NETGEARXX wordlist 1.08

Extremely effective WPA default wordlist

  1. gearjunkie

    gearjunkie Well-Known Member
    VIP

    Joined:
    28 Aug 2014
    Messages:
    454
    Likes Received:
    481
    This thread is for discussing the Netgear wordlist. I do not have a Maxis wordlist but if you are anyone wants to PM me screenshots and samples of the passwords used, I might be able to come out with one.
     
    • Like Like x 1
  2. my house

    my house Well-Known Member

    Joined:
    8 Dec 2014
    Messages:
    217
    Likes Received:
    134
    I know it has 10 characters (letter case) mix with digits
     
    • Like Like x 1
  3. Phizzle

    Phizzle Member

    Joined:
    7 Jun 2017
    Messages:
    1
    Likes Received:
    1
    Do you have another go to list that you use for that or did you use regular hashcat bruteforce options?

    I have a netgear capture that came up empty with the 1.07 list so I'm assuming the default pass was changed and I wondering what's the next easiest step.
     
    • Like Like x 1
  4. gearjunkie

    gearjunkie Well-Known Member
    VIP

    Joined:
    28 Aug 2014
    Messages:
    454
    Likes Received:
    481
    Go ahead and post the capture here. I will try it against my large adjective-noun list.
     
    • Like Like x 1
  5. my house

    my house Well-Known Member

    Joined:
    8 Dec 2014
    Messages:
    217
    Likes Received:
    134
    I am so sad because here nobody uses Netgear router
     
    • Winner Winner x 1
  6. Dragofly32

    Dragofly32 Well-Known Member

    Joined:
    12 Jun 2017
    Messages:
    5
    Likes Received:
    4
    Anyone wants to take a crack at this "MySpectrumWiFi9c-2G" I tried to crack it...but was unsuccessful.I uploaded the cap. file
     

    Attached Files:

    • Agree Agree x 1
  7. streetstyleplaya

    Joined:
    27 Jun 2017
    Messages:
    1
    Likes Received:
    1

    Attached Files:

    • Like Like x 1
  8. danimal

    danimal Well-Known Member

    Joined:
    19 Feb 2017
    Messages:
    2
    Likes Received:
    4
    Here's one that's giving me trouble if someone wants to take a crack at it. I've already used the 1.07 wordlist, no dice
     

    Attached Files:

    • Like Like x 1
  9. gearjunkie

    gearjunkie Well-Known Member
    VIP

    Joined:
    28 Aug 2014
    Messages:
    454
    Likes Received:
    481
    This Looks like the handshake I already cracked for you. :)
    --- Double Post Merged, 20 Jul 2017, Original Post Date: 20 Jul 2017 ---
    I ran my extended adjective-noun list on this but it looks like the password has been changed from the default.
    --- Double Post Merged, 20 Jul 2017 ---
    a20d3edb91f624fb094d8187ba6dd02e:a408f5471176:70e72c7daeeb:MySpectrumWiFi70-2G:shortturkey
    711


    Thanks for the new adjective :)
     
    • Like Like x 1
  10. epicstory

    epicstory Active Member

    Joined:
    9 May 2017
    Messages:
    7
    Likes Received:
    6
    How did your method work on MySpectrumWiFi? Is it a Netgear router with a changed SSID but default password?

    Could anyone help me with this NETGEAR91?
    Two cap files of the handshakes are attached.
     

    Attached Files:

    • Like Like x 1
  11. gearjunkie

    gearjunkie Well-Known Member
    VIP

    Joined:
    28 Aug 2014
    Messages:
    454
    Likes Received:
    481
    Charter and Spectrum use the same default passwords as Netgear.

    NETGEAR91:livelycomet168

    What did you use to capture the handshake? The format of the cap file is a bit different.
     
    • Like Like x 1
  12. epicstory

    epicstory Active Member

    Joined:
    9 May 2017
    Messages:
    7
    Likes Received:
    6
    Oh, interesting. I'll keep an eye out for SSIDs that follow that naming pattern.

    I use Wireshark which saves a .pcap or .pcap-ng type, which I then change to .cap because the forum won't let me post it otherwise. Let me know if my process is wrong.

