WifFi Passwords

6 letters and 4 numbers that are effectively arbitrary.

"Password"

Hunter2

You should look into breaking WPA2 and you'll see why.

It's 321321321. Also what's your mac address.

username: password
password: username

-#&-$/ 6:6:mGu7LMpN8oN/oo_6[t;C]AYxa^jK$)KS\4)'DgbL +&P}s%b!z$MR$ΧĘ|f,onqugඝd!53%3=%8$I||@?[}JwSo>_*$&Msbϋ~Sn0`Mp0@A:r-|q}}s_Fg_qCL6?+ n @ѨG4yyQh#hE=Rw,[c$gv+r:7.OD
K=mXҝBΞ7+wfW)8}q9d7U ZS;R[sIBJBFěD#p"=%+yDzgEAk#
35 7%DFrtbhJt"RvE뜖'2摪魜Զno55x8ak
~}yoFquKd{yxMUfMUJm|uZe:lf4635^(RzCiVc_{2Hu׻!a!';$>R>d_`^gb$$h
\V̉2tc?kHLB6~iVq=

>With WPA2, people would have to be autistic to try to break into your wireless and by that point they deserve to get in
This would take literally seconds to crack on a single GPU

You're retarded and deserve this board

>"O-o-oh, its "Ha7sun3Miku!+2017,' thats capital H, lowercase a, the number seven... "
"Yeah, it's pretty complex, let me type it in for you."
Then you have a talk about security and two days later she asks you about changing it for her.

Also why the fuck do you hang with autists who want to show you YT videos when you're home?

>Hey user, what's your WiFi password? I want to show you this really funny thing on YouTube.
Sure, it is "niggerkiller666" all lowercase.

>You're retarded
How?
Are you implying that what I said was untrue or that it doesn't matter?

anyone with a brain is going to have grapefruit on their wordlist, but you have no idea what you are talking about when it comes to gpu cracking

You can use word lists on a gpu

use your phone faggot

WPA is easy to brute force with simple tech
WPA2 is hard to brute force but is possible. a dictionary attack would get your "grapefruit" farily simply.

WIFI is an easy brute force target, and as such should be your top priority to reduce brute force risk.

And never use WPS as reaver can brute force that even easier than WPA.

>2016
>not using your wifi as a honeypot

I am in awe.

a dictionary attack won't test for all the posible combinations of lowercase, uppercase or number substitutions unless you add them or instruct the program to do it. And that will only make the process longer

>not using WEP

step the fuck up Sup Forums

>not locking the WPS after 2 failed attempts
most APs currently do that

sure, try to convince people to install your CA certificate to be able to decrypt their HTTPS traffic.

>"What's your password user?"
Ionlygivethatto_bitchesthatputout69rim_me_bitch

>having a router that STILL supports WEP in the current year

Mine is helpful4sheeps1nc

I've done exactly what user is talking about and got some fat bitch's facebook password with C&A.

This.

My personal wifi is iliketoeattheshripdesu
my guest wifi is useyourmobiledata

what are captive portals?

bretty gud senpai.

>my guest wifi is useyourmobiledata
kek

>Hey user, what's your WiFi password?

Why? are you too poor too afford data? Why are you even in my house you basic fuck?

>its a decent bit complicated, keep my shit secure.
>here hand me the laptop i can type it in faster myself

this is only a thread because OP wont ever actually be in this situation

>This would take literally seconds to crack on a single GPU

You don't understand how WPA2 works.

>You can use word lists on a gpu

No shit. Why don't you tell us that you can use rainbow tables too?

WiFi name: PrettyFlyForaWifi
Password: Guest

C&A?
what did you do specifically?

>>not locking the WPS after 2 failed attempts
>most APs currently do that

Bullshit. I've reavered too many passwords for that. Even on newer hardware.

>>having a router that STILL supports WEP in the current year

>Getting your Wi-Fi from your router.

What's it like to be poor and dumb?

after how much time?

Go to bed John

Reaver generally works within 30 mins on low end hardware like Belkin and overnight on newer, better hardware like Asus.

The longest was a couple of days for one of those Asus router units that looks like a spider. It would lock out after 10 tries in a minute so I had to add a little delay between tries that it took 62 seconds to hit 10 guesses.

Aircrack and varmascan also work well depending on what your hardware is.

i found some Thomson DSL routers that lock themselves for 1 minute after 3 tries, I don't have much patience and I already have a working network (5 years with the same 22 character password and nobody has broken it)
>overnight on newer, better hardware like Asus
i never thought about that.

