NOTE: When cracking WPA/WPA2 passwords, make sure you check gpuhash.me first incase it's already been processed.

Home - Wireless Cracking - Orange Routers


18 Results - Page 1 of 1 -
1
Author Message
Avatar
blandyuk
Admin / Owner
Status: Trusted
Joined: Tue, 05 Jul 2011
Posts: 3033
Team: HashKiller
Reputation: 4060 Reputation
Offline
Fri, 19 Aug 2011 @ 13:41:55

OK, got some settings off an original Orange router:

Code:
SSID   : Orange977de3
WPA Key: 7dcb5343
Serial : 2f5217b006e10

-
edited by blandyuk on 10/10/2012


Please read the forum rules | Please read the paid section rules
I accept private hash lists, with forum donations only.
BTC: 15qF9WUeFUD63ishxyAMiEgGqTcYzk4j9b
GPU Power: 9x GTX 1070 + 4x GTX 1080

Avatar
Hash-IT

Status: Trusted
Joined: Tue, 02 Aug 2011
Posts: 4598
Team: HashKiller
Reputation: 3003 Reputation
Offline
Fri, 19 Aug 2011 @ 14:40:00

Great work, thanks for sharing !

Is that a WEP or WPA key ?

I nearly got us genuine TalkTalk details last weekend by buying a router at a boot sale. I only wanted it for the details !!


Please read the forum rules. | Please read the paid section rules.

BTC: 1MmWESN5bKZ1YSuHrm5uNwnQYxWyQnEQ6E

Avatar
blandyuk
Admin / Owner
Status: Trusted
Joined: Tue, 05 Jul 2011
Posts: 3033
Team: HashKiller
Reputation: 4060 Reputation
Offline
Fri, 19 Aug 2011 @ 15:38:52

Updated last post, it's WPA.


Please read the forum rules | Please read the paid section rules
I accept private hash lists, with forum donations only.
BTC: 15qF9WUeFUD63ishxyAMiEgGqTcYzk4j9b
GPU Power: 9x GTX 1070 + 4x GTX 1080

Avatar
blandyuk
Admin / Owner
Status: Trusted
Joined: Tue, 05 Jul 2011
Posts: 3033
Team: HashKiller
Reputation: 4060 Reputation
Offline
Wed, 12 Oct 2011 @ 23:47:48

We can actually use oclhashcat-plus with the mask-processor app to brute-force WPA/WPA2. My 4 x HD5870s OC gets around 400000/sec:

Key: [0-9][a-f] or [0-9][A-F]
Length: 8
(16 ^ 8) = 4294967296 possible combinations.
4294967296 / 400000 = 3 hrs max crack time.


Key: [0-9]
Length: 10
(10 ^ 10) = 10000000000 possible combinations.
10000000000 / 400000 = 7 hrs max crack time.

-
edited by blandyuk on 10/10/2012


Please read the forum rules | Please read the paid section rules
I accept private hash lists, with forum donations only.
BTC: 15qF9WUeFUD63ishxyAMiEgGqTcYzk4j9b
GPU Power: 9x GTX 1070 + 4x GTX 1080

Avatar
blandyuk
Admin / Owner
Status: Trusted
Joined: Tue, 05 Jul 2011
Posts: 3033
Team: HashKiller
Reputation: 4060 Reputation
Offline
Wed, 02 Nov 2011 @ 14:35:21

Updated my last post as oclHashcat-plus can brute-force WPA/WPA2

ochHashcat-plus command-line:

mp64 -1 ?dabcdef ?1?1?1?1?1?1?1?1 | oclHashcat-plus64 -m 2500 -n 160 -o wpa.txt wpa.hccap

-
edited by blandyuk on 10/10/2012


Please read the forum rules | Please read the paid section rules
I accept private hash lists, with forum donations only.
BTC: 15qF9WUeFUD63ishxyAMiEgGqTcYzk4j9b
GPU Power: 9x GTX 1070 + 4x GTX 1080

Avatar
Hash-IT

Status: Trusted
Joined: Tue, 02 Aug 2011
Posts: 4598
Team: HashKiller
Reputation: 3003 Reputation
Offline
Tue, 12 Feb 2013 @ 11:27:58

Thanks for keeping these threads updated Blandy

I have noticed that Orange now use Brightbox routers. The only clue to the password is a photograph of one of these routers with the password &quothorse-duck-dog&quot on it.

