NOTE: When cracking WPA/WPA2 passwords, make sure you check gpuhash.me first incase it's already been processed.

Home - Wireless Cracking - Bright-Box


137 Results - Page 1 of 5 -
1 2 3 4 5
Author Message
Avatar
Hash-IT

Status: Trusted
Joined: Tue, 02 Aug 2011
Posts: 4598
Team: HashKiller
Reputation: 3003 Reputation
Offline
Mon, 15 Oct 2012 @ 13:35:01

Hi

Just wondering if someone who has a Bright-Box router in the UK could confirm or deny if this is the actual WPA password format that they come with as standard ?

Just saw an example on their site and couldn't believe my luck.... horse-duck-dog !!!


Please read the forum rules. | Please read the paid section rules.

BTC: 1MmWESN5bKZ1YSuHrm5uNwnQYxWyQnEQ6E

Avatar
Hash-IT

Status: Trusted
Joined: Tue, 02 Aug 2011
Posts: 4598
Team: HashKiller
Reputation: 3003 Reputation
Offline
Thu, 29 Nov 2012 @ 18:25:22

Shameless Bump

Oh come on...

No one at all on md5decrypter.co.uk has ever seen a default password for one of these in the UK ?


Please read the forum rules. | Please read the paid section rules.

BTC: 1MmWESN5bKZ1YSuHrm5uNwnQYxWyQnEQ6E

Avatar
blandyuk
Admin / Owner
Status: Trusted
Joined: Tue, 05 Jul 2011
Posts: 3033
Team: HashKiller
Reputation: 4060 Reputation
Offline
Mon, 11 Mar 2013 @ 16:30:02

That was an example from Orange, I think the key is 8 chars long. Been trying to find a scan of a "KEEP MEE" card so I can find default length and keyspace

Will add here once found:

http://forum.md5decrypter.co.uk/topic2715-default-router-wpa-keys--keyspace-used.aspx


Please read the forum rules | Please read the paid section rules
I accept private hash lists, with forum donations only.
BTC: 15qF9WUeFUD63ishxyAMiEgGqTcYzk4j9b
GPU Power: 9x GTX 1070 + 4x GTX 1080

Avatar
blandyuk
Admin / Owner
Status: Trusted
Joined: Tue, 05 Jul 2011
Posts: 3033
Team: HashKiller
Reputation: 4060 Reputation
Offline
Mon, 11 Mar 2013 @ 16:38:45

Now this is interesting:

http://www.the-scream.co.uk/forums/showthread.php?s=2fd3a4e97ec0952411cf56af9dc6d167&t=31206&page=4

Think that answers your question, and it does bring in an interesting point regarding security. I think they are actually lower-case and all we would need is a clean list of 3-5 length words and just run all combinations. What you think?

-
edited by blandyuk on 11/03/2013


Please read the forum rules | Please read the paid section rules
I accept private hash lists, with forum donations only.
BTC: 15qF9WUeFUD63ishxyAMiEgGqTcYzk4j9b
GPU Power: 9x GTX 1070 + 4x GTX 1080

Avatar
blandyuk
Admin / Owner
Status: Trusted
Joined: Tue, 05 Jul 2011
Posts: 3033
Team: HashKiller
Reputation: 4060 Reputation
Offline
Mon, 11 Mar 2013 @ 16:58:25

If this is the case, I have used a clean wordlist and got all the 3-5 len words and got the below keyspace:

Len 3: 454 words
Len 4: 1760 words
Len 5: 3336 words

Possible configurations:

3-3-4 = 362764160
3-4-3 = 362764160
4-3-3 = 362764160
3-4-4 = 1406310400
4-4-3 = 1406310400
3-3-5 = 687602976
3-5-3 = 687602976
5-3-3 = 687602976
3-4-5 = 2665597440
3-5-4 = 2665597440
4-3-5 = 2665597440
4-5-3 = 2665597440
5-3-4 = 2665597440
5-4-3 = 2665597440

Total Keyspace: 21,957,306,848

21957306848 / 400000 = 15.25 hrs

-
edited by blandyuk on 11/03/2013


Please read the forum rules | Please read the paid section rules
I accept private hash lists, with forum donations only.
BTC: 15qF9WUeFUD63ishxyAMiEgGqTcYzk4j9b
GPU Power: 9x GTX 1070 + 4x GTX 1080

Avatar
Hash-IT

Status: Trusted
Joined: Tue, 02 Aug 2011
Posts: 4598
Team: HashKiller
Reputation: 3003 Reputation
Offline
Mon, 11 Mar 2013 @ 17:21:58

blandyuk said:

Now this is interesting:

http://www.the-scream.co.uk/forums/showthread.php?s=2fd3a4e97ec0952411cf56af9dc6d167&t=31206&page=4

Think that answers your question, and it does bring in an interesting point regarding security. I think they are actually lower-case and all we would need is a clean list of 3-5 length words and just run all combinations. What you think?

