WPA / WPA2 Auditing Service

Discussion in 'Community Services' started by Mr. Penguin, 11 Apr 2013.

  1. Mr. Penguin

    Mr. Penguin Administrator
    Staff Member Admin Moderator VIP

    Joined:
    18 May 2012
    Messages:
    3,087
    Likes Received:
    1,186
    Trophy Points:
    351
    Post your cap files in the attachments in this thread and someone will check with their own wordlist or tool.

    i) Anyone who sells the cracked network details...that you get here for free on other sites will get a lifelong ban to this forum. If you suspect someone is doing it contact @Mr. Penguin http://xiaopan.co/forums/conversations/

    Rules
    1) Do Not Be Lazy - Spend 1 hour trying to crack yourself
    - Do some research to see if there are any vulerabilities and methods of hacking

    - Have your own small wordlist of commonly used passwords. Also try the network name as the password. Yes people are lazy and stupid. Take advantage.

    - Try commonly used password crackers Like Dumpper / RouterPWN that uses default algorthms to reveal the WPS or WPA keys

    - If you have a really good GPU / Graphics card why not download EWSA and try yourself? A 8 digit numerical password can be cracked in under 10 minutes

    - Use the latest Pixie Dust attack. Works great and you can crack Ralink, Broadcom, Belkin, D-Link and Realtek WPS enabled APs within seconds and offline too.

    2) If you crack something share it
    - It is always good to discover new exploits and patterns in networking. If your password seems somewhat of a default algo share the:
    Code:
    Select All
    a) Format: e.g: hex 8 digit or lowercase nine letters etc b) Network Name: c) MAC Address: d) Country: e) Router Model: f) Brand:
    Tip: See a router? take a photo of the back of it if it has the default password listed. This is how the Netgear vulnerability was found: http://xiaopan.co/forums/downloads/netgearxx-wordlist-by-gearjunkie.415/

    3) Try an online cracker, free or paid
    Heaps online, just need google WPA cracker online and so forth: http://goo.gl/29yojD

    4) Make it Easy
    a) Clean the cap. To reduce it's size. Should be under 1mb. This is one way to do it:
    http://xiaopan.co/forums/downloads/wpa-clean-and-convert-script.466/
    b) Cap files / handshakes can only be submitted as an attachment in this thread. Any external sites, PM, profile walls will be ignored and deleted)
    c) Ensure that a handshake was captured
    d) Do not send personal messages to users on here, keep it in this thread
    e) Do not continually ask for your cap/s to be cracked. Once is enough
    f) Do not double post
    g) If someone helped you, consider sending a donation to them to say thank you for their time and help.

    5) Provide the following information, more detail the more we can help you
    (Use this as a template and fill as much as you can for each network):
    Code:
    Select All
    a) I have attempted to crack the network/s using the following methods: b) I have tried the following password/s formats: c) Mac Address: d) Network Name: e) ISP: f) Model: g) Country: h) Phone number format/s: i) I believe the network could be in this format/s: j) I believe it to be a default password? Yes/No:
    Failure to break any of the rules above may result in a forum ban.

    Common Formats
    Code:
    Select All
    Phone numbers Lower case a-z Numbers 0-9 Mix of a-z 0-9 Hex A-F 0-9 MAC Address of the AP
    Length
    Typically 8,9 or 10. Anything outside these isn't feasible to crack affordably with current hardware and technology. When a password contains random symbols, numbers and letters this becomes not feasible as well


    6) Tools:
    a) Dumpper: http://sourceforge.net/projects/dumpper/
    b) Pixie Dust: http://xiaopan.co/forums/downloads/pixiewps.426/updates
    c) AutoPixieWPS: http://xiaopan.co/forums/downloads/autopixiewps.429/
    d) EWSA: http://xiaopan.co/forums/downloads/elcomsoft-wireless-security-auditor.399/
    e) Router Pwn: http://www.routerpwn.com/
    f) Mac Address Finder: http://hwaddress.com/
    g) Acrylic WiFI: https://www.acrylicwifi.com/en/wlan-software/wlan-scanner-acrylic-wifi-free/

    7) Helpful Threads / Resources / Forums
    a) Mr. Penguin's Guide to Hacking WPA / WPA2 with Xiaopan 0.4.5 + Minidwep + Password List
    b) Dummies Guide to Create a Phone Number List for WPA Attack
    c) WPA Handshake and Dictionary Attack
    d) Resources Manager
    e) Online Tools
    f) Dictionary, Passwords & Wordlists
    g) oclHashCat Plus

    Also note that you are leaving yourself open to publishing MAC addresses which can identify you as the owner or identify you nearby. Use at your own risk. We will not delete any caps you upload.

