Hey user, what's your WiFi password? I want to show you this really funny thing on YouTube.
O-o-oh, its "Ha7sun3Miku!+2017,' thats capital H, lowercase a, the number seven...
I think I'll go user...
Why isn't your password 'grapefruit,' Sup Forums? With WPA2, people would have to be autistic to try to break into your wireless and by that point they deserve to get in. Complex passwords for things that aren't publicly accessible are just Asperger tendancies and help keep Sup Forums virginal.
Robert Bailey
"I'd just like to interject for a moment."
Brody Russell
Mudkips2cute
Logan Morales
username: admin password: password
James King
12345678
Carter Gomez
d4895e40919993D874bZe01426
Cooper Jones
>2014+3 >using English for your passwords
Aiden Ramirez
88Q@1K%31me&s1Vk
Jacob Jackson
abadfaddad3141592
Asher Evans
i have a separate ssid and vlan for devices i do not own
Ryder Sullivan
6 letters and 4 numbers that are effectively arbitrary.
Kayden Scott
"Password"
Camden Campbell
Hunter2
Christopher Brown
You should look into breaking WPA2 and you'll see why.
>With WPA2, people would have to be autistic to try to break into your wireless and by that point they deserve to get in This would take literally seconds to crack on a single GPU
Eli Clark
You're retarded and deserve this board
Justin Morgan
>"O-o-oh, its "Ha7sun3Miku!+2017,' thats capital H, lowercase a, the number seven... " "Yeah, it's pretty complex, let me type it in for you." Then you have a talk about security and two days later she asks you about changing it for her.
Also why the fuck do you hang with autists who want to show you YT videos when you're home?
Lucas Sullivan
>Hey user, what's your WiFi password? I want to show you this really funny thing on YouTube. Sure, it is "niggerkiller666" all lowercase.
William Rodriguez
>You're retarded How? Are you implying that what I said was untrue or that it doesn't matter?
Lucas Ward
anyone with a brain is going to have grapefruit on their wordlist, but you have no idea what you are talking about when it comes to gpu cracking
Connor Kelly
You can use word lists on a gpu
Josiah Wilson
use your phone faggot
Ethan Johnson
WPA is easy to brute force with simple tech WPA2 is hard to brute force but is possible. a dictionary attack would get your "grapefruit" farily simply.
WIFI is an easy brute force target, and as such should be your top priority to reduce brute force risk.
And never use WPS as reaver can brute force that even easier than WPA.
Joseph Walker
>2016 >not using your wifi as a honeypot
Ian Johnson
I am in awe.
Colton Adams
a dictionary attack won't test for all the posible combinations of lowercase, uppercase or number substitutions unless you add them or instruct the program to do it. And that will only make the process longer
Elijah Clark
>not using WEP
step the fuck up Sup Forums
Nathaniel Flores
>not locking the WPS after 2 failed attempts most APs currently do that
sure, try to convince people to install your CA certificate to be able to decrypt their HTTPS traffic.
Zachary White
>"What's your password user?" Ionlygivethatto_bitchesthatputout69rim_me_bitch
Liam Stewart
>having a router that STILL supports WEP in the current year
Jordan Rogers
Mine is helpful4sheeps1nc
Robert Rodriguez
I've done exactly what user is talking about and got some fat bitch's facebook password with C&A.
Matthew Bell
This.
My personal wifi is iliketoeattheshripdesu my guest wifi is useyourmobiledata
Jackson Lopez
what are captive portals?
Alexander Jenkins
bretty gud senpai.
Nathaniel James
>my guest wifi is useyourmobiledata kek
Daniel Young
>Hey user, what's your WiFi password?
Why? are you too poor too afford data? Why are you even in my house you basic fuck?
Adrian Green
>its a decent bit complicated, keep my shit secure. >here hand me the laptop i can type it in faster myself
this is only a thread because OP wont ever actually be in this situation
Daniel Nelson
>This would take literally seconds to crack on a single GPU
You don't understand how WPA2 works.
Elijah Edwards
>You can use word lists on a gpu
No shit. Why don't you tell us that you can use rainbow tables too?
Ryan James
WiFi name: PrettyFlyForaWifi Password: Guest
Gavin Lee
C&A? what did you do specifically?
Juan Russell
>>not locking the WPS after 2 failed attempts >most APs currently do that
Bullshit. I've reavered too many passwords for that. Even on newer hardware.
Jacob Cook
>>having a router that STILL supports WEP in the current year
>Getting your Wi-Fi from your router.
What's it like to be poor and dumb?
Luke Gonzalez
after how much time?
Sebastian Kelly
Go to bed John
Hunter Nelson
Reaver generally works within 30 mins on low end hardware like Belkin and overnight on newer, better hardware like Asus.
The longest was a couple of days for one of those Asus router units that looks like a spider. It would lock out after 10 tries in a minute so I had to add a little delay between tries that it took 62 seconds to hit 10 guesses.
Aircrack and varmascan also work well depending on what your hardware is.
