I guess they won't be very impressed

rent a amazon server and pipe it through pyrit or something

Lurk moar.


Seriously, though, start with the aircrack-ng docs: they're a good intro

>>52628787
>trying to impress a friend lol
>look at what these people on the internet told me to do, isn't it cool

you should slap your friend's dick
you'll love it

>>52628803
>>52628815
i used aircrack-ng, maybe i need another wordlist... i dunno, help

give it back tyrone

>>52628842
its his wifi router, he doesnt think i can get his psw

>>52628855
Read the docs. When you get to a word or concept you don't understand, look it up, then move on. You'll eventually crack it, and expand your knowledge.


Or just use wifite.

>>52628864
do you have physical access to the router?
if so get a pen and reset and go from there

>>52628881
i have already obtained the .cap file (handshake), i just need help cracking it, its in the link above

>>52628893
not really

if his router has WPS you can just use reaver and a kali linux live cd
i'm doing it right now, it's really cool

>>52628954

http://1drv.ms/20q6CpJ

i have already obtained the .cap file (handshake), i just need help cracking it, its in the link above

>>52628966
ok well im gonna fart in you

>>52628976

:P

>>52628966
What's the BSSID and ESSID of the target?

>>52629004
you can get that from the .cap right

>>52629028
yes

>>52628787
>p.s trying to impress a friend lol
Do you just love sucking his dick or something?
Or maybe even your own?
>lol check me out im so cool i can hack wifi (but i cant really cuz i asked someone how to do it lol) lol

>>52629114
I have found my doppelganger
>>52628842

>>52628966

Pixiedust (WPS) - Low success rate - Almost instant (20-30 seconds)

Reaver (WPS) - Medium success rate - 12 hours to 24

Raw cracking of the .cap - Almost zero success rate (unless the user is complete dumbshit) - 5 minutes to quadrillion years, not counting how much electricity you'll waste.

Of course, you can always steal his password from one of his devices, provided you can get temporary phisical access or just hack in one of them via MiTM or when you're shitfaced at the pub.

Seriously, brute forcing the is the last things I would do.

>>52628842
This desu senpai.

>>52628842

Does desu filter to desu? What good senpai

there are easier ways to do this

wtf are you doing

>>52628864
That's because you can't, evidently.

No.

>>52629568
>Reaver (WPS)
you think i should use reaver?

>>52630628

If WPS is enabled, I'd suggest you check for pixiedust compatibility first. If that fails, go for reaver.

>>52630681
does reaver need wordlist?

>>52630778
FUCKING GOOGLE HOW TO USE REAVER YOU ULTIMATE FAGGOT

NOW FUCK OFF

>>52630778
its trying to guess the WPS-numbers so nope it doesnt need a word-list.
Try a slow method or the router will lock WPS after to many wrong attempts

>>52630778

>lrn2reaver
I suppose you don't know shit about it or just trolling.
It cracks the 8 digit pin, so no, doesn't need wordlist. But you need to be close to the router, and is a real time attack (can't be done offline or be outsourced like the pcap).
Newer routers might lock you out after a few attempts, but there are workaround on this.
Duckduckgo it.

>>52630861
>>52630871
thanks, am kinda a noob. i got used to aircrack i didnt bother practicing with reaver, am gonna go ahead and try that.

>>52630920
ok so you want to bruteforce? do you know how long the password is? what characters he used for it? you should go with crunch+pyrit.

Hey guys not OP here

As i understand, if i have WPS enabled, everyone can easily hack into router because of those 8 (right?) digit number on a router

If WPS is turned off, and router uses WPA2 security, there's practically no way to crack it unless i have super computer or i get VERY lucky aka pass is 123

Am i right?

Holy shit OP. You don't even possess the basic logic thinking to be doing this in the first place. End yourself.

>>52630982
WPS is much easier to crack yes. doesnt mean you cant crack the WPA2 key...
WPA2 just takes muchmuchmuchmuchmuchmuchmuchmuch more time ... about 100 years if you have a proper password.

>>52630982

>password is 123
>nope

WPA2 enforces a password length which is 8 characters so, no, you can't use 123 as a password, you could do 00000123 or something like it however.

Reaver exploits an issue in how WPS works, it has nothing to do with WPA/WPA2 or any other type of encryption, it's an attack on WPS itself and how the 8 digit PIN (not password) is hashed when a WPS connection is set up.

Most routers in the past 3+ years have been patched to account for Reaver attacks either by fixing the actual exploit making it useless or they have a workaround which prevents the multiple constant attempts to connect with PINs over and over again. The router will detect that multiple successive attempts have been made, none of them being successful, then it'll just lock out the potential for attempts for a period of time, sometimes short (like 15 mins) and other times long (for 24-48 hours) so it's impractical to even bother.

