NETGEARXX wordlist 1.08

Extremely effective WPA default wordlist

  1. Ntrain2k

    Ntrain2k Well-Known Member

    Joined:
    31 Oct 2012
    Messages:
    111
    Likes Received:
    114
    • Like Like x 1
  2. petrovivo1234

    petrovivo1234 Well-Known Member
    VIP

    Joined:
    19 May 2018
    Messages:
    450
    Likes Received:
    537
    7cdb988dc865:fcd8489cd620:MySpectrumWiFi67-2G:mobileturtle354
     
    • Like Like x 3
  3. Garry Andrew

    Garry Andrew Well-Known Member

    Joined:
    31 Jul 2012
    Messages:
    34
    Likes Received:
    28
    Hello everybody. Discovered that Netgear has a relatively new alias. Especially when it comes to their default essid. In case you dont know Netgear is using the name ORBI instead of Netgear in some of its default ESSID's. Therefore instead of finding say NETGEAR75, you might find ORBI75. I will upload some interesting pictures. Feel free to collect ORBI compliance labels from the regular sites and post the info here if its not in the V1.08 list.

    Note the ORBI series is advertised as satellite series. This just means the system has multiple wifi receivers. The word satellite does not refer to the ones spinning round the earth.

    Now if you have ORBI in your essid list, run the wordlist, as ORBI is Netgear!

    Enjoy !

    Garry
     

    Attached Files:

    • Like Like x 2
    • Friendly Friendly x 1
  4. kn0w1

    kn0w1 Well-Known Member

    Joined:
    16 Dec 2018
    Messages:
    18
    Likes Received:
    19
    Thank you so much for the advice and help. Ill check out that ULM - sounds killer. Thats awesome to clarify the askey models - In my recon Ive noticed several of those askeys in the same " group" with sagecom charters. Been using the same attack against all. Im gonna upload a few Ive had no luck with. I started collecting pcaps and tryin to break those, but have had more luck with the pmkid. Ill post the ones I been successful on, should I upload the POTFILE only or do you need ESSID info too? Thanks again
    --- Double Post Merged, 1 Jun 2020 ---
    AWESOME - thank you for those pics. Ive located one if those - cloaked.. These are great - thanx !
    --- Double Post Merged, 1 Jun 2020 ---
    Here are just a few charter wifi caps i havent been able to crack - mycharterwifi3g - which has two MACs - 2 devices..-
    one beginning 1C: - charter supplied sagecom gateway - the other CC: Netgear. These might be messy - I can recap if necessary. I have pmkids I can post as well, those Ive had success with, see below.
    Heres the ones Ive cracked - using netgearkiller or rockyou, with hashcat64.exe -m 16800 -a 6 -w 4 0222.hccapx NetgearKiller.dict ?d?d etc.
     

    Attached Files:

    • Like Like x 1
    • Friendly Friendly x 1
  5. Ntrain2k

    Ntrain2k Well-Known Member

    Joined:
    31 Oct 2012
    Messages:
    111
    Likes Received:
    114
    I got one of them to pop. Something wrong with the attached pcap.

    1cb04477f63a:64166640884b:MySpectrumWiFi3c-2G:watchglobal570
    1cb04477f63a:64166640884b:MySpectrumWiFi3c-2G:watchglobal570
    1cb04477f63a:64166640884b:MySpectrumWiFi3c-2G:watchglobal570
    1cb04477f63a:64166640884b:MySpectrumWiFi3c-2G:watchglobal570
    1cb04477f63a:64166640884b:MySpectrumWiFi3c-2G:watchglobal570
    1cb04477f63a:64166640884b:MySpectrumWiFi3c-2G:watchglobal570
    1cb04477f63a:18b430f4b5ee:MySpectrumWiFi3c-2G:watchglobal570
    1cb04477f63a:64166640884b:MySpectrumWiFi3c-2G:watchglobal570
    1cb04477f63a:64166640884b:MySpectrumWiFi3c-2G:watchglobal570
    1cb04477f63a:64166640884b:MySpectrumWiFi3c-2G:watchglobal570
    1cb04477f63a:64166640884b:MySpectrumWiFi3c-2G:watchglobal570
    1cb04477f63a:18b430f4b5ee:MySpectrumWiFi3c-2G:watchglobal570
    1cb04477f63a:64166640884b:MySpectrumWiFi3c-2G:watchglobal570
    1cb04477f63a:64166640884b:MySpectrumWiFi3c-2G:watchglobal570
    1cb04477f63a:64166640884b:MySpectrumWiFi3c-2G:watchglobal570
    1cb04477f63a:18b430f4b5ee:MySpectrumWiFi3c-2G:watchglobal570
    1cb04477f63a:18b430f4b5ee:MySpectrumWiFi3c-2G:watchglobal570
    1cb04477f63a:64166640884b:MySpectrumWiFi3c-2G:watchglobal570
    1cb04477f63a:64166640884b:MySpectrumWiFi3c-2G:watchglobal570
    1cb04477f63a:64166640884b:MySpectrumWiFi3c-2G:watchglobal570
    1cb04477f63a:18b430f4b5ee:MySpectrumWiFi3c-2G:watchglobal570
    1cb04477f63a:64166640884b:MySpectrumWiFi3c-2G:watchglobal570
    1cb04477f63a:64166640884b:MySpectrumWiFi3c-2G:watchglobal570
    1cb04477f63a:64166640884b:MySpectrumWiFi3c-2G:watchglobal570
    1cb04477f63a:64166640884b:MySpectrumWiFi3c-2G:watchglobal570
    1cb04477f63a:64166640884b:MySpectrumWiFi3c-2G:watchglobal570
    1cb04477f63a:18b430f4b5ee:MySpectrumWiFi3c-2G:watchglobal570
    1cb04477f63a:18b430f4b5ee:MySpectrumWiFi3c-2G:watchglobal570
    1cb04477f63a:64166640884b:MySpectrumWiFi3c-2G:watchglobal570
     