Obviously you need a captured handshake first but the time taken to get that has nothing to do with the password strength
And that is exactly how it works, at least for PSK

Seriously, it's not hard to do Wi-Fi right. 802.3at switches are cheap now. Any WAP worth it's salt is PoE. Run one cable to your end point and drop a 2x2:1 WAP. They're cheap and easy to manage. They won't have WPS and a decent password will have a TTL of years. With a little more setup you can use certificate auth which is god damn amazing.

If you don't buy prosumer crap your WAP will support dozens or hundreds of devices, will do band steering, will do soft hands-off, may have an extra antenna for WIPS, may do wireless guest isolation, and may have a bunch of layer 7 protections built in.

This is available at less than $100 per WAP. If you're using a router or something from Best Buy for Wi-Fi you're doing it fucking wrong.

>tfw remembering the days of booting up aircrack and getting the neighbor's WEP wifi password

It's like baby town frolics in here

Password12345

just use diceware

>i found some Thomson DSL routers that lock themselves for 1 minute after 3 tries,

Then you roll Wi-Fi pixie in which does a different kind of attack between reaver attacks, or you use varmascan which let's you attack multiple BSSIDs concurrently. After one attack it moves to the next BSSID in your list. It takes longer but delivers a bunch if passwords.

>I already have a working network (5 years with the same 22 character password and nobody has broken it)

How do you know? What port security, WIPS or SIEM are you running?

>Obviously you need a captured handshake first but the time taken to get that has nothing to do with the password strength
>And that is exactly how it works, at least for PSK

How complex are WPA2 keys?

Niggers1

>tfw was sometimes able to get it done on a bus fast enough to buffer a youtube video completely at a stoplight before going out of range
>tfw did this while riding with friends one time and they were hella impressed I could watch videos on the bus
>tfw those days are over

Enough that it's faster to compute them on a GPU

>Enough that it's faster to compute them on a GPU

How long will it take to brute force a complex WPA2 key with hardware available right now?

Too long for it to be done within a reasonable timeframe but we're only talking about an english dictionary with no upper case or substitutions, not a full on brute force

dildos123 its rememberable and people get a little chuckle when they come round

ññññññññ

the sample key given by op was fucking "grapefruit"

Some times I just use my password generator function to get my password and remember it
function passwordGenerator(desiredLengthofPassword) {
var string = 'abcdefghijklmnopqrstuvwxyz0123456789';
var output = '';
for(var i = 0; i < desiredLengthofPassword; i++) {
var randomization = Math.floor(Math.random() * string.length);
var evenMoreRandom = Math.floor(Math.random() * 10);
if(randomization * evenMoreRandom % 2 == 0) {
output += string[randomization].toUpperCase();
} else {
output += string[randomization];
}
}
return output;
};

"password" but with physical push-button wps

literally uncrackable unless you "elite hacker" physically breaks into my house just to download korean cartoons on my wifi

>Too long for it to be done within a reasonable timeframe but we're only talking about an english dictionary with no upper case or substitutions, not a full on brute force

At no point during a brute force, dictionary or mask attack does a GPU take "literally seconds to crack" a WPA2 password. Not even after you moved the goalpost on my question.

いろとりどりのヒカリ

It's completely meaningless for most people but is easy to remember if you know Japanese

>the sample key given by op was fucking "grapefruit"

Is that word in your dictionary file? How big is your dictionary file? How many words does it have in it?

It takes a long time to get to the middle of your dictionary file, if it's any good.

Are you calculating on the fly or using rainbow tables? Do your tables have a salt?

I don't think you understand...
It may not be seconds, but a decent GPU would have a hashrate fast enough to every word int eh dictionary as fast as it can be read of disk. So not long at all.
And I didn't move no fucking goalpost, my original post was referring to the password "grapefruit"

to try every word in the dictionary*

のほも

ping pong ding dong fung to

>"password" but with physical push-button wps
>literally uncrackable unless you "elite hacker" physically breaks into my house just to download korean cartoons on my wifi

WPS is insecure as fuck. I only have to guess an 8 digit key made up of a four digit key, a three digit key and a sum CRC. You don't have to push the button to attack WPS.

>And I didn't move no fucking goalpost, my original post was referring to the password "grapefruit"

I asked you a very specific question here

>How long will it take to brute force a complex WPA2 key with hardware available right now?

Which you chose not to answer.

So how big is your dictionary file?