I would really appreciate anyone with one of these routers to confirm that is the password type. I have made a custom list with only animals in that format bit no luck yet I am wondering if they use colors or other words now ?


Please read the forum rules. | Please read the paid section rules.

BTC: 1MmWESN5bKZ1YSuHrm5uNwnQYxWyQnEQ6E

Avatar
blandyuk
Admin / Owner
Status: Trusted
Joined: Tue, 05 Jul 2011
Posts: 3033
Team: HashKiller
Reputation: 4060 Reputation
Offline
Tue, 12 Feb 2013 @ 11:38:17

I just noticed an Orange router in range of my house lol

SSID: Orange5B81E5

More of a technical exercise really to see if the default key is still in place. Should take me just over 2 hrs to crack but I need hand-shake first. Will keep u updated.


Please read the forum rules | Please read the paid section rules
I accept private hash lists, with forum donations only.
BTC: 15qF9WUeFUD63ishxyAMiEgGqTcYzk4j9b
GPU Power: 9x GTX 1070 + 4x GTX 1080

Avatar
Hash-IT

Status: Trusted
Joined: Tue, 02 Aug 2011
Posts: 4598
Team: HashKiller
Reputation: 3003 Reputation
Offline
Tue, 12 Feb 2013 @ 11:46:00

blandyuk said:

More of a technical exercise really to see if the default key is still in place.

It's nice to see a community spirited person such as yourself providing free penetration testing service for your neighbors ! Shame there aren't more generous people like you around

Yes please keep us updated


Please read the forum rules. | Please read the paid section rules.

BTC: 1MmWESN5bKZ1YSuHrm5uNwnQYxWyQnEQ6E

Avatar
blandyuk
Admin / Owner
Status: Trusted
Joined: Tue, 05 Jul 2011
Posts: 3033
Team: HashKiller
Reputation: 4060 Reputation
Offline
Wed, 20 Feb 2013 @ 23:14:04

OK, didn't get the Orange router I wanted as no devices connected BUT I did &quotdrive&quot around and get 5 others of varying manufacturers:

Code:
BTHomeHub2-RMST - [0-9a-f] Len: 10
Livebox-0E38 - Think this one is long!
Orange-d9ffec - [0-9a-f] Len: 8
TALKTALK-11D7F0 - [0-9A-Z] Len: 8
Thomson75B007 - [0-9a-f] Len: 10

I will be adding these to the distributed HashcatGUI ONCE the default keyspace is specified. I've done the Orange one already. TalkTalk key was figured out by their own helpful video, 1 min 18 secs in

http://help2.talktalk.co.uk/broadband-wireless/wireless-connection-setup

I'm also buying another wifi adapter which has an aerial for better reception. I do have one already but it's doesn't support monitoring mode! The aerial is a normal screw-in one and I have a larger aerial which a much higher gain so will be interesting.

This is the one I've got and I know it will work as I have borrowed one from a mate and tried. Manufacturer is MicroNEXT. If u are thinking of buying a wifi adapter, get this one, will work a treat with Backtrack 5

http://www.ebay.co.uk/itm/180657980893?ssPageName=STRK:MEWAX:IT&_trksid=p3984.m1423.l2648

-
edited by blandyuk on 20/02/2013


Please read the forum rules | Please read the paid section rules
I accept private hash lists, with forum donations only.
BTC: 15qF9WUeFUD63ishxyAMiEgGqTcYzk4j9b
GPU Power: 9x GTX 1070 + 4x GTX 1080

Avatar
Hash-IT

Status: Trusted
Joined: Tue, 02 Aug 2011
Posts: 4598
Team: HashKiller
Reputation: 3003 Reputation
Offline
Thu, 21 Feb 2013 @ 00:10:12

This is what you need...
http://www.amazon.com/TP-Link-2-4GHz-Parabolic-Antenna-ANT2424B/dp/B005BT6SS8

Also one of these and set it in B mode.

http://www.amazon.co.uk/Alfa-AWUS036H-802-11b-Wireless-network/dp/B002WCEWU8

.
edited by Hash-IT on 21/02/2013


Please read the forum rules. | Please read the paid section rules.

