NETGEARXX wordlist 1.07

Extremely effective WPA default wordlist

  1. my house

    my house Active Member

    Joined:
    8 Dec 2014
    Messages:
    63
    Likes Received:
    0
    Trophy Points:
    44
    Do you have maxis wordlist?
     
  2. gearjunkie

    gearjunkie Well-Known Member
    VIP

    Joined:
    28 Aug 2014
    Messages:
    449
    Likes Received:
    137
    Trophy Points:
    83
    This thread is for discussing the Netgear wordlist. I do not have a Maxis wordlist but if you are anyone wants to PM me screenshots and samples of the passwords used, I might be able to come out with one.
     
  3. my house

    my house Active Member

    Joined:
    8 Dec 2014
    Messages:
    63
    Likes Received:
    0
    Trophy Points:
    44
    I know it has 10 characters (letter case) mix with digits
     
  4. Phizzle

    Phizzle Member

    Joined:
    7 Jun 2017
    Messages:
    1
    Likes Received:
    0
    Trophy Points:
    6
    Do you have another go to list that you use for that or did you use regular hashcat bruteforce options?

    I have a netgear capture that came up empty with the 1.07 list so I'm assuming the default pass was changed and I wondering what's the next easiest step.
     
  5. gearjunkie

    gearjunkie Well-Known Member
    VIP

    Joined:
    28 Aug 2014
    Messages:
    449
    Likes Received:
    137
    Trophy Points:
    83
    Go ahead and post the capture here. I will try it against my large adjective-noun list.
     
    • Like Like x 1
  6. my house

    my house Active Member

    Joined:
    8 Dec 2014
    Messages:
    63
    Likes Received:
    0
    Trophy Points:
    44
    I am so sad because here nobody uses Netgear router
     
    • Winner Winner x 1
  7. Dragofly32

    Dragofly32 Member

    Joined:
    12 Jun 2017
    Messages:
    1
    Likes Received:
    0
    Trophy Points:
    6
    Anyone wants to take a crack at this "MySpectrumWiFi9c-2G" I tried to crack it...but was unsuccessful.I uploaded the cap. file
     

    Attached Files:

  8. streetstyleplaya

    Joined:
    27 Jun 2017
    Messages:
    1
    Likes Received:
    0
    Trophy Points:
    6

    Attached Files:

    • Netgear93-01.cap
      File size:
      678.2 KB
      Views:
      2
      MD5:
      af000547549688c05fa35ec3dd590308
    • Netgear93-02.cap
      File size:
      1.4 MB
      Views:
      2
      MD5:
      d74c97c8ff2c5bcc5a0655f17c56972a
  9. danimal

    danimal New Member

    Joined:
    19 Feb 2017
    Messages:
    1
    Likes Received:
    0
    Trophy Points:
    1
    Here's one that's giving me trouble if someone wants to take a crack at it. I've already used the 1.07 wordlist, no dice
     

    Attached Files:

  10. gearjunkie

    gearjunkie Well-Known Member
    VIP

    Joined:
    28 Aug 2014
    Messages:
    449
    Likes Received:
    137
    Trophy Points:
    83
    This Looks like the handshake I already cracked for you. :)
    --- Double Post Merged, 20 Jul 2017, Original Post Date: 20 Jul 2017 ---
    I ran my extended adjective-noun list on this but it looks like the password has been changed from the default.
    --- Double Post Merged, 20 Jul 2017 ---
    a20d3edb91f624fb094d8187ba6dd02e:a408f5471176:70e72c7daeeb:MySpectrumWiFi70-2G:shortturkey
    711


    Thanks for the new adjective :)
     
  11. epicstory

    epicstory New Member

    Joined:
    9 May 2017
    Messages:
    6
    Likes Received:
    0
    Trophy Points:
    1
    How did your method work on MySpectrumWiFi? Is it a Netgear router with a changed SSID but default password?

    Could anyone help me with this NETGEAR91?
    Two cap files of the handshakes are attached.
     

    Attached Files:

    • netgear91_1.cap
      File size:
      139 KB
      Views:
      3
      MD5:
      2150e82006efc97e4917076bb4d9625b
    • netgear91_2.cap
      File size:
      104.4 KB
      Views:
      2
      MD5:
      b759bb39821e8becaec9f73441020a95
  12. gearjunkie

    gearjunkie Well-Known Member
    VIP

    Joined:
    28 Aug 2014
    Messages:
    449
    Likes Received:
    137
    Trophy Points:
    83
    Charter and Spectrum use the same default passwords as Netgear.

    NETGEAR91:livelycomet168

    What did you use to capture the handshake? The format of the cap file is a bit different.
     
  13. epicstory

    epicstory New Member

    Joined:
    9 May 2017
    Messages:
    6
    Likes Received:
    0
    Trophy Points:
    1
    Oh, interesting. I'll keep an eye out for SSIDs that follow that naming pattern.

    I use Wireshark which saves a .pcap or .pcap-ng type, which I then change to .cap because the forum won't let me post it otherwise. Let me know if my process is wrong.