-
edited by blandyuk on 11/03/2013

Thats a good find Blandy, thank you !

Hmm.. . Just going to have a think about this


Please read the forum rules. | Please read the paid section rules.

BTC: 1MmWESN5bKZ1YSuHrm5uNwnQYxWyQnEQ6E

Avatar
Hash-IT

Status: Trusted
Joined: Tue, 02 Aug 2011
Posts: 4598
Team: HashKiller
Reputation: 3003 Reputation
Offline
Mon, 11 Mar 2013 @ 18:44:13

blandyuk said:

If this is the case, I have used a clean wordlist and got all the 3-5 len words and got the below keyspace:

Len 3: 454 words
Len 4: 1760 words
Len 5: 3336 words

Possible configurations:

3-3-4 = 362764160
3-4-3 = 362764160
4-3-3 = 362764160
3-4-4 = 1406310400
4-4-3 = 1406310400
3-3-5 = 687602976
3-5-3 = 687602976
5-3-3 = 687602976

Total Keyspace: 5,963,722,208

5963722208 / 400000 = 4.14 hrs

This is great Blandy.

I suggest they are only English words, no numbers or special characters. I have also made a list. In order to store the list better I suggest only merging the first 2 groups and then use the combination attack mode to add the last set.

Can I ask why you chose only 5 letters long ? Is it because of the oclhashcat length restriction or do you know more about the Brightbox ?

Thanks.


Please read the forum rules. | Please read the paid section rules.

BTC: 1MmWESN5bKZ1YSuHrm5uNwnQYxWyQnEQ6E

Avatar
blandyuk
Admin / Owner
Status: Trusted
Joined: Tue, 05 Jul 2011
Posts: 3033
Team: HashKiller
Reputation: 4060 Reputation
Offline
Mon, 11 Mar 2013 @ 19:12:08

We have 2 key examples now:

horse-duck-dog
hole-wind-bat

(I missed somemore possible keyspaces so I've updated the post above)

On this basis, I've just compiled basic english words 3-5 chars in length. We really REALLY! need more actual default WPA key examples to verify this is the case.

-
edited by blandyuk on 11/03/2013


Please read the forum rules | Please read the paid section rules
I accept private hash lists, with forum donations only.
BTC: 15qF9WUeFUD63ishxyAMiEgGqTcYzk4j9b
GPU Power: 9x GTX 1070 + 4x GTX 1080

Avatar
Hash-IT

Status: Trusted
Joined: Tue, 02 Aug 2011
Posts: 4598
Team: HashKiller
Reputation: 3003 Reputation
Offline
Mon, 11 Mar 2013 @ 19:29:57

blandyuk said:

We really REALLY! need more actual default WPA key examples to verify this is the case.

Agreed !

If someone here has access to one of these routers and doesn't want to share the actual password but still wants to help, can you please just perhaps confirm the above or provide a clue ?

The list I have made would take about 9 days on my system. However considering it is WPA that isn't bad, SKY keys take 26 days for me !

I think there is much more scope for me to reduce this list I have, I am sure many words would not normally be included.... I was going to list them but I didn't want to attract the wrong type of search engine results


Please read the forum rules. | Please read the paid section rules.

BTC: 1MmWESN5bKZ1YSuHrm5uNwnQYxWyQnEQ6E

Avatar
RaggedyMan

Status: n/a
Joined: Thu, 28 Mar 2013
Posts: 6
Team:
Reputation: 0 Reputation
Offline
Thu, 28 Mar 2013 @ 13:26:18

Hash-IT said:

blandyuk said:

We really REALLY! need more actual default WPA key examples to verify this is the case.

Agreed !

If someone here has access to one of these routers and doesn't want to share the actual password but still wants to help, can you please just perhaps confirm the above or provide a clue ?

The list I have made would take about 9 days on my system. However considering it is WPA that isn't bad, SKY keys take 26 days for me !

I think there is much more scope for me to reduce this list I have, I am sure many words would not normally be included.... I was going to list them but I didn't want to attract the wrong type of search engine results

Hi there. The &quotHOLE-WIND-BAT&quot you found on thescream forum was an example I used in reply to the key length question.
It may be a real key, but it was just three words off the top of my head to show it is variable.