Nathan Mitchell
i found some Thomson DSL routers that lock themselves for 1 minute after 3 tries, I don't have much patience and I already have a working network (5 years with the same 22 character password and nobody has broken it) >overnight on newer, better hardware like Asus i never thought about that.
Ethan Long
Obviously you need a captured handshake first but the time taken to get that has nothing to do with the password strength And that is exactly how it works, at least for PSK
Julian Lee
Seriously, it's not hard to do Wi-Fi right. 802.3at switches are cheap now. Any WAP worth it's salt is PoE. Run one cable to your end point and drop a 2x2:1 WAP. They're cheap and easy to manage. They won't have WPS and a decent password will have a TTL of years. With a little more setup you can use certificate auth which is god damn amazing.
If you don't buy prosumer crap your WAP will support dozens or hundreds of devices, will do band steering, will do soft hands-off, may have an extra antenna for WIPS, may do wireless guest isolation, and may have a bunch of layer 7 protections built in.
This is available at less than $100 per WAP. If you're using a router or something from Best Buy for Wi-Fi you're doing it fucking wrong.
Luke Kelly
>tfw remembering the days of booting up aircrack and getting the neighbor's WEP wifi password
Ian Parker
It's like baby town frolics in here
Asher Sullivan
Password12345
Jack Carter
just use diceware
Matthew Johnson
>i found some Thomson DSL routers that lock themselves for 1 minute after 3 tries,
Then you roll Wi-Fi pixie in which does a different kind of attack between reaver attacks, or you use varmascan which let's you attack multiple BSSIDs concurrently. After one attack it moves to the next BSSID in your list. It takes longer but delivers a bunch if passwords.
>I already have a working network (5 years with the same 22 character password and nobody has broken it)
How do you know? What port security, WIPS or SIEM are you running?
Austin Harris
>Obviously you need a captured handshake first but the time taken to get that has nothing to do with the password strength >And that is exactly how it works, at least for PSK
How complex are WPA2 keys?
Jack Martin
Niggers1
Leo Sanchez
>tfw was sometimes able to get it done on a bus fast enough to buffer a youtube video completely at a stoplight before going out of range >tfw did this while riding with friends one time and they were hella impressed I could watch videos on the bus >tfw those days are over
Mason Jackson
Enough that it's faster to compute them on a GPU
Logan Reed
>Enough that it's faster to compute them on a GPU
How long will it take to brute force a complex WPA2 key with hardware available right now?
Adam Miller
Too long for it to be done within a reasonable timeframe but we're only talking about an english dictionary with no upper case or substitutions, not a full on brute force
Matthew Davis
dildos123 its rememberable and people get a little chuckle when they come round
Eli Edwards
ññññññññ
Hudson Johnson
the sample key given by op was fucking "grapefruit"
Kayden Jones
Some times I just use my password generator function to get my password and remember it function passwordGenerator(desiredLengthofPassword) { var string = 'abcdefghijklmnopqrstuvwxyz0123456789'; var output = ''; for(var i = 0; i < desiredLengthofPassword; i++) { var randomization = Math.floor(Math.random() * string.length); var evenMoreRandom = Math.floor(Math.random() * 10); if(randomization * evenMoreRandom % 2 == 0) { output += string[randomization].toUpperCase(); } else { output += string[randomization]; } } return output; };
Jaxson Nguyen
"password" but with physical push-button wps
literally uncrackable unless you "elite hacker" physically breaks into my house just to download korean cartoons on my wifi
Josiah Cook
>Too long for it to be done within a reasonable timeframe but we're only talking about an english dictionary with no upper case or substitutions, not a full on brute force
At no point during a brute force, dictionary or mask attack does a GPU take "literally seconds to crack" a WPA2 password. Not even after you moved the goalpost on my question.
Joseph Martinez
いろとりどりのヒカリ
It's completely meaningless for most people but is easy to remember if you know Japanese
Bentley Green
>the sample key given by op was fucking "grapefruit"
Is that word in your dictionary file? How big is your dictionary file? How many words does it have in it?
It takes a long time to get to the middle of your dictionary file, if it's any good.
Are you calculating on the fly or using rainbow tables? Do your tables have a salt?
Jason Bell
I don't think you understand... It may not be seconds, but a decent GPU would have a hashrate fast enough to every word int eh dictionary as fast as it can be read of disk. So not long at all. And I didn't move no fucking goalpost, my original post was referring to the password "grapefruit"
Mason Foster
to try every word in the dictionary*
Cameron Torres
のほも
Jackson Bennett
ping pong ding dong fung to
Benjamin Gray
>"password" but with physical push-button wps >literally uncrackable unless you "elite hacker" physically breaks into my house just to download korean cartoons on my wifi
WPS is insecure as fuck. I only have to guess an 8 digit key made up of a four digit key, a three digit key and a sum CRC. You don't have to push the button to attack WPS.
>And I didn't move no fucking goalpost, my original post was referring to the password "grapefruit"
I asked you a very specific question here
>How long will it take to brute force a complex WPA2 key with hardware available right now?