     
    #1 Mr. Penguin, 11 Apr 2013
    Last edited: 9 Jan 2016
    • Like Like x 4
  2. Xayaan.

    Xayaan. Active Member

    Joined:
    24 Jun 2013
    Messages:
    12
    Likes Received:
    0
    Trophy Points:
    31
    I have WPA handshake which i am having difficulty cracking since i don't have a Wordlist/Dictionary and I can't download a wordlist/dictionary since my current internet is limited to 2 GB per month and i need atleast 10GB to download a good wordlist [​IMG] . So the is anyone willing to crack my WPA for something in return? I cannot offer money though but i can offer something else. (Such as a month's free webhosting / Unlimited traffic and unlimited space ) And by the way , The Wifi from the which the WPA handshake was extracted from is Indian. Which means that the password will possibly be a indian name such as Sri vishnu or Jayashree or something like that. The first one to crack my WPA handshake will be rewarded with a smile. [​IMG]

    Download Link to WPA handshake : http://rapidshare.com/files/1684363702/08-86-3B-FD-CB-B0_handshake.cap
    SSID: belkin.3bb9
    BSSID:
    08:86:3b:fd:cb:b0
     
  3. Chicken_choker

    Joined:
    12 Jul 2013
    Messages:
    16
    Likes Received:
    0
    Trophy Points:
    16
    Vendor: Cytanet (Cyprus)
    Model: Thompson speedtouch (i have tried the password assigned to this box, owner has changed it)
    ISP: Cytanet (Cyprus)
    Password format: unknown
    SSID: CYTAD5C8D5
    Default ssid: yes
    Tried: default thompson password for this ssid.

    thanks to anyone who can run it through their dictionary.

    The cap file is attached below.
    Dave.




    - See more at: http://xiaopan.co/forums/threads/wpa-wpa2-cracking-service.3739/#sthash.KH8SUXTd.dpuf
     

    Attached Files:

    • scanap-01.cap
      File size:
      171.4 KB
      Views:
      188
      MD5:
      dbf56b9eb72eb9df92f0066901d17ec7
  4. meknb

    meknb Mod
    Moderator Dev Team VIP

    Joined:
    2 Jun 2012
    Messages:
    702
    Likes Received:
    144
    Trophy Points:
    161
    Probably because he doesn't want you using it, So you want someone to crack your neighboors router , you should only crack your own router.
     
    • Like Like x 2
  5. estimacamry

    estimacamry Tracker
    VIP

    Joined:
    3 Aug 2012
    Messages:
    552
    Likes Received:
    131
    Trophy Points:
    91
    I didn't see any handshake in it...did I miss something?
    scanap.png
     
    • Like Like x 1
  6. Chicken_choker

    Joined:
    12 Jul 2013
    Messages:
    16
    Likes Received:
    0
    Trophy Points:
    16
    index number 1 it is, CYTAD5C8D5, that is the whole available network list, file size 173kb, i have another file of 97Mb which must be the handshake, file name is targetap_wpa_01.cap, that seems a huge file, and too big to upload on here or any of the wpa crack sites.
    Maybe if i zip it and then post it here? i will try that. Thanks very much estimacamry.
    Dave
    --- Double Post Merged, 19 Jul 2013 ---
    tried to attach the zipped handshake file and it is still too large.
     
  7. estimacamry

    estimacamry Tracker
    VIP

    Joined:
    3 Aug 2012
    Messages:
    552
    Likes Received:
    131
    Trophy Points:
    91
    Use minidwep-gtk in Xiaopan, get the handshake for your target then post it up;)
     
    • Like Like x 1
  8. Chicken_choker

    Joined:
    12 Jul 2013
    Messages:
    16
    Likes Received:
    0
    Trophy Points:
    16
    i have pmmed you.

    I have the handshake file, but it is 97Mb in size, cannot post it here.
     
  9. kriss520

    kriss520 Member

    Joined:
    10 Jul 2013
    Messages:
    6
    Likes Received:
    0
    Trophy Points:
    6
    Vendor - NetherlandsModel- i dont know
    ISP- i dont know
    Password format - unknown
    SSID- ARV751992F23C
    Default SSID - YES ( I THINK SO )
    Tried - dutch dictionary, 8 digit wordlist and thats all.
     