I have two Brightbox routers and have thought along the same lines as you with regard to wordlists, and can confirm that when a customer recieves one of these units, the three word keyphrase is on a sticker underneath. They are user configurable but I would guess that very few people actually change it.


Avatar
Hash-IT

Status: Trusted
Joined: Tue, 02 Aug 2011
Posts: 4598
Team: HashKiller
Reputation: 3003 Reputation
Offline
Thu, 28 Mar 2013 @ 15:51:12

RaggedyMan said:


I have two Brightbox routers

Can you please be more specific about the passwords ? Are they lowercase ? Are they between 3 and 5 characters long ? English words or words and names ? Are they separated by &quot-&quot ?

If you posted the actual passwords I don't think anyone could identify you by the passwords alone, but I understand if you are nervous.

Thanks.


Please read the forum rules. | Please read the paid section rules.

BTC: 1MmWESN5bKZ1YSuHrm5uNwnQYxWyQnEQ6E

Avatar
RaggedyMan

Status: n/a
Joined: Thu, 28 Mar 2013
Posts: 6
Team:
Reputation: 0 Reputation
Offline
Fri, 29 Mar 2013 @ 11:50:43

I'm not posting the passwords as that is of no consequence but yes, they are lowercase and separated by a "-".

The two I have are made up of lengths:
3-4-5 and 5-3-4.

I have never seen one that had any more than 5 chars so your table would be correct. I think they are all English words but don't follow a pattern of item. I.e. your horse-dog-duck example.

I haven't done any cracking for ages. I only bothered with WEP as its so easy but like you was very curious about the brightbox routers. It seems quite a weak way to implement a rather secure system.

Good luck.


Avatar
RaggedyMan

Status: n/a
Joined: Thu, 28 Mar 2013
Posts: 6
Team:
Reputation: 0 Reputation
Offline
Fri, 29 Mar 2013 @ 11:52:18

Sorry, yes, I think the lengths are 3 to 5 long.


Avatar
Hash-IT

Status: Trusted
Joined: Tue, 02 Aug 2011
Posts: 4598
Team: HashKiller
Reputation: 3003 Reputation
Offline
Fri, 29 Mar 2013 @ 14:07:16

OK Thanks.

Are names used or just words ?


Please read the forum rules. | Please read the paid section rules.

BTC: 1MmWESN5bKZ1YSuHrm5uNwnQYxWyQnEQ6E

Avatar
RaggedyMan

Status: n/a
Joined: Thu, 28 Mar 2013
Posts: 6
Team:
Reputation: 0 Reputation
Offline
Sat, 30 Mar 2013 @ 07:50:12

As far as I can tell they are just words. I wouldn't have thought they'd have used names.
I did have a thought, on both of mine, the phrases are made up of one word of each length. If that's the case, that would shorten the time taken.
Maybe different lists could be made, for example.

3-4-5, 4-5-3, 5-4-3, 5-3-4 etc...

That way, using one handshake on multiple systems, each one can have its own process.

Just a thought.
edited by RaggedyMan on 30/03/2013


Avatar
Hash-IT

Status: Trusted
Joined: Tue, 02 Aug 2011
Posts: 4598
Team: HashKiller
Reputation: 3003 Reputation
Offline
Sat, 30 Mar 2013 @ 08:48:48

RaggedyMan said:

As far as I can tell they are just words. I wouldn't have thought they'd have used names.
I did have a thought, on both of mine, the phrases are made up of one word of each length. If that's the case, that would shorten the time taken.
Maybe different lists could be made, for example.

3-4-5, 4-5-3, 5-4-3, 5-3-4 etc...

That way, using one handshake on multiple systems, each one can have its own process.

Just a thought.
edited by RaggedyMan on 30/03/2013

Interesing, your &quotone of each length&quot idea even works for my key horse-duck-dog.

We need more of these passwords to be sure.


Please read the forum rules. | Please read the paid section rules.

BTC: 1MmWESN5bKZ1YSuHrm5uNwnQYxWyQnEQ6E

Avatar
Hash-IT

Status: Trusted
Joined: Tue, 02 Aug 2011
Posts: 4598
Team: HashKiller
Reputation: 3003 Reputation
Offline
Sun, 31 Mar 2013 @ 18:20:15

I have just broken one of these and I am now considering the admin config page. Any clues about the default type passwords for the admin log in ?


Please read the forum rules. | Please read the paid section rules.