You can have a router and totally disable WPS completely but if it's a vulnerable one that has not been patched Reaver will still work which is why it became popular in the first place - not because it worked on wide open routers but more because even when people supposedly disabled the WPS on their hardware it would still accept a WPS connect request hence Reaver would still work.

That's not the case anymore.

>>52630942
no idea, ok

>>52631011
>WPA2 just takes muchmuchmuchmuchmuchmuchmuchmuch more time ... about 100 years if you have a proper password.

Yeah, i guess pass is always crackable, but let's talk about 1-day job attacks

I'm currently studying for CCNA and i was thinking about learning this netsec area as it is quite connected to my area and is quite interesting

What tools do hackers use if they want to hack into routers? i've seen people mentioning reaver, aircrack etc, which are (is i understand) programs all collected in kali

What do you use to crack WPS?

>>52631051
Thanks, quite informative post

So, if all those things are patched nowadays, what do people use to crack into routers?

>>52631064
Social engineering, Ask employees, Cleaners and get in the building. Get physical access...
"Hacking" people has a bigger success rate since network is protected against attackers. Employees mostly not.

>>52628787
>Transcient Key
>Transcient

Fucking retards will be the death of us all.

>>52631098

Nothing, really, because at the present time it's all just circumstance when someone does crack a wireless key like the OP appears to be hoping for.

Until some other exploit comes along to make things easier or you happen upon a router that's still unpatched for Reaver, it's just a hurry up and wait situation.

There's always social engineering or physical access which is a cakewalk compared to actual brute forcing a proper WPA/WPA2 key in 1,000 lifetimes.

>>52630982
>WPS is turned off

Some routers will ignore this flag. WPS will not be advertised ( wash -i mon0 won't show it) but will still answer manual requests. So you should actually test if turning off works for you.

Otherwise yes, WPA2 is pretty secure, given the pass is not in a wordlist.

Here's an example:
>lowecase (26 char)
>8 char lenght

Let's say you have 2x AMD HD 6990, gfx that cracks ~350K pmk/s ( http://thepasswordproject.com/oclhashcat_benchmarking ) it will take

>26**8/350000/60/60
165 hours, little less than 7 days for just a lowecase alpha 8 chars.

The gfx will also run at full speed, so expect a juicy electricity bill.

>>52631298
>given the pass is not in a wordlist

Can you find some online wordlists where you can search your password to see if it's inside it?

>>52631332
>online wordlists

I got most from torrent and private stuff, never trusted online services when I don't have access to the list. Also they might log what you search and insert in other lists, you know, for science.

Typing your super password to a third party service to check if it's secure it's kinda stupid idea desu senpai.

>>52631332
give me your password and i'll tell

>>52631332
http://hulkload.com/g5ovuyws28vg

i just found this

If you're entering in the hacking world, you should be creative:

- Find a way to disable his router. (not that hard).
- Find a way to create a DNS server that redirects every request to a page that ask wireless password and save it.
- Find a way to "create a wireless router" with a similar SSID in linux(of course you'll need an wireless USB adapter or something like that).
- Let him connect without ask for a password. He'll realize that he is not connected and he will connect in your fake SSID.
- Wait until he/she open some webpage and enter the wireless password.

And done, you have his/her ultra secure WPA password.

Hack WPA could be very, very hard or even impossible if you don't use your creativity.

>>52628787
Sent ;-)

>>52631415
>typing your w-lan password in a browser

...

>>52631415
A lot of people don't even know their home wifi pass

>>52631445
you got it?

Well, that could work. It's a good idea.

I meant... could fail sometimes, but, people are dumb.

>>52631415

>wifiphisher

Yeah, but requires either dumb victim, or you be able to recreate the real router admin page, otherwise it's easy to spot, and so many things can go wrong.

like
>>52631452

User will just pick a new password for wifi, and that will be useless for you.


I'd rather use the fake AP to deliver a browser exploit (java/flash/whatever...) to exfiltrate the password.

>>52631098

They're not. In actuality reaver will work 99% of the time even with the retarded timeouts.

Routers have OS right? Did anyone try to make a "keylogger" for routers? Like some program that's inserted into router OS and receives all packets sent to router?

>>52631519
>inserted into router OS

Requires physical access to reflash the router in most cases, or to a pc connected with ethernet + admin credentials.

Could be done, but frankly overkill to syphon just the wifi password.

And in most cases, routers already have some backdoor kindly provided by manufacturer.

>>52631573
>Requires physical access to reflash the router in most cases

Not if the router has telnet or ssh access available. Telnet is highly improbable tho

>>52631519
>>52631573
>Moose – the router worm (...)

>>52628864
If he uses a good password you can't you stupid nigger.

>>52631607
lol

>>52631449

Yeah, could fail, but you can create a window who asks for a password, does not need to be in a webpage.

>>52631484

Most of them are dumb, but there is a lot of stuff you can do to make it more real and not suspicious. Like just send some .exe file as an Flash or Java update, this file will remove saved Wi-fi passwords, catch keyboard data and send it to you.

