NEW: We have a Discord server now. Click here to go there now!

NOTE: Why not use our List Manager to crack your lists? Its easy and enables better management.

NOTE: When cracking WPA/WPA2 passwords, make sure you check gpuhash.me first incase it's already been processed.

Home - WPA Packet Cracking - BT HUB Default WPA keys


15 Results - Page 1 of 1 -
1
Author Message
Avatar
mrhandshake

Status: n/a
Joined: Mon, 08 Sep 2014
Posts: 6
Team:
Reputation: 0 Reputation
Offline
Mon, 08 Sep 2014 @ 21:52:56

Hi this is my first time here and I am pretty excited about cracking passwords (as i guess most of you are)

I want to crack BT hub default wpa keys. As far as I know they are 10 digit (2-9)(a-f)..... please correct me if I am wrong.
I have captured my own handshake from my router, got it cleaned up at into oclhashcat

I have then made a charlist which just contains " -1 abcdef23456789"

I have then set the mask to a?1?1?1?1?1?1?1?1?1 and plan on changing to b?1?1?1?1?1?1?1?1?1 once it has been checked and so on until i have gone though abcdef23456789

I have tried reaver which just seemed to get to 99.9% and then quit (tried many different configuration with no luck)

Just looking for some guidance really and whether or not im going in the right direction with oclhashcat.

I have a R9 290X and a 6950, what kind of setup would i need to get something like this done in a week



Avatar
Milzo
Administrator
Status: Trusted
Joined: Sat, 29 Dec 2012
Posts: 3111
Team:
Reputation: 4764 Reputation
Online
Mon, 08 Sep 2014 @ 22:31:01

A single 290x @ 1030MHz core will average 200Kh/s and require atleast 30 hours of you time just to run the example a?1?1?1?1?1?1?1?1?1 2-9/a-f and a little over 17 days to run the full keyspace.

Breaking it down into chunks is a good stratagy, and you just might get lucky by randomly picking your starting character and using the --session parameter in hashcat as a safeguard.

Cracking these sort of keys requires patience, power and luck, thats all.....So anyone can do it.

WPA is labour intensive on GPU's so you'll need to make sure have adequate cooling, do not let these cards go into the 90's for long periods, keep you temperatures < 85.

You may need to underclock the card(s) to balance things out, taking into consideration your ambient room temperture aswell

Make use of the -n -u parameters with hashcat for best performace.


Avatar
mrhandshake

Status: n/a
Joined: Mon, 08 Sep 2014
Posts: 6
Team:
Reputation: 0 Reputation
Offline
Mon, 08 Sep 2014 @ 23:07:35

Hi thanks for the tips, would i be right in saying another 290x will half the required time. also it says 5 days for one set, have i messed the settings up or is this how long its actually going to take?


Attachments: Login to view attachments.
Avatar
Milzo
Administrator
Status: Trusted
Joined: Sat, 29 Dec 2012
Posts: 3111
Team:
Reputation: 4764 Reputation
Online
Mon, 08 Sep 2014 @ 23:31:58

Your keyspace should be 20661046784 if using 2-9 / a-f with that mask.

Yours is 118587876497.

What is your full command, post that.

and yes another 290x would bring double the power but also more heat.



Avatar
mrhandshake

Status: n/a
Joined: Mon, 08 Sep 2014
Posts: 6
Team:
Reputation: 0 Reputation
Offline
Mon, 08 Sep 2014 @ 23:48:47

Im using the GUI so here is a screenshot of the configuration. in the charset file is "-1 abcdef23456789"


Attachments: Login to view attachments.
Avatar
Milzo
Administrator
Status: Trusted
Joined: Sat, 29 Dec 2012
Posts: 3111
Team:
Reputation: 4764 Reputation
Online
Tue, 09 Sep 2014 @ 00:02:16

I'm not familiar with GUI as i use linux, but you should be in classic brute-force mode, yours is currently set on hybrid dict + mask.