BTC: 1MmWESN5bKZ1YSuHrm5uNwnQYxWyQnEQ6E

Avatar
RaggedyMan

Status: n/a
Joined: Thu, 28 Mar 2013
Posts: 6
Team:
Reputation: 0 Reputation
Offline
Mon, 01 Apr 2013 @ 15:57:01

Unfortunately not. They look a little random like the Homehub ones.


Avatar
Hash-IT

Status: Trusted
Joined: Tue, 02 Aug 2011
Posts: 4598
Team: HashKiller
Reputation: 3003 Reputation
Offline
Mon, 01 Apr 2013 @ 15:59:58

RaggedyMan said:

Unfortunately not. They look a little random like the Homehub ones.

As far as I can tell they are length 6 lower alpha and numbers. Does that seem right when you look at the 2 you have ?


Please read the forum rules. | Please read the paid section rules.

BTC: 1MmWESN5bKZ1YSuHrm5uNwnQYxWyQnEQ6E

Avatar
RaggedyMan

Status: n/a
Joined: Thu, 28 Mar 2013
Posts: 6
Team:
Reputation: 0 Reputation
Offline
Tue, 09 Apr 2013 @ 12:50:10

Hash-IT said:

RaggedyMan said:

Unfortunately not. They look a little random like the Homehub ones.

As far as I can tell they are length 6 lower alpha and numbers. Does that seem right when you look at the 2 you have ?

The lowest amount of chars I have is 3 and the highest is 5.
I haven't seen any others, although my stepson has a new one after a bad flash from EE on his. (Thats why I have two)

I'll have to have a look at his next time I'm there and see if its any different.


Avatar
Hash-IT

Status: Trusted
Joined: Tue, 02 Aug 2011
Posts: 4598
Team: HashKiller
Reputation: 3003 Reputation
Offline
Tue, 09 Apr 2013 @ 14:28:32

RaggedyMan said:

Hash-IT said:

RaggedyMan said:

Unfortunately not. They look a little random like the Homehub ones.

As far as I can tell they are length 6 lower alpha and numbers. Does that seem right when you look at the 2 you have ?

The lowest amount of chars I have is 3 and the highest is 5.
I haven't seen any others, although my stepson has a new one after a bad flash from EE on his. (Thats why I have two)

I'll have to have a look at his next time I'm there and see if its any different.


Yes, please take a look and report back

I am surprised they use as low as 3 characters for the admin password. Great new though as I was about to give up if it was 6 random characters.


Please read the forum rules. | Please read the paid section rules.

BTC: 1MmWESN5bKZ1YSuHrm5uNwnQYxWyQnEQ6E

Avatar
blandyuk
Admin / Owner
Status: Trusted
Joined: Tue, 05 Jul 2011
Posts: 3033
Team: HashKiller
Reputation: 4060 Reputation
Offline
Mon, 29 Apr 2013 @ 11:55:16

Update on this thread, I just configured one for a friend and the password matches the config: 4-5-3

I think the EE-Brightbox default WPA/WPA2 keys can be broken in ~15 hrs using my rig lol

This is epic! I need some WPA handshakes to verify.

-
edited by blandyuk on 29/04/2013


Please read the forum rules | Please read the paid section rules
I accept private hash lists, with forum donations only.
BTC: 15qF9WUeFUD63ishxyAMiEgGqTcYzk4j9b
GPU Power: 9x GTX 1070 + 4x GTX 1080

Avatar
Hash-IT

Status: Trusted
Joined: Tue, 02 Aug 2011
Posts: 4598
Team: HashKiller
Reputation: 3003 Reputation
Offline
Mon, 29 Apr 2013 @ 12:29:39

blandyuk said:

Update on this thread, I just configured one for a friend and the password matches the config: 4-5-3

I think the EE-Brightbox default WPA/WPA2 keys can be broken in ~15 hrs using my rig lol

This is epic! I need some WPA handshakes to verify.

-
edited by blandyuk on 29/04/2013


That's great !

Can you take a look at the one you are setting up and let us know about the admin password ? The one you use to configure the router ?


Please read the forum rules. | Please read the paid section rules.

BTC: 1MmWESN5bKZ1YSuHrm5uNwnQYxWyQnEQ6E

Avatar
blandyuk
Admin / Owner
Status: Trusted
Joined: Tue, 05 Jul 2011
Posts: 3033
Team: HashKiller
Reputation: 4060 Reputation
Offline
Mon, 29 Apr 2013 @ 15:33:59

I can't remember what the admin passwd was but it was like a randomly generated 6 or 8 char low-alpha pass.


