WPA / WPA2 Auditing Service

Discussion in 'Community Services' started by Mr. Penguin, 11 Apr 2013.

  1. meknb

    meknb Mod
    Moderator Dev Team VIP

    Joined:
    2 Jun 2012
    Messages:
    702
    Likes Received:
    202
    They would be tiny if you Cleaned Your Caps You are doing something wrong, if you Clean them then test your cleaned cap."not rocket science"
     
    #1141 meknb, 14 Nov 2015
    Last edited: 14 Nov 2015
    • Like Like x 1
  2. gearjunkie

    gearjunkie Well-Known Member
    VIP

    Joined:
    28 Aug 2014
    Messages:
    454
    Likes Received:
    481

    i dont know what is wrong...im try connect with 3 device but all fails:banhappy:[/QUOTE]

    Your capture is bad so its possible this is a false positive.

    # pyrit -r duanza86\@unifi.cap analyze
    Pyrit 0.4.0 (C) 2008-2011 Lukas Lueg http://pyrit.googlecode.com
    This code is distributed under the GNU General Public License v3+

    Parsing file '[email protected]' (1/1)...
    Parsed 5 packets (5 802.11-packets), got 1 AP(s)

    #1: AccessPoint 94:fb:b3:f3:be:45 ('duanza86@unifi'):
    #1: Station 00:e0:4c:83:34:11, 2 handshake(s):
    #1: HMAC_SHA1_AES, bad, spread 1
    #2: HMAC_SHA1_AES, bad, spread 1
     
    • Like Like x 1
    • Informative Informative x 1
  3. ellisjuan

    ellisjuan Active Member

    Joined:
    12 Mar 2015
    Messages:
    7
    Likes Received:
    5
    Ok; I finally think I got it. I'm not sure WTF I did last time, but I tried again with pyrit, and came up with different results this time. The file sizes are different than when I first cleaned them, and found that one of them was bad.

    Thanks for the advice and the help.

    00west.cap - SSID= 200 WEST FOY
    00lnkdenext.cap - SSID= linksys_den_EXT

    lnk-01.cap - SSID= linksys_den (this one was bad)
     

    Attached Files:

    #1143 ellisjuan, 15 Nov 2015
    Last edited: 15 Nov 2015
    • Like Like x 1
  4. gearjunkie

    gearjunkie Well-Known Member
    VIP

    Joined:
    28 Aug 2014
    Messages:
    454
    Likes Received:
    481
    I will take a look at the captures you just posted. What country are these from?

    I went through both you captures and found one:

    linksys_den_EXT:10a5d06a368f:4a94fc7163f6:workshop
     
    #1144 gearjunkie, 15 Nov 2015
    Last edited: 15 Nov 2015
    • Like Like x 1
  5. ellisjuan

    ellisjuan Active Member

    Joined:
    12 Mar 2015
    Messages:
    7
    Likes Received:
    5
    Awesome, thank you! They are from the US. I'll send you some food if you can crack the other one. Maybe something non-perishable that you can only get here? Just a thought. Thanks again!
     
    • Like Like x 1
  6. gearjunkie

    gearjunkie Well-Known Member
    VIP

    Joined:
    28 Aug 2014
    Messages:
    454
    Likes Received:
    481
    I got chuckle thinking of you sending me a fruitcake :D Seriously, thanks for your offer but it is not necessary.

    I will try out US phone numbers and my large adjective-noun word list on your first capture.
     
    • Like Like x 1
  7. vladinc

    vladinc Well-Known Member

    Joined:
    21 Oct 2012
    Messages:
    2
    Likes Received:
    1
    hey boys , been reading for a while and first post now..
    wander if anyone can give me a hand with a AP please
    my old Dell studio cant handle all that cracking :(
     

    Attached Files:

    • Like Like x 1
  8. birdybike

    birdybike Active Member

    Joined:
    22 Dec 2014
    Messages:
    37
    Likes Received:
    35
    Good day @gearjunkie , below i upload few recaptures file, dunno still bad or not...please try and see...thanks...