>I asked you a very specific question here
But it's completely unrelated to my post that you initially replied to and that's the issue and also why I didn't answer it.
It's irrelevant

I don't have a file on hand but a dictionary containing the word "grapefruit" would not have to be big at all

I live in an apartment and half of my neighbors have WEP. Mind you, they're all elderly, but it's fantastic.

>All those allowed characters
>That character count
I don't need your password, you have other issues.

Enjoy being liable for all the shit you don't see me doing on your obvious honeypot.

Couldn't you just route everything on the network through Tor, though?

>But it's completely unrelated to my post that you initially replied to and that's the issue and also why I didn't answer it.
>It's irrelevant

It's related to your lack of understanding of the goddamned process were discussing. You chose not to answer it because you've got no fucking idea what you're talking about.

>I don't have a file on hand but a dictionary containing the word "grapefruit" would not have to be big at all

A dictionary file is literally a list of words in a file. Why does the word have anything to do with how big the file is?

Small dictionary files are useless unless you know the password is made up of specific words. Good dictionary files have billions of entries that turn into trillions of hashes as you have to guess each letter as both a cap and lowercase. So it may take 200 guesses of the word grapefruit before it got to all lowercase. It can easily take a month to run a dictionary scan. That puts grapefruit, in the middle, at 2 weeks.

Ie not "literally seconds for a GPU to crack".

You'd have to be dumb to run your attack as only lowercase with a small dictionary against a completely unknown password.

>yo dog I heard you like honeypots

niftycream751

Netgear default?
Mine's silkymint003.

It's not what I'm doing going through his device, it's what I'm doing/hosting in the white space or other obfuscated location on his device.

I had something for this

capital I, and spaces just like the phrase.

Yeah. It's so great I refuse to change it.

Anybody here working on something for the Netgear bug bounty that started recently?

>You'd have to be dumb to run your attack as only lowercase with a small dictionary against a completely unknown password
It'd be over so fucking quick that there's no reason not to just try it first. The whole point of my post was that's it's retarded to use a word that would be contained in a dictionary that small and you're to trying to cover up whatever it was that you misunderstood by saying nobody would try it and instead just launch into a month-long attack using the biggest dictionary they could find.
Also, dictionaries are generally ordered by complexity and even in a huge dictionary grapefuit would appear right at the start, all in lower case preceded only by the other dictionary words and common shit like "password"

>donating to this guys rainbow table

Difference between wordlists and rainbow tables?

Do you honestly think manually acquiring two or three entries would actually help someone?

that's so old that someday would be security through obscurity

Actually if you illegally entered, then it's only on you.
If someone goes in your back yard and shoots someone, is it your fault?

88888888 (required eight characters)

>It'd be over so fucking quick that there's no reason not to just try it first. The whole point of my post was that's it's retarded to use a word that would be contained in a dictionary that small and you're to trying to cover up whatever it was that you misunderstood by saying nobody would try it and instead just launch into a month-long attack using the biggest dictionary they could find.
>Also, dictionaries are generally ordered by complexity and even in a huge dictionary grapefuit would appear right at the start, all in lower case preceded only by the other dictionary words and common shit like "password"

Jesus fuck, no. Why do you have little dictionary files that aren't tailored to a target? So that you fail a bunch and have to start new attacks? Grapefruit is near the middle because its 10 letters, not in the front. All your words in your file are lowercase. Your tool adjusts the case as it guesses. Why the fuck would you write the same word 500 times when tool logic can iterate that?

Your audit plan would fail almost every WAP because you're using shitty rules that just happen to cover your target. You'd go into your attack not know if it had caps or not, so to pick lowercase only is fuckdumb. Now you're mad you got called out in a thread where you said stupid shit.

GPU hashing would not clear this in literally seconds.

I see your point, but I disagree with analogy and unless you are specifically and actively looking for my activity I highly doubt you would be able to supply the burden of proof showing it wasn't you, much less attribute it to me.

I would say it's closer to you being a landlord and I'm cooking and selling meth on your property.

Rainbow tables list a precomputed plaintext for every possible hash, dictionaries just list commonly used plaintexts

I assumed you were talking about a dictionary containing complex passwords created from dumps, not just an english language one. In that case it wouldn't be at the start but the dictionary would also be small.
It also doesn't matter how many passwords you may have to try total because dictionary words would be among the first attempts in any decent attack. Most people us lowercase passwords because they are easier to type so it would only make sense to try all loeer case dictionary words first.
Also, WPA passphrases are a minimum of 8 characters long