    • Like Like x 1
  6. chunkylover2500

    chunkylover2500 Well-Known Member

    Joined:
    9 Dec 2019
    Messages:
    59
    Likes Received:
    84
    That's amazing! Thanks for doing the recon! I've been focusing on my uncracked Askeys for a while but I've also been wanting to do a big netgear crackathon as well. I'll give those captures a shot if by that time someone hasn't cracked them yet
    --- Double Post Merged, 1 Jun 2020, Original Post Date: 1 Jun 2020 ---
    I also got errors for 2 of those pcap files
     
    • Like Like x 1
    • Agree Agree x 1
  7. kn0w1

    kn0w1 Well-Known Member

    Joined:
    16 Dec 2018
    Messages:
    18
    Likes Received:
    19
    Awesome brother thank you! that one has been elusive - wrong attack im sure...
    --- Double Post Merged, 2 Jun 2020, Original Post Date: 1 Jun 2020 ---
    Thanks for the nice words brother! Ive been workin on this solo for so long its amazing to have some help from some friends. Ive alot more pcaps I can post - as well as a long list from hcxdumptools with some cool identifying info, essid, mac address stuff if thats useful, it seemed to dump some passwords with it, but I cant tell what MAC?AP they go with. Ill start sorting my madness pile here and upload some stuff. BTW - on running the noun + noun attack on askeys, how do I merge the two noun or noun_large files to accomodate that attack? I did download a merge.sh file from github - honestly ive no idea how to work it... python it looks like? not sure.. I just tried when I woke up - but only one noun and 3 digi on side, it did crack one tho lol but its one I already had. That charter 1c is the first in a big string if AP's, charter AP - netgear AP- ORBI - netgear extenders- also a Mikrotik that I cant get around as well as two ATT's. Ill recapture and upload if I dont have them orderly, I suspect given the network structure they might share passwords...
    Sorry for the bad caps uploaded. Here are also a few other captures - hopefully functional - from the others APs Ive had no luck with, The Netgear router ( CC ) which is a EX8000 i believe, ATT and that mikrotik anomoly.. Thanks again to yall for your help and hard work - cheers!
     
    #927 kn0w1, 2 Jun 2020
    Last edited: 2 Jun 2020
    • Like Like x 1
  8. Ntrain2k

    Ntrain2k Well-Known Member

    Joined:
    31 Oct 2012
    Messages:
    111
    Likes Received:
    114
    No problem. That one was on the askey list.

    Looks like the ATT capture is messed up also.
    --- Double Post Merged, 2 Jun 2020, Original Post Date: 2 Jun 2020 ---
    I ran the other 2 and it was a no go.
     
    • Like Like x 1
  9. longshanks

    longshanks Well-Known Member
    VIP

    Joined:
    1 Jul 2016
    Messages:
    698
    Likes Received:
    527
    ATT cap only has broadcast message and message 1. (no handshake there)
    Mirotik cap, has two pmkids in it.
    532223d733c689e34126c82b3373a573*cc2de0bdce80*34d270b5298c*4d696b726f54696b2d424443453830
    127164e1e6c6e4bdf2bde3cc374dbf47*cc2de0bdce80*b0fc0d305a01*4d696b726f54696b2d424443453830
    Netgear cap is good. here is a cleaned Hccapx.
    You need to learn how to clean a cap properly, using wireshark. you export specified packets, choosing the broadcast message and M1,M2.
     

