They will not connect to you automatically just because your fake AP has the same name no matter how hard you DoS there AP.



Fast GPU + oclHashcat is probably the best way to go if you must crack hashes.

[techb]

As I have worked for a big DSL ISP in tech support in the past, I think the first thing you should try is telephone numbers as the pass. We used to suggest this to all our customers. It's 10 digits, around here anyway, unique, and easy to remember.

The good thing is for hackers, the only diff in phone numbers in an area is usually only 4 digits. Start there I would say, else get a good wordlist going.

[Biokinetix]

hey guys.thanks allot for your replies. It's always good to have input from other like minded people. I have compiled quite a huge wordlist using Crunch from information I was able to gather from the victim. I used ID numbers, names, surnames,names of children, name of their businesses ect,ect. I combined all thoses information with Crunch as it can output a wordlist using combinations of the various information. No luck so far. But thanks again for taking the time to reply. I guess it's time to get back to good old hashcat and start cracking again.

[hashMANmerky]

A lot of new routers have WPS enabled these days, you could always try the super easy WPS hacking and then once you have the WPS pin even if they change passwords you can always get it back using the pin 

I like "Wifite" as you can do a pretty neat "Fake Auth" just by running a simple "Aireplay" command and your away, "Wifite"will also show you all WPS enabled networks available.

I can provide links to a very good dictionary its huge but worth it really, you would just have to remove some dupes and split them into proportionate sizes before using.

[0pt1musPr1m3]

A lot of new routers have WPS enabled these days, you could always try the super easy WPS hacking and then once you have the WPS pin even if they change passwords you can always get it back using the pin 

I like "Wifite" as you can do a pretty neat "Fake Auth" just by running a simple "Aireplay" command and your away, "Wifite"will also show you all WPS enabled networks available.

I can provide links to a very good dictionary its huge but worth it really, you would just have to remove some dupes and split them into proportionate sizes before using.

You apparently did not read the first paragraph of the OP - he is well aware of WPS vulns.

Fuck wifite... especially for those reasons.

[iTpHo3NiX]

My advice is see if the routers name is default for either the router or the isp. Default wireless names are usually fairly easy as different manufacturers/isp's use the same type of passwords to secure their clients wifi. As techb mentioned phone numbers are very popular. Also some routers have 10-digit (numerical only) passwords that never start with a 0. Others are a lot more difficult that will have a 15 character key that consists of 0-9 and a-z, others are 0-9a-zA-Z. However in knowing this, you can save time and eliminate doing passcodes that are under the charters of the passwords (no point in trying aaaaaa when the password contains only digits and is 10 characters long)

Based on your OP with this particular AP, a smart evil twin attack probably would be the best bet, however you need to be close with some decent hardware.

Btw I would like to say congratulations on not being the hundreth retard to say how does I hack wifis