    Attached Files:

  10. Mr. Penguin

    Mr. Penguin Administrator
    Staff Member Admin Moderator VIP

    Joined:
    18 May 2012
    Messages:
    3,087
    Likes Received:
    1,186
    Trophy Points:
    351
    You can submit to a file host and publish the link here :)
     
  11. Chicken_choker

    Joined:
    12 Jul 2013
    Messages:
    16
    Likes Received:
    0
    Trophy Points:
    16
    vendor: Cytanet
    ISP: Cytanet
    password format: unknown
    SSID: CYTAD5C8D5
    Default ssid: Yes

    As mentioned yesterday, i have recaptured the handshake, would someone please run it through their dictionary/ies .

    Thanks to all. (zipped .cap file is below)
     

    Attached Files:

  12. Mr. Penguin

    Mr. Penguin Administrator
    Staff Member Admin Moderator VIP

    Joined:
    18 May 2012
    Messages:
    3,087
    Likes Received:
    1,186
    Trophy Points:
    351
    Try the following Chicken_choker in Bold

    2000
    36
    CP0036??118
    F3B4E89C52

    2000
    47
    CP0047??U84
    5C702B4F23

    2002
    02 CP0202??HSH
    45FEA37DD1

    2005
    44
    CP0544??4LP
    26B793C714
     
  13. kriss520

    kriss520 Member

    Joined:
    10 Jul 2013
    Messages:
    6
    Likes Received:
    0
    Trophy Points:
    6
    and what with my request ?? please help me
     
  14. Chicken_choker

    Joined:
    12 Jul 2013
    Messages:
    16
    Likes Received:
    0
    Trophy Points:
    16
    i have tried the stated speedtouch default password for a manufacturing date of 2012 and 2009.
    i presume the box is fairly new as it is a new arrival to the area.
    I will try the ones you have suggested later.
    Thank you.
     
  15. estimacamry

    estimacamry Tracker
    VIP

    Joined:
    3 Aug 2012
    Messages:
    552
    Likes Received:
    131
    Trophy Points:
    91
    Seems that this cap file is corrupted, I get "libpcap-error while reading". Managed to clean it with Pyrit's stripLive and have uploaded it as "choker.cap" ;)
     

    Attached Files:

    • choker.cap
      File size:
      810 bytes
      Views:
      124
      MD5:
      b61873dcddb4141b70231f7ef26db14c
  16. Chicken_choker

    Joined:
    12 Jul 2013
    Messages:
    16
    Likes Received:
    0
    Trophy Points:
    16
    What a lovely person you are estimacamry,
    All i need now are one or two other helpful souls to run choker.cap through their dictionaries.

    regards all.
     
  17. estimacamry

    estimacamry Tracker
    VIP

    Joined:
    3 Aug 2012
    Messages:
    552
    Likes Received:
    131
    Trophy Points:
    91
    Provided they owned a fast machine;) running dictionaries are time consuming..maybe Crackerz Wave can give you a helping hand. He just got himself a new machine:p
     
    • Like Like x 1
  18. Chicken_choker

    Joined:
    12 Jul 2013
    Messages:
    16
    Likes Received:
    0
    Trophy Points:
    16
    i have pmmed him, thanks.
     
  19. kriss520

    kriss520 Member

    Joined:
    10 Jul 2013
    Messages:
    6
    Likes Received:
    0
    Trophy Points:
    6
    anybody can hack my handshake ??
     
  20. Chicken_choker

    Joined:
    12 Jul 2013
    Messages:
    16
    Likes Received:
    0
    Trophy Points:
    16
    hey estimacamry,
    i just noticed that the choker.cap (my handshake) file is just 810 bytes, is this correct? i thought they were a tad bigger, say a few hundred kbytes?
     
Loading...
  • About Us

    We are a community mixed with professionals and beginners with an interest in wireless security, auditing and pentesting. Feel free to check out and upload resources.


    You can also find us on: Twitter and Facebook

  • Donate to Us

    Did you find our forums useful? Feel free to donate Bitcoin to us using the form below. Those who donate the equivlent of $10 USD or more will be upgraded to VIP membership. Don't have Bitcoin? Use your credit card to GO VIP here. Don't want to fork out some coin? There are other ways to GO VIP. Bitcoin: 1LMTGSoTyJWXuy2mQkHfgMzD7ez74x1Z8K