    Attached Files:

    • Like Like x 1
  10. Ntrain2k

    Ntrain2k Well-Known Member

    Joined:
    31 Oct 2012
    Messages:
    111
    Likes Received:
    114
    That's odd. It came up as the MySpectrum one I cracked earlier.

    cc40d04cfb0d:ec2ce201c75c:MySpectrumWiFi3c-2G:watchglobal570

    Session..........: hashcat
    Status...........: Cracked
    Hash.Name........: WPA-EAPOL-PBKDF2
    Hash.Target......: MySpectrumWiFi3c-2G (AP:cc:40:d0:4c:fb:0d STA:ec:2c:e2:01:c7:5c)
    Time.Started.....: Mon Jun 01 17:09:23 2020 (3 secs)
    Time.Estimated...: Mon Jun 01 17:09:26 2020 (0 secs)
     
    • Like Like x 1
  11. longshanks

    longshanks Well-Known Member
    VIP

    Joined:
    1 Jul 2016
    Messages:
    698
    Likes Received:
    527
    Which cap are you talking about?
     
    • Like Like x 1
  12. Ntrain2k

    Ntrain2k Well-Known Member

    Joined:
    31 Oct 2012
    Messages:
    111
    Likes Received:
    114
    The one you attached above.


    Netgear420.hccapx.zip
     
    • Like Like x 1
  13. longshanks

    longshanks Well-Known Member
    VIP

    Joined:
    1 Jul 2016
    Messages:
    698
    Likes Received:
    527
    Oh ok, so thats already been cracked then?
     
    • Like Like x 1
  14. Ntrain2k

    Ntrain2k Well-Known Member

    Joined:
    31 Oct 2012
    Messages:
    111
    Likes Received:
    114
    • Like Like x 1
  15. longshanks

    longshanks Well-Known Member
    VIP

    Joined:
    1 Jul 2016
    Messages:
    698
    Likes Received:
    527
    Yes , maybe he renamed it wrong.
     

    Attached Files:

    • net.png
      net.png
      File size:
      301.4 KB
      Views:
      14
    • Like Like x 1
  16. kn0w1

    kn0w1 Well-Known Member

    Joined:
    16 Dec 2018
    Messages:
    18
    Likes Received:
    19
    Thanks for the attempt - I may recapture them if that would help...
     
    • Like Like x 1
  17. longshanks

    longshanks Well-Known Member
    VIP

    Joined:
    1 Jul 2016
    Messages:
    698
    Likes Received:
    527
    Just the ATT , check it with wireshark too, usually i first check it with: aircrack-ng xx.cap
    then wireshark to clean it.
    then cap2hccapx to convert it.
     
    • Like Like x 1
  18. kn0w1

    kn0w1 Well-Known Member

    Joined:
    16 Dec 2018
    Messages:
    18
    Likes Received:
    19
    Thank you Longshanks - I will learn that immediately, I feared some of my caps were messy..
    --- Double Post Merged, 2 Jun 2020, Original Post Date: 2 Jun 2020 ---
    So looking at this I am realizing that since the myspetrumwifi3c cracked earlier is related to the ATT somehow- (part of same convoluted network - the owner has a whole crap load of ap's there in one house and a exterior building) is that why they came up with the same pass? ,
    Im gonna recapture the ATT now and try that out - BTW - the CC:0D MAC is the Netgear router that is connected to the myspectrumwifi3c cracked earlier by Ntrain if that helps with the network relationship. I believe all these pcaps Ive posted are in the same house- randomly connected.
     
    • Like Like x 1
  19. longshanks

    longshanks Well-Known Member
    VIP

    Joined:
    1 Jul 2016
    Messages:
    698
    Likes Received:
    527
    [​IMG]

    Here, have a look at this, i made this video to teach someone else. Its just a demo.
    https://mega.nz/file/TzB3ACoY#TiNIR41AQo8xaOqIcUlzQ-AtheIZ-KPrdgYdTYYao2s
    First use eapol as a filter to choose m1 and m2 (make sure the mac's correspond correctly)
    then use this as a filter, then choose the broadcast message.
    wlan.fc.type_subtype == 0x08 || wlan.fc.type_subtype == 0x05 || eapol

    then export specified packets and choose marked packets only (3) and name it.
     
    #939 longshanks, 2 Jun 2020
    Last edited: 2 Jun 2020
    • Like Like x 2
    • Informative Informative x 1
  20. kn0w1

    kn0w1 Well-Known Member

    Joined:
    16 Dec 2018
    Messages:
    18
    Likes Received:
    19
    Im looking for some details on cleaning that capture using wireshark - is there a easy way to explain that or should I keep digging for tutorials
     
    • Like Like x 1

Share This Page

Loading...