WPA2 Hash Crack

[a8474]

Hi,

I'm having trouble cracking a WPA2 .hccap file. I have captured the handshake and have been bruteforcing it for almost 3 days now.

Unfortunatley, my built-in Intel I3 Graphics aren't powerful enough to even dint the hash.

I would appreciate any help given.

As I am unsure if already attacking the hash affected the integrity of the file, I have recaptured the handshake.

Thank you in advance.

 

[purelogic]

Virgin Media Super Hub 3 VMDG505

Not like the regular Virgin Media Hubs

Passphrase is 12 characters, with a mixture of uppercase, lowercase alpha and digits :\:

 

[a8474]

Hi,

Uh oh. Sounds impossible! Looks like no one is cracking my Wifi :D

 

[a8474]

How long would it take someone to do it with a dedicated cracking machine?

 

[purelogic]

How long would it take someone to do it with a dedicated cracking machine?

Something in the region of half a million years

Maybe a quarter of a million years if they got lucky :D

 

[a8474]

Good god. Safe and sound hahaha

 

[purelogic]

Good god. Safe and sound hahaha

I did exaggerate a bit :)

There is some pattern to the passphrases used
They are a research project of mine at the moment

I have a cryptographic break on them, but that is not the same as a practical break

Still well out of reach for now :(

 

[wtb9001gtx1080ti]

The most complex passwords you can generally PAY someone to attempt are: 8 Character (mixed Alpha + Digits) 9 Character Hex Upper (or lower) with digits. , Even then we're talking about a looooooong time. Time varies by hardware of course.

But yeah, your only chance with those is to find a router flaw in WPS or something, or hope they have changed that very secure default PSK to a much weaker dictionary word or something found in a common wordlist.

 

[purelogic]

But yeah, your only chance with those is to find a router flaw in WPS or something

Had a good couple of years or so with WPS flaws before Reaver was released by
Tactical Network Solutions and all the copycats followed on.

Those tools in the wild sent siesmic shockwaves through both the Wifi-Alliance and
most of the router manufacturers and nearly all of them have now plugged WPS, or
just disabled the External Registrar part completely

I rarely even bother checking WPS any more on modern routers

 

[wtb9001gtx1080ti]

I rarely even bother checking WPS any more on modern routers

Quite a couple of the keygens for many routers still work: https://hashcat.net/forum/thread-6170.html

My apologies if I am not allowed to link out of the site, but I couldn't find that in the rules.

With those keygens I managed to get quite a few PSKs. I just wish I could get this keygen into a script. I've tried everything but I can't get it to work... :(

Reversing D-Link’s WPS Pin Algorithm – /dev/ttyS0

 

[purelogic]

Quite a couple of the keygens for many routers still work

I don't consider router WPS PINs being vulnerable to keygens to be a flaw in WPS

They are just a general router implementation flaw

But, yes, still can be useful as part of a pentest, of course :)