+ Reply to Thread
Page 1 of 2 1 2 Last
Results 1 to 25 of 33
  1. Mobo Wizard ULWiz's Avatar
    Join Date
    Feb 2008
    Location
    Florence NJ
    Posts
    723
    #1

    Default Issues with AIRCRACK-NG and password List

    Not sure where else to post this but here.

    I have been interested in security for a few years now and am hoping to land a career in this field many more years down the road.

    I recently decided that i wanted to learn how to crack a WEP key for example.
    Currently running a few programs like wireshark and the aircrack-ng package.
    I am see different AP's and anything that is connected to it while capturing their packets. With that file i would be able to crack it if my list contains that pw if not i dont believe its possible. My issue at this point is that my password.lst file only has a possible 230 passwords when it checks. When i see the videos online these guys have thousands of possible passwords listed in their file.


    Does anyone know where a file like this can be grabbed. Its just a simple text file with a word on each line. Only difference is the amount of possibilities in there. Really looking for a text file with the entire dictionary in it.


    Any help here is appreciated.
    Reply With Quote Quote  

  2. SS -->
  3. Senior Member
    Join Date
    Jan 2007
    Location
    ::1F03:0307
    Posts
    239

    Certifications
    somewhat
    #2

    Default Re: Issues with AIRCRACK-NG and password List

    Quote Originally Posted by ULWiz
    Not sure where else to post this but here.

    I have been interested in security for a few years now and am hoping to land a career in this field many more years down the road.

    I recently decided that i wanted to learn how to crack a WEP key for example.
    Currently running a few programs like wireshark and the aircrack-ng package.
    I am see different AP's and anything that is connected to it while capturing their packets. With that file i would be able to crack it if my list contains that pw if not i dont believe its possible. My issue at this point is that my password.lst file only has a possible 230 passwords when it checks. When i see the videos online these guys have thousands of possible passwords listed in their file.


    Does anyone know where a file like this can be grabbed. Its just a simple text file with a word on each line. Only difference is the amount of possibilities in there. Really looking for a text file with the entire dictionary in it.


    Any help here is appreciated.
    Google wordlist

    http://wordlist.sourceforge.net/
    Reply With Quote Quote  

  4. Senior Member Registered Member
    Join Date
    Jul 2008
    Posts
    131
    #3
    If you really want to crack WEP. then you should download and run Backtrack (it's a linux version that can be run from CD or USB key, or be installed). It comes configured with all the tools you will need for pen testing. Secondly, don't attempt to crack other people's WEP, that is a felony.
    Reply With Quote Quote  

  5. Senior Member
    Join Date
    Mar 2007
    Posts
    12,308
    #4
    That's a pretty inefficient way to crack WEP. Aircrack-ng should be all you need.
    Reply With Quote Quote  

  6. Senior Member Registered Member
    Join Date
    Jul 2008
    Posts
    131
    #5
    Well it sounds like he wants to investigate pen testing, why not use a platform that will support that? Is the windows version going to support packet injection? No, not to mention a whole host of other tools.
    Reply With Quote Quote  

  7. Senior Member
    Join Date
    Mar 2007
    Posts
    12,308
    #6
    Sorry, I was talking about brute-forcing WEP with dictionary lists, not BT
    Reply With Quote Quote  

  8. Senior Member Registered Member
    Join Date
    Jul 2008
    Posts
    131
    #7
    Oh, my bad .
    Reply With Quote Quote  

  9. Certification Invigilator Forum Admin JDMurray's Avatar
    Join Date
    Jul 2003
    Location
    Surf City USA
    Posts
    10,596
    Blog Entries
    50

    Certifications
    GSEC, EnCE, CISSP, SSCP, CEH (ANSI), CASP, CCNA, CCENT, CWSP, CWNA, CWTS, Security+, Server+, Network+, A+, DHTI+, PDI+, MSIT InfoSec
    #8
    Aircrack-ng is the best. Run it on Linux and make sure you have an approved wireless NIC.