    Vendor: Unifi
    SSID: wifiunifi
    MAC Address: C8-D3-A3-DC-5B-B0
    Password format: no idea
    Country : Malaysia

    Vendor: Unifi
    SSID: kwtee92@unifi
    MAC Address: 94-FB-B3-85-2A-C5
    Password format: no idea
    Country : Malaysia

    Vendor: Unifi
    SSID: 3994522@unifi
    MAC Address: BC-96-81-20-FC-37
    Password format: no idea
    Country : Malaysia
     

    Attached Files:

    • Like Like x 1
  9. gearjunkie

    gearjunkie Well-Known Member
    VIP

    Joined:
    28 Aug 2014
    Messages:
    454
    Likes Received:
    481
    Sorry but the other one is not a US phone number (10 digits) or in the large Netgear adjective-noun wordlist that I am using.
    --- Double Post Merged, 24 Nov 2015, Original Post Date: 24 Nov 2015 ---
    Sorry for the slow reply but only one of them is workable:

    Code:
    Select All
    Parsing file '[email protected]' (1/1)... Parsed 3 packets (3 802.11-packets), got 1 AP(s) #1: AccessPoint 94:fb:b3:85:2a:c5 ('kwtee92@unifi'): #1: Station 24:24:0e:0d:d3:f5, 1 handshake(s): #1: HMAC_SHA1_AES, workable, spread 1
     
    • Like Like x 1
  10. futureorkun

    futureorkun Well-Known Member

    Joined:
    7 Jun 2012
    Messages:
    72
    Likes Received:
    52

    Attached Files:

    • Like Like x 1
  11. birdybike

    birdybike Active Member

    Joined:
    22 Dec 2014
    Messages:
    37
    Likes Received:
    35
    no worry @gearjunkie , thanks your help....have a good day...!!!
     
    • Like Like x 1
  12. reyman76

    reyman76 Well-Known Member
    VIP

    Joined:
    29 Jan 2013
    Messages:
    257
    Likes Received:
    37
    Your capture is bad so its possible this is a false positive.

    # pyrit -r duanza86\@unifi.cap analyze
    Pyrit 0.4.0 (C) 2008-2011 Lukas Lueg http://pyrit.googlecode.com
    This code is distributed under the GNU General Public License v3+

    Parsing file '[email protected]' (1/1)...
    Parsed 5 packets (5 802.11-packets), got 1 AP(s)

    #1: AccessPoint 94:fb:b3:f3:be:45 ('duanza86@unifi'):
    #1: Station 00:e0:4c:83:34:11, 2 handshake(s):
    #1: HMAC_SHA1_AES, bad, spread 1
    #2: HMAC_SHA1_AES, bad, spread 1[/QUOTE]
    thnks alot for info bro....how about wt another handshake file?...waiting for good result.....
     
    • Like Like x 1
  13. gearjunkie

    gearjunkie Well-Known Member
    VIP

    Joined:
    28 Aug 2014
    Messages:
    454
    Likes Received:
    481
    I have completed testing your one workable handshake (kwtee92@unifi) but nothing came up.
    --- Double Post Merged, 28 Nov 2015, Original Post Date: 28 Nov 2015 ---
    The handshake you posted was marked bad by pyrit so the result below might not work (false positive):

    besiktas:001ca80d8b6a:40f3089409bd:besiktas1990
    --- Double Post Merged, 28 Nov 2015 ---
    thnks alot for info bro....how about wt another handshake file?...waiting for good result.....[/QUOTE]

    Sorry but nothing came up after testing your other handshake.
     