    I checked out the Netgear router using the information provided and found something interesting. Let me know if this is off-topic. The Netgear router admin page gave me access to two other SSIDs dedicated to 2.4Ghz and 5Ghz signals. The SSIDs were patterned like:
    TG7672HF2
    with a corresponding password of:
    TG7672HF5D2FF2

    I'm wondering if this is the default behavior for Netgear routers because I see many other signals in my area patterned similarly. If that's the case, the password search space seems relatively small. The pattern for the password looks like:
    [the SSID minus the last character][6 alphanumeric characters, capital letters only]

    I've captured a handshake to another similarly patterned signal. Let me know if it's appropriate to explore this topic here and I can post the file.
     
    • Like Like x 1
    • Informative Informative x 1
  13. gearjunkie

    gearjunkie Well-Known Member
    VIP

    Joined:
    28 Aug 2014
    Messages:
    454
    Likes Received:
    481
    The wireshark process is fine. I was trying to figure out why cap2hccapx did not like your capture.

    Your finding is interesting and worth taking the time to investigate. Do upload the captures of those similarly patterned signal and I will see if they have similar passwords.
     
    • Agree Agree x 1
  14. mirko. mirko

    mirko. mirko New Member

    Joined:
    12 Jan 2017
    Messages:
    5
    Likes Received:
    4
    hi for find password just .cap? i up here i have try use same word list but no find(or i wrong use...)
    edit: netgear22
     

    Attached Files:

    • Agree Agree x 1
  15. epicstory

    epicstory Active Member

    Joined:
    9 May 2017
    Messages:
    7
    Likes Received:
    6
    I made a mistake in my previous pattern descriptions. I believe the pattern is this:
    TG1672GF2::TG1672G6D2FF2
    [ssid minus last two characters][6 alphanumeric characters, all capitals]

    I only have one example so it's hard to extrapolate, but it could even be possible that the pattern is actually:
    [ssid minus last two characters][4 alphanumeric characters, all capitals][the last two characters of the ssid]

    Attached is the cap of another similarly patterned SSID, TC8715D8B.

    Let me know if it would be helpful to provide any other examples/info.
     

    Attached Files:

    • Like Like x 1
  16. gearjunkie

    gearjunkie Well-Known Member
    VIP

    Joined:
    28 Aug 2014
    Messages:
    454
    Likes Received:
    481
    That is bad capture. Please try again and don't clean up the capture file.
    --- Double Post Merged, 2 Aug 2017, Original Post Date: 2 Aug 2017 ---
    Good work epicstory!

    TC8715D8B:TC8715D0E108B

    I also noticed that the capture is from a Technicolor router and not a Netgear. Is the SSID TG1672GF2 also from a Technicolor router? Are both routers from the same ISP?
     
    #416 gearjunkie, 2 Aug 2017
    Last edited: 2 Aug 2017
    • Like Like x 1
  17. mirko. mirko

    mirko. mirko New Member

    Joined:
    12 Jan 2017
    Messages:
    5
    Likes Received:
    4
     

    Attached Files:

    • Like Like x 1
  18. epicstory

    epicstory Active Member

    Joined:
    9 May 2017
    Messages:
    7
    Likes Received:
    6
    This is a pretty significant finding! The second pattern I described only has a 4-character search space, amazing!

    I'm new around these parts, so I'll follow your advice but should we move this topic to its own thread?

    I'll follow up this evening when I become available.

    Thanks for taking the time to explore the issue gearjunkie!
     
    • Agree Agree x 1
  19. mirko. mirko

    mirko. mirko New Member

    Joined:
    12 Jan 2017
    Messages:
    5
    Likes Received:
    4
    is first time to this i write here what i have do for make cap

    i have use OS kali Linux "light versione" my wirles usb is tp-link tl.wn727n(is here the problem?)

    i open command in desktop and write

    airmon-ng start wlan0mon for know name wlan for use command

    airodump-ng wlan0mon and find NETGEAR22 line

    airodump-ng -c 1 --bssid <MAC Address > -w file dump wlan0mon for capture ’handshake

    later i copi all in my usb and i post here

    is ok? i have lost/wrong? i read same guide but same no work and all wordliste no find pass... can help me?
     
    • Like Like x 1
  20. gearjunkie

    gearjunkie Well-Known Member
    VIP

    Joined:
    28 Aug 2014
    Messages:
    454
    Likes Received:
    481
    Sorry but its not in my large adjective-noun list so its very likely to have been changed from the default.
    --- Double Post Merged, 4 Aug 2017, Original Post Date: 4 Aug 2017 ---
    Yes, please start a new thread on it :)
     
    • Like Like x 1

Share This Page

Loading...