Please read the forum rules | Please read the paid section rules
I accept private hash lists, with forum donations only.
BTC: 15qF9WUeFUD63ishxyAMiEgGqTcYzk4j9b
GPU Power: 9x GTX 1070 + 4x GTX 1080

Avatar
Hash-IT

Status: Trusted
Joined: Tue, 02 Aug 2011
Posts: 4598
Team: HashKiller
Reputation: 3003 Reputation
Offline
Mon, 29 Apr 2013 @ 15:56:16

blandyuk said:

I can't remember what the admin passwd was but it was like a randomly generated 6 or 8 char low-alpha pass.

OK Thanks

When you next visit your friend would you please take a better look ?


Please read the forum rules. | Please read the paid section rules.

BTC: 1MmWESN5bKZ1YSuHrm5uNwnQYxWyQnEQ6E

Avatar
blandyuk
Admin / Owner
Status: Trusted
Joined: Tue, 05 Jul 2011
Posts: 3033
Team: HashKiller
Reputation: 4060 Reputation
Offline
Fri, 03 May 2013 @ 13:08:56

I could really do with a few Brightbox captures / handshakes any help would be awesome!


Please read the forum rules | Please read the paid section rules
I accept private hash lists, with forum donations only.
BTC: 15qF9WUeFUD63ishxyAMiEgGqTcYzk4j9b
GPU Power: 9x GTX 1070 + 4x GTX 1080

Avatar
PiXEL

Status: Cracker
Joined: Sat, 09 Jun 2012
Posts: 149
Team:
Reputation: 274 Reputation
Offline
Wed, 08 May 2013 @ 19:33:50

blandyuk said:

I could really do with a few Brightbox captures / handshakes any help would be awesome!

Hi blandyuk, here's 3 Brightbox captures I found on the net. Hope this helps.

.


CPU: Intel Core i7 2600k
GPU: GeForce GTX 1060 6GB

Attachments: Login to view attachments.
Avatar
blandyuk
Admin / Owner
Status: Trusted
Joined: Tue, 05 Jul 2011
Posts: 3033
Team: HashKiller
Reputation: 4060 Reputation
Offline
Tue, 14 May 2013 @ 22:11:21

Nice PiXEL I went &quotout&quot last night and got one very close to me, took like 3 mins lol, seriously! Find the hccap attached. I can go thru all 4-5-3 words in 3 hrs 40 mins so will run them.


Please read the forum rules | Please read the paid section rules
I accept private hash lists, with forum donations only.
BTC: 15qF9WUeFUD63ishxyAMiEgGqTcYzk4j9b
GPU Power: 9x GTX 1070 + 4x GTX 1080

Attachments: Login to view attachments.
Avatar
PiXEL

Status: Cracker
Joined: Sat, 09 Jun 2012
Posts: 149
Team:
Reputation: 274 Reputation
Offline
Wed, 15 May 2013 @ 03:42:58

blandyuk said:

Nice PiXEL I went &quotout&quot last night and got one very close to me, took like 3 mins lol, seriously! Find the hccap attached. I can go thru all 4-5-3 words in 3 hrs 40 mins so will run them.

3 mins!! LOL awesome. I also cracked one of the EE ones recently and I was now trying to figure out the router login password, I pulled some
javascript file from it and it looks like this file tells the router how to create the admin password from the MAC and then creating an MD5 hash of it.
I also think it maybe possible to reverse it. Would you mind taking a look as I know you've got programing skills, so your more likely to be able to
make sense of than me.

Not sure I should post the file here so I'll wait for your reply.


.


edited by PiXEL on 15/05/2013


CPU: Intel Core i7 2600k
GPU: GeForce GTX 1060 6GB

Avatar
blandyuk
Admin / Owner
Status: Trusted
Joined: Tue, 05 Jul 2011
Posts: 3033
Team: HashKiller
Reputation: 4060 Reputation
Offline
Wed, 15 May 2013 @ 09:29:34

OK, PM me PiXEL and also, the router WPA password would be very useful to know so I know which pattern it uses


Please read the forum rules | Please read the paid section rules
I accept private hash lists, with forum donations only.
BTC: 15qF9WUeFUD63ishxyAMiEgGqTcYzk4j9b
GPU Power: 9x GTX 1070 + 4x GTX 1080


137 Results - Page 1 of 5 -
1 2 3 4 5

We have a total of 163292 messages in 20499 topics.
We have a total of 19267 registered users.
Our newest registered member is johnbranches.