You know, there is a lot of things to do. First of all you need to set a profile victim, them you start to plan.

>>52631586
>Not if the router has telnet or ssh access available

This still assumes you have access to the internal network, which you don't.

> inb4 shitty router that expose admin interface to public IP

worth a try, and he can already infer the router brand by its MAC address, and possibly even precise model number remotely with pixie.

File: tips tinfoil.jpg (44 KB, 446x413) Image search: [Google]

44 KB, 446x413

>>52631573
>And in most cases, routers already have some backdoor kindly provided by manufacturer.

>>52631635
>Yeah, could fail, but you can create a window who asks for a password, does not need to be in a webpage.
He is making a bet with his friend that he can't find out the wifi password. I assume even the dumbest guy would get suspicious if by some coincidence a window plops up on his screen and asking for a wifi password a few days later.

>>52631635
unrelated but where can i find exploits that are not patched yet for window 8+

>>52631635
>Yeah, could fail, but you can create a window who asks for a password, does not need to be in a webpage

True but why would you have to put in your password which is most likely saved in your device? and you didn't change it? And you can connect to it in first place? like... srsly. you should kill yourself if you fall for that.

>>52631677

>>52631635
>remove saved Wi-fi passwords catch keyboard data and send it to you.

Why ? Why not just repack Wirelesskeyview and get the log data sent back to you ?

>>52631664
32764

I have random 50 letter long WPA2-AES pass, A-Z,a-z,0-9, !#$@% am I safe?
WPS turned off

Scriptkiddie lives next to my house and I would not be happy if he could access info about my shitposting on int and pol

>>52631696

That's is why I said:

YOU NEED TO CREATE A PROFILE OF THE VICTIM.

Who does not do it BEFORE an attack is a complete idiot.

>>52631677

Yes, I think you're right, he need to plot something.

File: forever_man.png (45 KB, 1075x463) Image search: [Google]

45 KB, 1075x463

>>52631743
if your router isn't vulnerable to WPS attacks

>>52631777
alright. lets go
>pay a hooker to flirt and get home with this friend
>hooker asks for password to watch some youtube vids etc
>???
>profit

>>52631803

kek, I used that calc too, but I found out sometimes it's a bit off with the math.

Btw I can safely agree with that in this case.

>>52631835

Haha, could work, but... No!

>>52631835
this

>>52631842
install a GPU-powered cracker and see how many keys/s you get with your hardware.
I get around 19k with my laptop...

>>52631835

> Hiring a hooker: 300$
> Winning the bet: 50$

> Total profit: -250$

>>52631855
ok lets not pay a hooker
>dress yourself as a girl
>ask for the wlan-key
>???
>you found out you really are gay
>profit

>>52631869

if it was a bet you would be right.

In the old days, we delivered something, not requested boring bullshit.
Fucking internet people can't google the solution, hm?

Bring your friend a ring or something.

Btw: Are you from India?

>>52631860

with "off with the math" I mean that it doesn't compute the exact number of chars you input, but up to.

Try it using lalpha, 1 char. ( 26^1 = 26)
>26 password combinations
lalpha, 2 chars (26^2 = 676)
>702 password combinations.

This is because it adds the possibility of the password being 1 char also. So 676 + 26 = 702

Let's say I'm looking for a password that is exactly 8 chars, because I already know the length, the math will be off.

I see nowhere in that page explaining that.

>>52631860
Wow, 19k keys with a gpu-powered cracker on a laptop's bad graphic card... thats shit m8.
You need much more gpu-power to use gpu-powered cracker like hashcat

>>52632039
I wonder how much k do these supercomputers have

>>52631415
>Wait until he/she open some webpage and enter the wireless password.

You are reading what you are writing m8?
Thats bullshit.

What you wanna say is the "evil twin" methode... but you failed to explain it.

>>52632021
Yeah thats true.
I mean its a waste of time to bruteforce a WPA2 key if you don't have further info's about it. Just a waste of time.

>>52632090
Thats write and at the most infrastructure don't allow any bruteforcing attacks or dictionary attacks. There are some other methodes how you can get the wpa passwd.

>>52632039
I know its shit. Do you want to buy me a new PC?

File: heh.gif (140 KB, 250x250) Image search: [Google]

140 KB, 250x250

>>52628787
"sup guys so i want to rob my neighbor's house but I just can't copy his door key, can anyone help me?

it's just to impress a friend lol :D"

kill yourself.

>>52632129
No, just saying it's shit and there are other methodes, not more.

>>52632076

Are you an idiot?

It is diferent. IT IS NOT the evil twin thing.

>>52633712
>Call me and idiot but wait until anyone tips in 10 hours his wpa passwd in a totally dumb way of a "webpage", dat logic

Explain me what the sense of this attack is? Pls Iam waiting.