What are some good word-lists for bruteforce attacks ?

tried wifite WPS pixie attack it just says failed to associate and can't get any successful tries on WPS pin attack either.

I saw an article about some dude using Amazon EC2 cloud computers to brute force WPA for $1.50 in bought computer time but I'm not sure what he's talking about. I see you can buy time on rigs with 4 nvidia cards or so and they're decently fast, not gonna brute force it in less than an hour or anything crazy though.

nvidia drivers/windows 10

>I think most default wifi passwords are 8 or 10digits all capital or all lower case hex
(16^8*)*2+(16^10)*2 is about 2 trillion passwords. I wonder how long that would take

Is that not called a dictionary attack?

2 trillion is in few hours on a modern gpu

The NSA has all the dictionaries worth having in the current year.

Assuming you can test them as fast as you generate them. Also assuming there isn't any sort of protection in play against this (i.e. key stretching or a simple lockout after multiple failed attempts).

you get the 4 way handshake and test against the hash in that. my shitcan computer test 230 million keys overnight.

Depends on the APs. I mean where I live (UK) nearly everybody around here is with Virgin Media, whose default password are all 8 characters, lowercase a-z. It's still a huge set (at least I assume it is, maybe can maths it) and I got bored of waiting.

I find most of this stuff is much more fun in theory than in practice.

if you get the mac address you can look up the brand and some possible default passwords. All the ones I'm looking at are 10 character uppercase hex. so only 1 trillion combinations. probably could do it in under an hour if i rent an amazon cloud pc with multiple gpus

>8 characters, lowercase a-z
26^8 = only 200 billion lol

sorry but could you explain how to do that formula?

yeah it's combinations and permutations.

hexadecimal is numbers 0-9 and ABCDEF so 16 possible characters. 16 characters raised to the 10th power for 10 length password = a trillion or so.

for example a 1 length password in this format has 16^1 or 16 possible combinations:
[0-F]
a 2 length password has 16^2 or 256 possible combinations
[0-F] [0-F]

oh shit thanks so it's just
amount of characters it could be using^password length?
always wondered this

yeah

Americans don't learn combinatorics in HS?

Yeah if it allows repeatable characters it's (number of allowed characters)^(number of character places)

If repeatable characters aren't allowed it's (n!)/(n-k)! where n is number of allowed characters and k is number of character places.

If you're just looking at subsets (order of placements doesn't matter, think of lottery numbers) it's binomial coefficients.

>Americans don't learn combinatorics in HS?
UK fag, not sure if we were taught it I didn't pay much attention

this desu wondering how you don't know that lol. i learned combinations and permutations junior year in high school

aws.amazon.com/ec2/pricing/on-demand/

looking at the pricing of the GPU clusters. looks like you could rent a cluster of 32 for $8 an hour. atleast I think that's what they mean by vCPU, it does say GPU instance not sure why they would need 32 CPUs. damn thats not bad, 32 gpus shit that would probably be fast as hell if you used hashcat.

2nd this

Interesting did not know this, it's obvious in hindsight.

Cool.

UK here, I wasn't taught it but it sounds like higher maths and I was a dumb shit. Or am a dumb shit, I suppose.

ah nvm, actually the most expensive and best, $14 an hour, is 16 gpus. still blazing fast!

aws.amazon.com/blogs/aws/new-p2-instance-type-for-amazon-ec2-up-to-16-gpus/

>2016 + 0.91666666
>bruteforcing still exist
>
>install kali linux meme

Fux y00! Kali is amazing

Paying by the hour to rent hardware for bruteforcing shows quite a level of dedication. Wouldn't they throw a shit fit?

i would love for you to give me an example...
>inb4 metasploit being used on an unpatched 4yo vuln
>maybe aircrack if you are willing to buy a nice antenna

>aircrack
>antenna
Is this really necessary?

>Wouldn't they throw a shit fit?
? what do you mean? i would just download nvidia drivers and ocl hashcat, then i have a hccap file i want to bruteforce. it would prob take an hour or less.

to clarify: I'm not bruteforcing by repeatedly trying to login to the wifi, I have a WPA handshake file which contains a salted hash that you can brute force

Look up fluxion

why would you brute force a wifi?

>Rainbow Table

Proof of concept / just 'cause / shits and giggles. I don't need free WiFi, I'm just a nerd.

...

I've been trying to figure out how the fuck to use Amazon AWS for the past hour but I'm guessing you have to have credentials not just money to rent a GPU cluster. That or their website is a lost cause and completely broken. Anyone ever tried using it before? Keeps telling me I'm only eligible for free tier but can't find and way to sign up for paid tier and can't find anything about it on google.

Y-you too

This. Rainbow tables are 20% faster than bruteforcing.

You need to make an account. Google also has Google Compute which is their direct competition for AWS and Microsoft has Azure. Pick whichever you want and have fun.

All of them require accounts with billing enabled and a payment method on file. You won't be billed if you stay in the free-tier and if you cancel before the free period ends in most cases. Read the billing terms and see.

>t someone who works with AWS for a living and used to work with Google Cloud Storage and Compute.

love, secret, sex, God

If you've can access a decent rainbox table, the decent ones for Ophcrack were expensive.

you probably found the dumbest way to crack a wpa

>le epik haxor xD
>frogposting
>even considering a bruteforce attack
>>>/reddit/

>wordlist attack
>brute force attack
Pick one, luser.