    • Ok Ok x 1
  14. birdybike

    birdybike Active Member

    Joined:
    22 Dec 2014
    Messages:
    37
    Likes Received:
    35
    Sorry but nothing came up after testing your other handshake.[/QUOTE]

    thank you @gearjunkie :)
     
    • Like Like x 1
  15. Furkan Umut Şen

    Furkan Umut Şen Active Member

    Joined:
    4 Feb 2014
    Messages:
    24
    Likes Received:
    20
    SSID: SUPERONLINE-WiFi_3947
    MAC Address: F4:E3:FB:18:8D:46
    Password format: WPA2-PKS TKIP+AES
    Country : TURKEY
     

    Attached Files:

    • s.cap
      File size:
      714 bytes
      Views:
      8
    • Like Like x 1
  16. santaclos2008

    santaclos2008 Well-Known Member

    Joined:
    27 Jun 2012
    Messages:
    99
    Likes Received:
    73
    GearJunkie the below handshake belongs to my sister wifi.... tried my best but i am not failing the challenge... Tried all my dictionaries but i ran outof Luck...I will apprecaite your help if you can crack it down.

    Essid: U Idiot
    MAC Address: 00:0C:F6:FE:B5:18
    Password format: WPA-PKS TKIP
    Country : UAE

    Thank You.
     

    Attached Files:

    • Like Like x 1
  17. bingo5me

    bingo5me Member

    Joined:
    5 Dec 2015
    Messages:
    18
    Likes Received:
    15
    [/QUOTE]

    Vendor: UNIFI
    SSID: chengxin@unifi
    Mac Address: 1C-A5-33-28-16-55
    Country: Malaysia.
    Cap File: https://www.mediafire.com/?769xic96q5i5j1f

    The cap file is too big, unable to upload to xiaopan forum.
    I uploaded it to mediafire.
    Please help me find the key. Thanks.
     
    • Funny Funny x 1
  18. PhoenixCoder

    PhoenixCoder Well-Known Member
    VIP

    Joined:
    4 Jul 2015
    Messages:
    211
    Likes Received:
    197
    @bingo5me, you can clean your cap to make it a few Kbs. There's no reason to have a 48 MB file!
     
    • Like Like x 1
  19. gearjunkie

    gearjunkie Well-Known Member
    VIP

    Joined:
    28 Aug 2014
    Messages:
    454
    Likes Received:
    481
    This is also a bad capture. FYI, the default for this SSID is uppercase and digits of length 12. See the attached image below.

    [​IMG]
     
    • Friendly Friendly x 1
  20. Furqan Hanif

    Furqan Hanif Active Member

    Joined:
    21 Jul 2013
    Messages:
    31
    Likes Received:
    10
    Hello , Can Someone Help me with This .CAP...
    Can Someone Tell me Whats The Password Please...
    i am 100% sure that password is 8 Characters Long only and Password is Found in "Common Wordlist" Dictionary File , Which is On GpuHash.com Site but me not able to Find that File anywhere on Internet ... And it's Highly Possible that Password is Only Digits Based (i cracked another one , Same Bssid whose password is Digits based "44567867" and also found that , that it's WPS PIN is the WPA password), Less Chances that it includes Lower alpha Too but one Thing For Sure , Password is only 8 Characters Long .... Me don't have Strong PC , i Hope Someone help me here..
    So can someone Help me with this Cap...i
    And this Capture is Not Bad For Sure , GpuHash Showing Password Found (https://gpuhash.me/?menu=en-tasks-result&idreq=LmYkQvC93z) , aircrack also Accepting Handshake....
    (Cousin Wifi Who Lives Next to my House So No Need To worry, Cracking WIFI totally Legal here )
    Thanks in Advance...
    And Sorry For My English...

    Vendor : TP-LINK
    MAC : C4:E9:84:25:08:A0
    Format : WPA2 CCMP
    Country : Pakistan (Not Sure)
    ESSID : Raza Chawla
     

    Attached Files:

    #1160 Furqan Hanif, 6 Dec 2015
    Last edited: 6 Dec 2015
    • Crap Crap x 1

Share This Page

Loading...