WPA cracking questions

[m-Ho2]

Hi, i have a couple questions about WPA PSK(not WPA2) cracking, im hoping you guys can help me solve them!

1. After getting the 4 way handshake, is it okay to disconnect from the network and brute force/dictionary attack the key?

2. Apparently the key is only HEX, there is no passphrase, the hex of course is 64 char long. is this possible?

3. What would be the best way to solve this key? pipe JTR or crunch through aircrack, use rainbow tables, or something else?


Just a backstory on what network im trying to crack:
Im in grade 12 and im in a networking class, knowing more than the average dolt in my class about computers i am well ahead on all of the assignments, my teacher asks if i want an extra assignment, for a bonus, i say sure. so he sets up a router with a wep password and says 'see if you can get in' so i run through aircrack, and sure enough im in within 10 minutes. Now hes set it to this, WPA. with the only clue that its 64 char long.

[pieface]

Yes once you capture fourway handshake you ca. Disconnect and brute force the password off line.

Try cowputty for bruteforcing the password.

Someone else will be able to give you a better understanding than me.

[pureh@te]

The chances of you bruteforcing a 64 character password are slim to none

[kidFromBigD]

Quote:

Originally Posted by pureh@te

The chances of you bruteforcing a 64 character password are slim to none

Yes, exactly. pureh@te should know.

You may ask for another clue about the passphrase itself. Your instructor may have set the password to 64 of the same character. In that case, you job will be easy. If he offers no clues, you might start there anyways.

A good way to generate your passphrases would be to use crunch:

Code:

crunch 64 64 0 -t (pattern) > all0.txt
crunch 64 64 1 -t (pattern) > all1.txt
...
crunch 64 64 F -t (pattern) > allF.txt

Where: (pattern) would be 64 of the @ character.

Best of luck! Report back how it goes for you.

[m-Ho2]

Thanks, ill see if i can get some hints tomorrow in class, ill also bring home the .cap file. heh maybe i could use all of the computers in my class for a cluster, and solve it :P

but if it is indeed a randomized 64 HEX key, i realise the filesize of the wordlist would be huge, and piping from crunch would take a year or longer, there is no shortcut is there? (i guess there would be other ways to crack into the system and scavenge for the keys, but im talking wifi)

Quote:

Originally Posted by kidFromBigD

Yes, exactly. pureh@te should know.

You may ask for another clue about the passphrase itself. Your instructor may have set the password to 64 of the same character. In that case, you job will be easy. If he offers no clues, you might start there anyways.

A good way to generate your passphrases would be to use crunch:

Code:

crunch 64 64 0 -t (pattern) > all0.txt
crunch 64 64 1 -t (pattern) > all1.txt
...
crunch 64 64 F -t (pattern) > allF.txt

Where: (pattern) would be 64 of the @ character.

Best of luck! Report back how it goes for you.

[mikec]

There are approximately 1.157e77 different possible passwords.

If you created all of them and stored them on disk it would take approximately 7.526e66 terabytes of hard drive space. That is almost a 1 Terabyte hard drive for every atom in the observable universe.

It's true that you could pipe it straight through and that you would not need to store the passwords. Even if you could try 10,000 passwords in a second (much, much faster than typical) it would take 3.671e65 YEARS to try them all. You could harness the power of 1 million computers, in with case it would only take 3.671e59 years. It is not feasible that you will crack this password given all the computing power on Earth.

Now, of course, you should ask him if there is any trend in the password, like "123123123..." etc. That would help.

P.S. I am assuming it takes 1 byte to store a character and that each 64 character password is separated by a newline.

[m-Ho2]

Yep, it was all "0"'s i dunno how i could have cracked it otherwise :/

thanks guys!