    There is a Windows port of Aircrack-ng, but I've never tried it.
    Moderator of the InfoSec, CWNP, IT Jobs, Virtualization, Java, and Microsoft Developers forums at www.techexams.net
    --
    Blog: www.techexams.net/blogs/jdmurray
    LinkedIn: www.linkedin.com/in/jamesdmurray
    Twitter: www.twitter.com/jdmurray
    Reply With Quote Quote  

  10. Sie
    Sie is offline
    Running on caffine
    Join Date
    Dec 2005
    Location
    England, UK
    Posts
    1,207

    Certifications
    ADITP (Advanced Diploma for IT Practitioners) & MCSA (70-270, 70-290, 70-291, 70-299) | Currently working towards C|EH
    #9
    I think theres some confusion here.

    A password list is not needed for a WEP crack only the Airmon-ng Suite.

    If you cracking a WPA or WPA2 network you will need a good password list, theres many available you can search google for them.

    However the best current method for WPA cracking is the use of Rainbow Tables. If you have a very good Internet connection or Risk purchasing the CD's a very large pre hashed Rainbow Tables can be obtained from http://rainbowtables.shmoo.com/

    Also WPA Rainbow Tables pre hashed with common ESSID's can be had at http://www.renderlab.net/projects/WPA-tables/

    I must add, just to cover myself, you must have permission from the owner of the network. I dont take responsiblity etc etc.
    Reply With Quote Quote  

  11. Mobo Wizard ULWiz's Avatar
    Join Date
    Feb 2008
    Location
    Florence NJ
    Posts
    723
    #10
    Not to be rude on the comment below. But did you seriously just post that.

    I said i am interested in the security aspect of computers.
    Currently working on one last test for MCSA and and taking my CCENT here shortly. After those two are attained i plan on finishing my CCNA and then my MCSE. After i have those certs and a few more years of expeirence i would like to go CEH and CISSP.

    Not for cracking my neighbors network which has absolutely nothing of importance. This is purely for learning purposes and how things like this work.


    Secondly, don't attempt to crack other people's WEP, that is a felony.
    I find it extremely interesting that i can not be connected to any network. Change my Wireless card to a different status and be able to see any WAP and any computers mac address.


    Currently my file has about 500K for possible password solutions the last link posted really bumped up my file.

    Appreciate the help.
    Reply With Quote Quote  

  12. Sie
    Sie is offline
    Running on caffine
    Join Date
    Dec 2005
    Location
    England, UK
    Posts
    1,207

    Certifications
    ADITP (Advanced Diploma for IT Practitioners) & MCSA (70-270, 70-290, 70-291, 70-299) | Currently working towards C|EH
    #11
    You may have over 500K password listed but you can instantly discount any under 8 characters as these cannot be used for WPA passwords/pass phrases. Bear in mind the password can be anywhere from 8 to 63 characters in length for WPA if memory serves me correctly.

    Just out of interest how are you going about this?

    Deauthing a client and capturing the 4 way handshake with airodump?

    NB:
    The, do not hack its a felony is a required as im sure some armed robbers have gone to gun shops and said "Im just interested in guns I wasnt thinking of robbing anywhere". Anyway im sure you get my point, if your doing nothing illegal dont take offence.
    Reply With Quote Quote  

  13. Mobo Wizard ULWiz's Avatar
    Join Date
    Feb 2008
    Location
    Florence NJ
    Posts
    723
    #12
    Currently just using the aircrack package on a linux platform.

    First thing i did was scan for available networks.
    Second i ran a command just to watch a single channel and network.
    At this point it opens a capture file.

    I mac spoofed my mac to a wireless client connected to that access point. Deauthorize it.

    Ran a test injection from aircrack and a attack on it sending aut requests at the ap i am trying to hit.

    From this point on i show a WPA handshake at the MAC of the AP

    Usually as long as i have 100k in IV i would shut down and run a test with my password list on the file.

    That is pretty much all i have gotten so far. Only been doing this for about 4 days. And really not any material on it out there.

    Hope i did not miss any steps there.
    Reply With Quote Quote  

  14. Senior Member
    Join Date
    Mar 2007
    Posts
    12,308
    #13
    Have you looked at this? http://www.aircrack-ng.org/doku.php?id=tutorial

    And as I said earlier, you don't need lists. AirCrack able to break the encryption based on the data you capture. I guess that's a viable approach if you don't have access to much captured data, but you can usually crack it within a few minutes.
    Reply With Quote Quote  

  15. Sie
    Sie is offline
    Running on caffine
    Join Date
    Dec 2005
    Location
    England, UK
    Posts
    1,207

    Certifications
    ADITP (Advanced Diploma for IT Practitioners) & MCSA (70-270, 70-290, 70-291, 70-299) | Currently working towards C|EH
    #14
    Dynamik, Your absolutely correct for WEP however I think ULWiz is talking about WPA which would require a brute force approach hence the password lists.

