Seeking advice on WiFi hacking.
- Thread starter hashcattony
- Start date
hashhunting
Member
I am not an expert but Hashcat seems to be #1 choice. there is also John the Ripper.
hashcattony
Active member
***Moved from another thread***
Is there a script that works with hashcat to crack passwords with a length of 8?
Limit the maximum number of consecutive occurrences of the same character to 3.
Limit the maximum number of occurrences of the same character to 2.
Is there a script that works with hashcat to crack passwords with a length of 8?
Limit the maximum number of consecutive occurrences of the same character to 3.
Limit the maximum number of occurrences of the same character to 2.
Last edited by a moderator:
FiosFiend
Active member
There are not really any such thing as “vulnerabilities” for hashes, since a hash is just a string of characters and there is no code to exploit. Likely what you’re thinking about is when we know the algorithm that generates default passwords for a particular model. There are a few tools to help with this such as IMEIgen and routerkeygenPC by @RealEnder. There is also the Default WPA Keyspace thread on here that has known keyspaces and the Keygens @drsnooker has found.
Again, none of these actually exploit any code on the router itself, though those exploits do exist, they are not the focus of this forum. The way the tools that I linked work is typically by building a much smaller, targeted dictionary based on how the default keys are generated. If the device you are interested in is not listed, the tools are unlikely to be successful.
As @hashhunting pointed out, Hashcat and John the Ripper are the tools that most people here use. When a user on here successfully cracks a capture, it comes from knowing the default keyspace, or running a wordlist + rules for user defined passwords.
If you have any other questions let us know and we'll do the best to answer them.
Again, none of these actually exploit any code on the router itself, though those exploits do exist, they are not the focus of this forum. The way the tools that I linked work is typically by building a much smaller, targeted dictionary based on how the default keys are generated. If the device you are interested in is not listed, the tools are unlikely to be successful.
As @hashhunting pointed out, Hashcat and John the Ripper are the tools that most people here use. When a user on here successfully cracks a capture, it comes from knowing the default keyspace, or running a wordlist + rules for user defined passwords.
If you have any other questions let us know and we'll do the best to answer them.
hashcattony
Active member
Thank you for your reply.
hashcattony
Active member
| ATTxxxxxxx | a-z symbols | 12 |
This type of password cracking requires the use of that script.
FiosFiend
Active member
| ATTxxxxxxx | a-z symbols | 12 |
This line is simply telling you for the SSID with the pattern ATTxxxxxxx the default keyspace is 12 characters long and can be a-z + symbols. However this info is slightly wrong, and the actual keyspace is digits 2-9, characters a-z (except 'o' and ‘l’), and symbols #%+=?]. This info is what is required to run a complete brute force against the capture. The hashcat command would look like
hashcat -m 22000 -a 3 ATThash.txt -1 "23456789abcdefghijkmnpqrstuvwxyz#%+=?” “?1?1?1?1?1?1?1?1?1?1?1?1”
Hopefully this helps you understand how to use the information on the default keyspace table. However a 12 character long password comprised of 37 possible characters will take a very long time to brute force.
You can try PSKracker by @soxrok2212, if that device happens to be nvg589 or nvg599 then it might work for you. You can pipe the output of that tool directly to hashcat using the following command
pskracker -t nvg589 | hashcat -m 22000 -a 3 ATThash.txt -
pskracker -t nvg599 | hashcat -m 22000 -a 3 ATThash.txt -
*note: In the above examples, your WPA hash would be in a text file named ATThash.txt
FiosFiend
Active member
I don’t know how to do this directly with hashcat. I am not great with hashcat rules myself, but there are some people out there that are absolutely wizards with rule files.
My approach would be to have AI help me with a python script that generates the desired dictionary. You can also ask AI to use parallelization for speed and write to the file frequently to make it memory efficient. Running hashcat from the generated dictionary should be faster than having hashcat produce the candidates. Depending on your keyspace constraints, the resulting dictionary could be quite large. I would suggest you ask AI to add a size calculation to the script, and prompt the user to confirm before proceeding.