Issue I know part of the WPA2 password... need help

Discussion in 'Xiaopan Support' started by seanbperiod, 14 Feb 2015.

  1. seanbperiod

    seanbperiod Active Member

    Joined:
    29 Jan 2015
    Messages:
    4
    Likes Received:
    0
    Hello

    I have all but 4 letters/numbers of a wifi password and I'm wondering if there is a program/tool/script that can hammer the different hexadecimal combinations until it successfully logs on?

    (The password uses the router's model number followed by the last 6 digits of its MAC Address - which I don't have access to. However I have the last 2 digits of the MAC address, because it's in the wifi network's name (also automatically setup by default)

    So basically.. The Wifi network's name is: DDW3655B and the password is: DDW365 XXXX 5B

    I've figured out that there is about 3760 different combinations.

    What's the easiest way to solve for X? =D

    Thanks!
     
  2. gearjunkie

    gearjunkie Well-Known Member
    VIP

    Joined:
    28 Aug 2014
    Messages:
    454
    Likes Received:
    481
    An easy way is to get a capture of the handshake and then throw it into a program like EWSA or Hashcat using brute force attack. It will take some time to capture the handshake and install one of the programs but only a few seconds (or less) for the program to crack it. This is assuming that the default password has not been changed.
     
  3. seanbperiod

    seanbperiod Active Member

    Joined:
    29 Jan 2015
    Messages:
    4
    Likes Received:
    0
    So there's no tool that will just go through trying a variety of given passwords and connect to the AP?

    Are you suggesting to capture packets, then enter the 3700+ combinations into a dictionary and have a program crack it?

    I'm just not certain if there is enough traffic to capture packets.
     
  4. gearjunkie

    gearjunkie Well-Known Member
    VIP

    Joined:
    28 Aug 2014
    Messages:
    454
    Likes Received:
    481
    I do not know of such a tool but maybe somebody else does and can comment on it.

    You just need to capture the handshake once and then set up a mask once for a brute force attack. The program will try all possible combinations for you.
     
  5. seanbperiod

    seanbperiod Active Member

    Joined:
    29 Jan 2015
    Messages:
    4
    Likes Received:
    0
    I appreciate your help gearjunkie..

    I'm a bit new to this.. any chance you could give me some terminal strings that I need to type? I'm good at following guides, but it's a bit difficult for me to figure out on my own =/
     
  6. gearjunkie

    gearjunkie Well-Known Member
    VIP

    Joined:
    28 Aug 2014
    Messages:
    454
    Likes Received:
    481
    Here are the instructions on how to capture the handshake using Xiaopan and Minidwep. We need the capture file in the hccap format.

    Once you have obtained the handshake, download hashcat and extract it to a folder of your choice. Open up a command prompt, change directory to the folder you just made, and type in

    hashcat -m 2500 -a 3 -1 ?dABCDEF capture.hccap "DDW365 ?1?1?1?1 5B"

    Substitute hashcat with the appropriate binary for your OS (Example in Windows 7 64-bit use hashcat-cli64.exe) and capture.hccap with the capture file from the first step. If you have done everything right up to this point, you will get the results in a few seconds.
     
  7. isidroco

    isidroco Active Member

    Joined:
    8 May 2015
    Messages:
    1
    Likes Received:
    0
    4 hex digits makes 16^4 possible numbers (65536 combinations)
     
  8. homizeno

    homizeno Member

    Joined:
    27 Aug 2015
    Messages:
    2
    Likes Received:
    0
    A PoC has already been made pertaining to this type of attack!!
    and get this ... it's not only for DDW365 Networks either.

    it about 7 or so.

    Here is the link: https://github.com/GuerrillaWarfare/Crippled

    to be more specific, Here is the python file for the attacks on such modems:
    https://github.com/GuerrillaWarfare/Crippled/blob/master/modules/modem.py

    :)

    Enjoy!
    --- Double Post Merged, 27 Aug 2015, Original Post Date: 27 Aug 2015 ---
    I'd say just use this instead. This works alot better.

    ... has for me anyway. Hope it works well for you too man.

    https://github.com/GuerrillaWarfare/Crippled/blob/master/modules/modem.py
     

Share This Page

Loading...