    ULWiz, obviously your doing this on an authourised AP so why not add the known Passphrase to your password lists to ensure your doing the correct steps?

    As for little material out there you must be missing both the aircrack site itself:

    http://www.aircrack-ng.org/doku.php?id=airmon-ng

    and the Remote Exploit Forums:

    http://forums.remote-exploit.org/

    Creators of BackTrack.

    [Edit
    Haha, just noticed Dynamik posted the aircrack link aswell
    And 6800+ posts? Your fingers stubs yet bud?
    /Edit]
    Reply With Quote Quote  

  16. Mobo Wizard ULWiz's Avatar
    Join Date
    Feb 2008
    Location
    Florence NJ
    Posts
    723
    #15
    i have looked at it but did not see a command that would just crack the WPA.

    The only format i have been able to do was to crack it if it was currently in my password.lst file.


    The average capture filed i have fulled was about 130MB in size with 100k something in packets captured.
    Reply With Quote Quote  

  17. Mobo Wizard ULWiz's Avatar
    Join Date
    Feb 2008
    Location
    Florence NJ
    Posts
    723
    #16
    I did actually run the scan first on my .cap file with the password not being in the list. The program said the key was not found. Tried to add my physical WPA password to the file and it did crack that as the actual passphrase.
    Reply With Quote Quote  

  18. Mobo Wizard ULWiz's Avatar
    Join Date
    Feb 2008
    Location
    Florence NJ
    Posts
    723
    #17
    Dynamik mind posting the command you see for this cause i dont see it.
    Reply With Quote Quote  

  19. Sie
    Sie is offline
    Running on caffine
    Join Date
    Dec 2005
    Location
    England, UK
    Posts
    1,207

    Certifications
    ADITP (Advanced Diploma for IT Practitioners) & MCSA (70-270, 70-290, 70-291, 70-299) | Currently working towards C|EH
    #18
    So your doing it all right by the sounds of it just needing better password lists.

    Really the best option is Rainbow tables, take a look at the links I posted above.

    The passwords per second you get from rainbow tables compared to just password lists is amazing.

    If those are too big for you or you want to continue using just password lists check remote exploit forums as theres posts there containing links to wordlists.

    Quote Originally Posted by ULWiz
    Dynamik mind posting the command you see for this cause i dont see it.
    To be fair to Dynamik you did state this at the beginning and his response was correct.

    Quote Originally Posted by ULWiz
    I recently decided that i wanted to learn how to crack a WEP key for example.
    Reply With Quote Quote  

  20. Mobo Wizard ULWiz's Avatar
    Join Date
    Feb 2008
    Location
    Florence NJ
    Posts
    723
    #19
    Currently running another scan on a previous capture. Added some more worl lists to it. Will kepp you posted on how big it actually is
    Reply With Quote Quote  

  21. Senior Member
    Join Date
    Mar 2007
    Posts
    12,308
    #20
    Quote Originally Posted by Sie
    Dynamik, Your absolutely correct for WEP however I think ULWiz is talking about WPA which would require a brute force approach hence the password lists.
    You were the first one to mention WPA, and that was in the 9th post. When did we switch over to that?

    UL, are you trying to crack WEP or WPA?

    Here's another article for you: http://docs.lucidinteractive.ca/inde...eless_Networks
    Reply With Quote Quote  

  22. Mobo Wizard ULWiz's Avatar
    Join Date
    Feb 2008
    Location
    Florence NJ
    Posts
    723
    #21
    Dynamik my first post was geared towards WEP. I am actually interested in both. Currently trying for a WPA which is my home network. I could always switch my own to be a WEP to learn that.

    Is there a diffrence in commands from each one.

    i am pretty much doing the following

    aircrack-ng -w ulwiz.lst output-01.cap

    This begins my crack with my current password lst.

    Not sure how else to do it.