BTC: 1MmWESN5bKZ1YSuHrm5uNwnQYxWyQnEQ6E

Avatar
blandyuk
Admin / Owner
Status: Trusted
Joined: Tue, 05 Jul 2011
Posts: 3033
Team: HashKiller
Reputation: 4060 Reputation
Offline
Thu, 21 Feb 2013 @ 10:38:29

The large aerial is point-to-point, very good but not what I need. I have setup a custom panel aerial for a mate which beamed the wifi over quarter of a mile, 80-85% signal at destination. Had to point it in the right direction of course. Original aerial didn't even get half way lol, even then it was ~20% signal. Those aerials make a HUGE difference.

The adapter I'm getting is awesome for wardriving as I can mount it on the outside with USB extender cable. With the standard aerial fitting, I can use my larger aerial then the small crappy one it come with.


Please read the forum rules | Please read the paid section rules
I accept private hash lists, with forum donations only.
BTC: 15qF9WUeFUD63ishxyAMiEgGqTcYzk4j9b
GPU Power: 9x GTX 1070 + 4x GTX 1080

Avatar
Hash-IT

Status: Trusted
Joined: Tue, 02 Aug 2011
Posts: 4598
Team: HashKiller
Reputation: 3003 Reputation
Offline
Thu, 21 Feb 2013 @ 11:29:05

I have the dish above, I am quite pleased with it. It is very directional though but I can get a good distance.

I found with the panel ariel's that they received very well but TX was nothing like as good. The dish is almost equal in RX and TX.

Do you live in a very built up area ? If so then you are correct the omni stuff is probably better. However even in a built up area if you are prepared to spend the time lining the dish up you can get very good results.


Please read the forum rules. | Please read the paid section rules.

BTC: 1MmWESN5bKZ1YSuHrm5uNwnQYxWyQnEQ6E

Avatar
blandyuk
Admin / Owner
Status: Trusted
Joined: Tue, 05 Jul 2011
Posts: 3033
Team: HashKiller
Reputation: 4060 Reputation
Offline
Thu, 21 Feb 2013 @ 11:59:44

No, I'm not in a build up area so I have no problem I'm just always interested in improving distance... for certain reasons. I've just created a cantenna for the laugh, here it is:

http://home.btconnect.com/md5decrypter/pictures/cantenna1.jpg

U would not believe the difference just that makes lol, it's not like some cantenna's but makes a big difference. Notice the aerial is to the side, not in the middle or right at the back in the middle. Reason is u get best signal strength around that area.

-
edited by blandyuk on 21/02/2013


Please read the forum rules | Please read the paid section rules
I accept private hash lists, with forum donations only.
BTC: 15qF9WUeFUD63ishxyAMiEgGqTcYzk4j9b
GPU Power: 9x GTX 1070 + 4x GTX 1080

Avatar
Hash-IT

Status: Trusted
Joined: Tue, 02 Aug 2011
Posts: 4598
Team: HashKiller
Reputation: 3003 Reputation
Offline
Thu, 21 Feb 2013 @ 12:36:57

Ha ! thats great !

I did a lot of this a couple of years ago, great fun !

Have you tried using a wok yet, no joke it really works well, it is more of a reflector than a parabolic dish but it works extremely well. Use blue tac to fix your dongle to the wok then experiment finding the sweet spot.

The biggest difference I noticed was using b mode in my USB dongle, b mode goes a lot further.


Please read the forum rules. | Please read the paid section rules.