Avatar
blandyuk
Administrator
Status: Trusted
Joined: Tue, 05 Jul 2011
Posts: 3206
Team: HashKiller
Reputation: 7744 Reputation
Offline
Tue, 09 Sep 2014 @ 11:48:23

U don't need to use a char-set file, u can specify it directly in the char-set field: 23456789abcdef

The screen-shot looks OK other than that. Brute-Force, mask is length 10.


Please read the forum rules | Please read the paid section rules

Avatar
wkIzalwikOzEqpJcByMa

Status: n/a
Joined: Sat, 06 Sep 2014
Posts: 11
Team:
Reputation: 0 Reputation
Offline
Tue, 09 Sep 2014 @ 13:11:59

mrhandshake said:

Hi this is my first time here and I am pretty excited about cracking passwords (as i guess most of you are)
I have tried reaver which just seemed to get to 99.9% and then quit (tried many different configuration with no luck)

Hey ,

Have you tried the reavermod? Or the new thread for wps-reaver-fork? This problem what you got is due to the last number , the checksum, does not fulfil the standard so you'll have to bruteforce with at least the first 4 digits of your WPS-pincode that you have already recovered. Without any doubt, reaver will be your best shot for this challenge

If you prefer GPU-cracking instead......good luck!


Avatar
mrhandshake

Status: n/a
Joined: Mon, 08 Sep 2014
Posts: 6
Team:
Reputation: 0 Reputation
Offline
Tue, 09 Sep 2014 @ 14:11:33

I have not tried those but thanks for the tip, I will do a search and see what I find.I would much rather use reaver as its not going to cost me anywhere near as much in electric and time. I have searched for about two nights and couldn't find a working solution. Im using reaver 1.4 on kali.


Avatar
Milzo
Administrator
Status: Trusted
Joined: Sat, 29 Dec 2012
Posts: 3111
Team:
Reputation: 4764 Reputation
Online
Tue, 09 Sep 2014 @ 14:53:10

BT Hubs use push button for WPS.


Avatar
mrhandshake

Status: n/a
Joined: Mon, 08 Sep 2014
Posts: 6
Team:
Reputation: 0 Reputation
Offline
Tue, 09 Sep 2014 @ 15:24:26

sooo back to gpus then


Avatar
mrhandshake

Status: n/a
Joined: Mon, 08 Sep 2014
Posts: 6
Team:
Reputation: 0 Reputation
Offline
Wed, 10 Sep 2014 @ 20:21:14

would making a massive word list with crunch e.g crunch 9 9 abcdef23456789 then running it through hashcat with a prefix of a then b then c and so on work? im guessing this has already been tried.


Avatar
Milzo
Administrator
Status: Trusted
Joined: Sat, 29 Dec 2012
Posts: 3111
Team:
Reputation: 4764 Reputation
Online
Wed, 10 Sep 2014 @ 21:12:59

You could, but that would be a pointless exercise since you can do that on the fly with hashcat.


Avatar
blandyuk
Administrator
Status: Trusted
Joined: Tue, 05 Jul 2011
Posts: 3206
Team: HashKiller
Reputation: 7744 Reputation
Offline
Thu, 11 Sep 2014 @ 08:36:41

Word-lists r pointless for this. Just brute-force the whole key-space in chunks as you are already doing.


Please read the forum rules | Please read the paid section rules

Avatar
wkIzalwikOzEqpJcByMa

Status: n/a
Joined: Sat, 06 Sep 2014
Posts: 11
Team:
Reputation: 0 Reputation
Offline
Thu, 11 Sep 2014 @ 09:40:55

mrhandshake said:

I have not tried those but thanks for the tip, I will do a search and see what I find.I would much rather use reaver as its not going to cost me anywhere near as much in electric and time. I have searched for about two nights and couldn't find a working solution. Im using reaver 1.4 on kali.

Hey mrhandshake,
you can take a look at those links. I hope you enjoy them

http://xiaopan.co/forums/threads/reavermod-v2-for-xiaopan.3386/
https://code.google.com/p/reaver-wps-fork/



15 Results - Page 1 of 1 -
1

We have a total of 220399 messages in 26895 topics.
We have a total of 23604 registered users.
Our newest registered member is Jwd.