    I will take a look at the link you just posted.
    Reply With Quote Quote  

  23. Stop,Collaborate + Listen LarryDaMan's Avatar
    Join Date
    May 2008
    Location
    DC Suburbs
    Posts
    792

    Certifications
    CISSP, CISA, PMP, FITSP-M, Security+, Network+, A+, (expired: CCNA, CCENT)
    #22
    Quote Originally Posted by dynamik
    Quote Originally Posted by Sie
    Dynamik, Your absolutely correct for WEP however I think ULWiz is talking about WPA which would require a brute force approach hence the password lists.
    You were the first one to mention WPA, and that was in the 9th post. When did we switch over to that?

    UL, are you trying to crack WEP or WPA?

    Here's another article for you: http://docs.lucidinteractive.ca/inde...eless_Networks
    Yeah, I was going to say the same thing. This started as a WEP crack which is MUCH easier.
    Reply With Quote Quote  

  24. Sie
    Sie is offline
    Running on caffine
    Join Date
    Dec 2005
    Location
    England, UK
    Posts
    1,207

    Certifications
    ADITP (Advanced Diploma for IT Practitioners) & MCSA (70-270, 70-290, 70-291, 70-299) | Currently working towards C|EH
    #23
    Quote Originally Posted by dynamik
    Quote Originally Posted by Sie
    Dynamik, Your absolutely correct for WEP however I think ULWiz is talking about WPA which would require a brute force approach hence the password lists.
    You were the first one to mention WPA, and that was in the 9th post. When did we switch over to that?

    UL, are you trying to crack WEP or WPA?

    Here's another article for you: http://docs.lucidinteractive.ca/inde...eless_Networks
    He mentioned Password lists and was talking about them. WEP doesnt need that so I just assumed he meant WPA!

    Its your fault ULWiz!! haha.

    Yes WEP and WPA are different.

    WEP only requires the capture of enough data packets (IV's) and aircrack can crack this without a password list.

    WPA requires you capture a four way handshake and run aircrack and a password list against the cap file. Essentially runnning a brute force password crack.
    Reply With Quote Quote  

  25. Certification Invigilator Forum Admin JDMurray's Avatar
    Join Date
    Jul 2003
    Location
    Surf City USA
    Posts
    10,596
    Blog Entries
    50

    Certifications
    GSEC, EnCE, CISSP, SSCP, CEH (ANSI), CASP, CCNA, CCENT, CWSP, CWNA, CWTS, Security+, Server+, Network+, A+, DHTI+, PDI+, MSIT InfoSec
    #24
    Quote Originally Posted by Sie
    WPA requires you capture a four way handshake and run aircrack and a password list against the cap file. Essentially runnning a brute force password crack.
    Well, good luck with that. No WPA-PSK passphrase I've ever used has appeared in any dictionary. It would take pure brute force or nothing.

    And if you are using a password list, dictionary, or rainbow tables you aren't performing a brute force attack. You're just iterating through a lookup table, not trying every possible value of a key space.
    Moderator of the InfoSec, CWNP, IT Jobs, Virtualization, Java, and Microsoft Developers forums at www.techexams.net
    --
    Blog: www.techexams.net/blogs/jdmurray
    LinkedIn: www.linkedin.com/in/jamesdmurray
    Twitter: www.twitter.com/jdmurray
    Reply With Quote Quote  

  26. Sie
    Sie is offline
    Running on caffine
    Join Date
    Dec 2005
    Location
    England, UK
    Posts
    1,207

    Certifications
    ADITP (Advanced Diploma for IT Practitioners) & MCSA (70-270, 70-290, 70-291, 70-299) | Currently working towards C|EH
    #25
    Quote Originally Posted by JDMurray
    Quote Originally Posted by Sie
    WPA requires you capture a four way handshake and run aircrack and a password list against the cap file. Essentially runnning a brute force password crack.
    Well, good luck with that. No WPA-PSK passphrase I've ever used has appeared in any dictionary. It would take pure brute force or nothing.
    I agree, I never said they would be there but up till now I havent heard of an alternative for WPA. It all depends on the admin who setup the AP and their choice of passphrase.

    Also thanks for pointing out that error.
    It infact isnt a brute force, it purely is a dictionary/password list based attack. Its a looooooooong night
    Reply With Quote Quote  

+ Reply to Thread
Page 1 of 2 1 2 Last

Social Networking & Bookmarks