    I checked out the Netgear router using the information provided and found something interesting. Let me know if this is off-topic. The Netgear router admin page gave me access to two other SSIDs dedicated to 2.4Ghz and 5Ghz signals. The SSIDs were patterned like:
    TG7672HF2
    with a corresponding password of:
    TG7672HF5D2FF2

    I'm wondering if this is the default behavior for Netgear routers because I see many other signals in my area patterned similarly. If that's the case, the password search space seems relatively small. The pattern for the password looks like:
    [the SSID minus the last character][6 alphanumeric characters, capital letters only]

    I've captured a handshake to another similarly patterned signal. Let me know if it's appropriate to explore this topic here and I can post the file.
     
    • Informative Informative x 1
  14. gearjunkie

    gearjunkie Well-Known Member
    VIP

    Joined:
    28 Aug 2014
    Messages:
    449
    Likes Received:
    137
    Trophy Points:
    83
    The wireshark process is fine. I was trying to figure out why cap2hccapx did not like your capture.

    Your finding is interesting and worth taking the time to investigate. Do upload the captures of those similarly patterned signal and I will see if they have similar passwords.
     
  15. mirko. mirko

    mirko. mirko New Member

    Joined:
    12 Jan 2017
    Messages:
    5
    Likes Received:
    0
    Trophy Points:
    1
    hi for find password just .cap? i up here i have try use same word list but no find(or i wrong use...)
    edit: netgear22
     

    Attached Files:

    • dump-01.cap
      File size:
      361 bytes
      Views:
      1
      MD5:
      8af2f7c24a398f73e9875db5729e1d5e
  16. epicstory

    epicstory New Member

    Joined:
    9 May 2017
    Messages:
    6
    Likes Received:
    0
    Trophy Points:
    1
    I made a mistake in my previous pattern descriptions. I believe the pattern is this:
    TG1672GF2::TG1672G6D2FF2
    [ssid minus last two characters][6 alphanumeric characters, all capitals]

    I only have one example so it's hard to extrapolate, but it could even be possible that the pattern is actually:
    [ssid minus last two characters][4 alphanumeric characters, all capitals][the last two characters of the ssid]

    Attached is the cap of another similarly patterned SSID, TC8715D8B.

    Let me know if it would be helpful to provide any other examples/info.
     

    Attached Files:

    • TC8715D8B.cap
      File size:
      50.5 KB
      Views:
      3
      MD5:
      352646c5ac20b530376b0e73892f7cca
  17. gearjunkie

    gearjunkie Well-Known Member
    VIP

    Joined:
    28 Aug 2014
    Messages:
    449
    Likes Received:
    137
    Trophy Points:
    83
    That is bad capture. Please try again and don't clean up the capture file.
    --- Double Post Merged, 2 Aug 2017, Original Post Date: 2 Aug 2017 ---
    Good work epicstory!

    TC8715D8B:TC8715D0E108B

    I also noticed that the capture is from a Technicolor router and not a Netgear. Is the SSID TG1672GF2 also from a Technicolor router? Are both routers from the same ISP?
     
    #417 gearjunkie, 2 Aug 2017
    Last edited: 2 Aug 2017
  18. mirko. mirko

    mirko. mirko New Member

    Joined:
    12 Jan 2017
    Messages:
    5
    Likes Received:
    0
    Trophy Points:
    1
     

    Attached Files:

    • dump-01.cap
      File size:
      172.9 KB
      Views:
      5
      MD5:
      a90fdaa1c6585007ba8e562f5666259b
    • dump file zip.7z
      File size:
      107.2 KB
      Views:
      2
      MD5:
      13972656f34c190d0023c8c439a35958
  19. epicstory

    epicstory New Member

    Joined:
    9 May 2017
    Messages:
    6
    Likes Received:
    0
    Trophy Points:
    1
    This is a pretty significant finding! The second pattern I described only has a 4-character search space, amazing!

    I'm new around these parts, so I'll follow your advice but should we move this topic to its own thread?

    I'll follow up this evening when I become available.

    Thanks for taking the time to explore the issue gearjunkie!
     
  20. mirko. mirko

    mirko. mirko New Member

    Joined:
    12 Jan 2017
    Messages:
    5
    Likes Received:
    0
    Trophy Points:
    1
    is first time to this i write here what i have do for make cap

    i have use OS kali Linux "light versione" my wirles usb is tp-link tl.wn727n(is here the problem?)

    i open command in desktop and write

    airmon-ng start wlan0mon for know name wlan for use command

    airodump-ng wlan0mon and find NETGEAR22 line

    airodump-ng -c 1 --bssid <MAC Address > -w file dump wlan0mon for capture ’handshake

    later i copi all in my usb and i post here

    is ok? i have lost/wrong? i read same guide but same no work and all wordliste no find pass... can help me?
     
Loading...
  • About Us

    We are a community mixed with professionals and beginners with an interest in wireless security, auditing and pentesting. Feel free to check out and upload resources.


    You can also find us on: Twitter and Facebook

  • Donate to Us

    Did you find our forums useful? Feel free to donate Bitcoin to us using the form below. Those who donate the equivlent of $10 USD or more will be upgraded to VIP membership. Don't have Bitcoin? Use your credit card to GO VIP here. Don't want to fork out some coin? There are other ways to GO VIP. Bitcoin: 1LMTGSoTyJWXuy2mQkHfgMzD7ez74x1Z8K