Found out some faggot hacked into my wifi.
My original password was similar to: eatshit333
Changed it to: de34rfg5
Also changed my SSID
How long would it take someone to crack the new password if Im using WPA/WPA2?
Found out some faggot hacked into my wifi.
My original password was similar to: eatshit333
Changed it to: de34rfg5
Also changed my SSID
How long would it take someone to crack the new password if Im using WPA/WPA2?
Other urls found in this thread:
I doubt he brute-forced it, there might be an exploit for your router. In such case he will do it again and it won't take long. Have you updated the router's firmware?
nope. not a big fan of having to update firmware. always paranoid something will fuck up.
router is a SmartRg 505n, do you know of any exploits for it. i have an old WRT54g that i am going to flash and i will probably put the 505n into bridge mode.
About 0.7328 seconds if it's in the wordlist
I don't know much about this stuff, but there are databases of known exploits and tools that use them, so in theory you could test it yourself. Still, just updating regularily is a safe and eady option. If they keep getting into your network, reduce your signal strengths or switch to cables altogether.
how long would "de34rfg5" take?
those are both really shit passwords, look up diceware - it's perfect for this application
coincidentally the second is far easier to brute force
why do you doubt that? brute forcing wpa2 can be done entirely passively on your local machine
It was not in any of my wordlists so maybe you'll get lucky.
[spoiler]You should generate a random 16+ character string and write it down on paper[/spoiler]
How accurate is the xkcd's secure memorable passwords?
100%
do special characters work with WPA/WPA2?
(!@#$%^&*)?
yes
Of course. Just generate a password for your wifi with KeePassX
oh nice! i guess that is a /thread for me
ill just use one with a similar structure to the one my bank forces me to use.
How long would it take?
Not long when he knows you visit Sup Forums and comes here to read your new password that you've posted for the world and its dog.
No seriously, generate a 16+ character password with a secure opensource password manager (KeePassX) it's more secure than anything you'd think up. The only thing more secure would be diceware with 6+ words I guess.
how will he know that when i already kicked him off?
dont feel like having to input such a long thing into my wifi printer but i will get around to it.
what advantage does keepass or diceware have over just randomly inputting 16+ chars myself?
What if he isn't getting on your wifi via password? What if he's already backdoored your entire router rendering changing the password completely useless.
A password generator / diceware is about a billion times closer to "true" randomness than our brains could ever get, making passwords much much harder to brute force or guess. Diceware is probably better for you if you want to use it on your printer, because you'd just have 6 or so words that the dice chose, so it's easy to remember
So is nobody going to mention that he probably used reaver to get your WPS pin? Try disabling WPS.
WPA2-EAP with TLS Certs!
WPS was already disabled.
>you'd just have 6 or so words that the dice chose, so it's easy to remember
couldnt i just go to urban dictionary and get 6 random words?
8 characters take less than a day with a top-end GPU I think
use something longer
I mean yeah, you could just do something like go to wikipedia and click random article a few times and use those for your password
>"""generate""""
>""""""""""random""""""""""
if a machine generates it, it can't be random
He exploited the WPS of your router. Disable it or better buy a router without it.
WPS was disabled
Instead of going to some shady website to generate a "strong" password. Just go to your python shell and type this:
import random
print ("".join(["abcdefghijklmnopqrstuvwxyz1234567890!?."[random.randint(0,38)] for i in range(12)]))
Disabling WPS doesn't make it unexploitable. Buy a new router without WPS
going to bridge my ISP router and use DDWRT once i dig my WRT54G out of storage and flash it.
Just do a factory reset
yes it does
turn off WPS, then never
>password is dankmemes
>use mac filter
>disabled ssid broadcast
>disable dhcp
>never been hacked
Clearly because none tried, I could get access in 10min tops
good luck my ip is 192.168.1.1
with [a-z]{5,12}[0-9]{1,4} it would be dead easy to crack with a cheap gpu and oclhashcat. Presuming he grabbed the 4-way handshake. And that leaves it to offline cracking.
So chances are easy/to medium difficulty.
With wps-pixie, it can be cracked in under a few seconds.
Is WPS off?
Probably not.
WPS was disabled at the time. FFS you are the third person I have had to tell this to.
Then read the other portion.
4 way handshake -> GPU cracking, easy password template. An oclhashcat prince attack would have done nicely in the scenario.