BTC: 1MmWESN5bKZ1YSuHrm5uNwnQYxWyQnEQ6E

Avatar
blandyuk
Admin / Owner
Status: Trusted
Joined: Tue, 05 Jul 2011
Posts: 3033
Team: HashKiller
Reputation: 4060 Reputation
Offline
Thu, 21 Feb 2013 @ 12:53:23

Behold, the more effective and easier solution... Pantenna!

http://home.btconnect.com/md5decrypter/pictures/pantenna1.jpg

What a difference lol, the aerial works best pointing at that side. Like u say, a Wok would be awesome to.

-
edited by blandyuk on 21/02/2013


Please read the forum rules | Please read the paid section rules
I accept private hash lists, with forum donations only.
BTC: 15qF9WUeFUD63ishxyAMiEgGqTcYzk4j9b
GPU Power: 9x GTX 1070 + 4x GTX 1080

Avatar
Hash-IT

Status: Trusted
Joined: Tue, 02 Aug 2011
Posts: 4598
Team: HashKiller
Reputation: 3003 Reputation
Offline
Thu, 21 Feb 2013 @ 13:30:05

blandyuk said:

Behold, the more effective and easier solution... Pantenna!

http://home.btconnect.com/md5decrypter/pictures/pantenna1.jpg

What a difference lol, the aerial works best pointing at that side. Like u say, a Wok would be awesome to.

-
edited by blandyuk on 21/02/2013

You are a DIY Pan Master God, I am not worthy !



Please read the forum rules. | Please read the paid section rules.

BTC: 1MmWESN5bKZ1YSuHrm5uNwnQYxWyQnEQ6E

Avatar
blandyuk
Admin / Owner
Status: Trusted
Joined: Tue, 05 Jul 2011
Posts: 3033
Team: HashKiller
Reputation: 4060 Reputation
Offline
Thu, 21 Feb 2013 @ 23:58:31

So, how do we go about working on the below key-space for WPA:

[0-9a-f] Len 10
[0-9A-Z] Len 8
[A-Z] Len 8

All those are crazy, even with big rigs it would take a totally insane time to complete. I have numerous BTHub3 hand-shakes but key-space is too large. Even if I split it into 4096 individual parts, with my rig @ 400,000 c/s it would take 11 mins to complete each one.

-
edited by blandyuk on 22/02/2013


Please read the forum rules | Please read the paid section rules
I accept private hash lists, with forum donations only.
BTC: 15qF9WUeFUD63ishxyAMiEgGqTcYzk4j9b
GPU Power: 9x GTX 1070 + 4x GTX 1080

Avatar
Hash-IT

Status: Trusted
Joined: Tue, 02 Aug 2011
Posts: 4598
Team: HashKiller
Reputation: 3003 Reputation
Offline
Fri, 22 Feb 2013 @ 00:37:21

We just have to do them.

The more that are broken the better, we need to see if there are any patterns.

I am thinking the 11 minute break downs are a little small. For WPA we need a committed team, ones that will leave their computers on through the night. If we each did 8 - 10 hours runs that should make a dent in it.

I guess these sorts of patterns / request might have to be based on financial contributions to the site ? Perhaps have a award system for regular members etc but basically as WPA is so hard we might as well fund the running of the site with it.

This way all users can contribute anonymously to the site by running a few patterns to break paid for WPA keys. Any regular member who helps out the members here in a big way can receive points for a WPA break at a later date, kind of like a prize.

I also suggest there is a manual way for people to join in. Perhaps allow users to reserve a pattern or two and report back manually if they find the password or not. I just can't get connected to the distribution system for some reason but want to join in. I am sure the problem is my end (TOR) but I would still like to help like I did today.

Other new people may be a little unsure about connecting up but still want to help, so it would be useful for them also.


Please read the forum rules. | Please read the paid section rules.

BTC: 1MmWESN5bKZ1YSuHrm5uNwnQYxWyQnEQ6E


18 Results - Page 1 of 1 -
1

We have a total of 163292 messages in 20499 topics.
We have a total of 19267 registered users.
Our newest registered member is johnbranches.