Which you chose not to answer.
So how big is your dictionary file?
Asher Roberts
>I asked you a very specific question here But it's completely unrelated to my post that you initially replied to and that's the issue and also why I didn't answer it. It's irrelevant
I don't have a file on hand but a dictionary containing the word "grapefruit" would not have to be big at all
Adam Adams
I live in an apartment and half of my neighbors have WEP. Mind you, they're all elderly, but it's fantastic.
Anthony Perez
>All those allowed characters >That character count I don't need your password, you have other issues.
Josiah Perry
Enjoy being liable for all the shit you don't see me doing on your obvious honeypot.
Daniel Baker
Couldn't you just route everything on the network through Tor, though?
Dylan Thompson
>But it's completely unrelated to my post that you initially replied to and that's the issue and also why I didn't answer it. >It's irrelevant
It's related to your lack of understanding of the goddamned process were discussing. You chose not to answer it because you've got no fucking idea what you're talking about.
>I don't have a file on hand but a dictionary containing the word "grapefruit" would not have to be big at all
A dictionary file is literally a list of words in a file. Why does the word have anything to do with how big the file is?
Small dictionary files are useless unless you know the password is made up of specific words. Good dictionary files have billions of entries that turn into trillions of hashes as you have to guess each letter as both a cap and lowercase. So it may take 200 guesses of the word grapefruit before it got to all lowercase. It can easily take a month to run a dictionary scan. That puts grapefruit, in the middle, at 2 weeks.
Ie not "literally seconds for a GPU to crack".
You'd have to be dumb to run your attack as only lowercase with a small dictionary against a completely unknown password.
Ryan Gonzalez
>yo dog I heard you like honeypots
Jaxson Adams
niftycream751
Zachary Ortiz
Netgear default? Mine's silkymint003.
Evan Wilson
It's not what I'm doing going through his device, it's what I'm doing/hosting in the white space or other obfuscated location on his device.
Alexander Howard
I had something for this
capital I, and spaces just like the phrase.
Xavier Clark
Yeah. It's so great I refuse to change it.
Ryder Martin
Anybody here working on something for the Netgear bug bounty that started recently?
Joshua Russell
>You'd have to be dumb to run your attack as only lowercase with a small dictionary against a completely unknown password It'd be over so fucking quick that there's no reason not to just try it first. The whole point of my post was that's it's retarded to use a word that would be contained in a dictionary that small and you're to trying to cover up whatever it was that you misunderstood by saying nobody would try it and instead just launch into a month-long attack using the biggest dictionary they could find. Also, dictionaries are generally ordered by complexity and even in a huge dictionary grapefuit would appear right at the start, all in lower case preceded only by the other dictionary words and common shit like "password"
Jaxon Morales
>donating to this guys rainbow table
John Wood
Difference between wordlists and rainbow tables?
Evan Nelson
Do you honestly think manually acquiring two or three entries would actually help someone?
Asher Rodriguez
that's so old that someday would be security through obscurity
Benjamin Gutierrez
Actually if you illegally entered, then it's only on you. If someone goes in your back yard and shoots someone, is it your fault?
Joshua Nguyen
88888888 (required eight characters)
Isaac Turner
>It'd be over so fucking quick that there's no reason not to just try it first. The whole point of my post was that's it's retarded to use a word that would be contained in a dictionary that small and you're to trying to cover up whatever it was that you misunderstood by saying nobody would try it and instead just launch into a month-long attack using the biggest dictionary they could find. >Also, dictionaries are generally ordered by complexity and even in a huge dictionary grapefuit would appear right at the start, all in lower case preceded only by the other dictionary words and common shit like "password"
Jesus fuck, no. Why do you have little dictionary files that aren't tailored to a target? So that you fail a bunch and have to start new attacks? Grapefruit is near the middle because its 10 letters, not in the front. All your words in your file are lowercase. Your tool adjusts the case as it guesses. Why the fuck would you write the same word 500 times when tool logic can iterate that?
Your audit plan would fail almost every WAP because you're using shitty rules that just happen to cover your target. You'd go into your attack not know if it had caps or not, so to pick lowercase only is fuckdumb. Now you're mad you got called out in a thread where you said stupid shit.
GPU hashing would not clear this in literally seconds.
Bentley Reed
I see your point, but I disagree with analogy and unless you are specifically and actively looking for my activity I highly doubt you would be able to supply the burden of proof showing it wasn't you, much less attribute it to me.
I would say it's closer to you being a landlord and I'm cooking and selling meth on your property.
Christopher Bell
Rainbow tables list a precomputed plaintext for every possible hash, dictionaries just list commonly used plaintexts
I assumed you were talking about a dictionary containing complex passwords created from dumps, not just an english language one. In that case it wouldn't be at the start but the dictionary would also be small. It also doesn't matter how many passwords you may have to try total because dictionary words would be among the first attempts in any decent attack. Most people us lowercase passwords because they are easier to type so it would only make sense to try all loeer case dictionary words first. Also, WPA passphrases are a minimum of 8 characters long