MAC filter is entirely useless for wireless, I hope you know that
>oclhashcat prince attack
How to into this? After reading up on it this seems interesting.
The fact that he did all that so you would know he was there instead of keeping it on the down low shows he's not a real hacker. Any skiddy can use wifite or fern to crack a weak key but few will actually try to go after the machines on the network.
been 50 minutes now faggot and still not hacked
>>>>>>>>>>>Thiiiiiiiiiiiiiissss
if(user == paranoid){
password.length() >= 14;
}
I use a zener HWRNG, faggot.
Pixie is a meme. I've used wash to find at least 10 APs that I used it on and it fails every time.
It's much easier to just sit and passively sniff with airodump. Eventually someone will pop on the network and you'll get the handshake or you can run a de auth attack and boot someone off if you aren't terribly concerned about them noticing a brief service interruption.
Even on at top end password cracker it would take over a year to brute force an 8 character WPA password. More likely they got physical access to the device and that was their way in.
OP here, I am a fucking idiot.
I just remember that about 2 weeks ago a friend brought over one of his clients computers for me to look at because his computer was acting funny and would not power on 100% of the time. Finally got the computer to cooperate and then I connected it to my wifi.
Not sure why the computer was still on my DHCP client list but I am pretty sure that was the computer because it was a mid tower and the host name of the suspected leech had the word "tower" in it.
Maybe not. There are cracking services out there that use server farms to crack it in like a few hours. But you gotta pay.
Encode it into base64.
you actually changed it to something shorter
wew lad
stop spreading bullshit
so you are just going to compare function return value and then do nothing? genius
it was all pointless
see this
and my neighbors never seemed like the l337 haxor type anyways.
Thanks for telling me your new password.
As for it failing, then I can only say you're either failing to use reaver/bully/pixiewps commands correctly. Or there user vulnerable around you.
But it works.
Look on youtube for tutorials. It's a bit more involved but it generally works like this: it creates a statistical template for passwords. OP's password falls under more conventional ones. All you'd have to do is something like [a-z]{5-11}[0-9]{1,4} and poof, it'll work.
GPU cracking is nothing to scoff at
congratulations kiddo! have fun walking around the earth looking for the AP that it works with.
you passwords are both weak you need something long and random
>Changed it
you retard, you should have fucked with him.
reroute all his HTTP images to goatse, all his porn to scat, then inject JS like this dude did youtube.com
it was a false alarm
see this
but the first thing that came to mind when i saw that unknown client was "reeeeee some guy is going to get me v&'ed!!!!" and i immediately reboot my router and changed my SSID and password.
cant tell if troll or retarded
Just do what I did and set up an authoritative DNS server that serves up lemonparty.org no matter what site you try to go to.
>i immediately reboot my router and changed my SSID and password
Good idea OP that sure should show FBI who's the boss
cant tell if troll or retarded
how else would you expect someone to boot a leech off their network? you fucking nigger.
As far as I know, it's just more likely that somebody found an exploit than devoted a lot of time and computing power to cracking a private wifi network
I'm going to ask here because I cannot for the life of me figure out how to do this.
I've discovered that my router uses a rather simplistic default password, it uses a format like this:
Adjective + Noun + 3 Digits (e.g. ‘manywrestler493’)
I've been trying to crack the handshake using hashcat. I've got an adjective dictionary, and a noun dictionary. I can successfully get hashcat to check every combination of the two dictionaries using combinator mode, but I’m not sure how to tell it to brute force the last three digits. If I try to use a rule set it complains that rules can only be used in attack mode 0. I think maybe I might have to combine the two dictionaries outside of hashcat, and then use attack mode 0 instead of attack mode 1. Can anyone either help me get hashcat to behave how I want, or help with combining the two dictionaries?
Sorry to ask stupid questions, Google has failed me.
sorry, i meant:
class paranoidAnon{
static void anonPwd(String str){
if(anonaPwd.length() < 14){
System.out.println("nope");
}
else{
System.out.println("Seriously, just
download KeePassX and generate
a pwd; it is not *truly* random, but it
is a great pwd manager and you can
generate and store 40 char complex
pwds easily.");
}
}
}
call as needed?
fuuuuuu! muh 4mattin!
Create a dictionary for the three digits. It is only a 1000 combinations anyway.
Hashcat only lets you use two dictionaries at once.
Was it actually off or is your router one of the shitty ones that don't actually disable it when it's off?