NEW: We have a Discord server now. Click here to go there now!

NOTE: Why not use our List Manager to crack your lists? Its easy and enables better management.

NOTE: When cracking WPA/WPA2 passwords, make sure you check first incase it's already been processed.

Home - Wireless Cracking - [NOOB] How do wordlists actually work?

2 Results - Page 1 of 1 -
Author Message

Status: n/a
Joined: Thu, 14 Jan 2016
Posts: 3
Reputation: 0 Reputation
Thu, 14 Jan 2016 @ 13:20:00

Hello all!

First post here, so firstly want to say hello and also this may be a bit of a noob post, apologies if so...

So Ive recently been getting into the world of Kali, and finding it absolutely fascinating; Ive set myself the task of WPA2 cracking.

Im now at the stage when all the tools Ive tried (reaver, wifite, mdk3, revdk3, pixiewps) havent worked for one reason or another, and Ive come to the conclusion I need to start using wordlists - upon googling I found you guys!

Basically, from the research Ive done, I've found the charset of all the routers Im interested in (, and I guess I could use crunch to generate word lists.

Any advice for a noob would be much appreciated...

1) Is this the most efficient way of doing it?
2) What do you guys use?
3) Is there a way to generate words on the fly, so that I don't have to take up Gb's of disk space, but feed them in one by one?

and for the most noob question of them all:

4) What is actually happening here. Is the process basically on a packet a hash was generated using the contents of the packet. We captured the packet from the handshake, but where does the hash actually come into it? It seems like a math problem (i.e. can be solved using pen and paper)

Thanks very much,


Status: Trusted
Joined: Sun, 07 Sep 2014
Posts: 454
Reputation: 573 Reputation
Sat, 16 Jan 2016 @ 03:00:12

Hmm nobody stepped up so I suppose I will give you some advice.
1) No generating a wordlist in the instance would not be the best way for reasons stated in question 3)
2) most of the people here use Hashcat / oclHashcat, there are other tools John The ripper, MDXfind, etc. but the vast majority use hashcat.
3) Most cracking tools utilize Masks. Masks are basically placeholders for tools to convert into a standard Bruteforce.
I.E. a mask of ?d?d?d?d?d in hashcat would output (below) until all combinations are exhausted.

4) There are plenty of articles out there explaining exactly how wpa encryption works have a good googleing session and im sure you will come up with something explaining it far better than I ever could.

2 Results - Page 1 of 1 -

We have a total of 212138 messages in 26015 topics.
We have a total of 23009 registered users.
Our newest registered member is Francescafalk.