odinsmeadhorn: You have to build the Genpmk lists at the same rate that you Crack with
CowPatty using the library attack. It will take just as long both ways so
whats the point of even using Genpmk. You build the list which takes just
as long then crack in a matter of seconds. Or you just crack at the same
rate that it took you to build the list. I feel like I'm taking crazy pills
Joseph R: Anonymus was in diccionary?
Kaloqn Donkov: This is for silly, there is more good ways to do it, not with this fuking
JarppaGuru: how much time take generate hashed example for 5 long key a-z0-9 when total
keys would be 62193780. i testing one window program and it will try only
250keys/s and allredy run 24hour looool and not yet finished.if i had hash
for it it would run 10000key/s (on linux sure) so that would take
100minutes? so how long time take make that hash file before cracking wpa?
cirujatuc79: "End of pcap capture file, incomplete four-way handshake exchange, try
using a different capture." :( (wifi WPA2)
JarppaGuru: if generating hash basically same thing than run wordlist on cowpatty. my
brain says its slower? what if password is firstlines of wordlist? you take
all time to make pre calculated hash. when cowpatty wud find it 2 minute
anyways lol. and why do hash if you never again use it with same essid
again :) my question is? genpmk+cowpatty(hash)=cowpatty (wordlist) when run
million passphrases and it will last on line
fuckmanolo: Your voice reminds me Chris Griffin lol
davidangelmorin: Where can I get software
Ik Foung Tang: Hi, May I ask If The Password didnt in the wordlist. Can it be find the WPA
password successfull ?
Pr. Nizar: I've seen some technic using some honey pots in a video from hacktivity
(watch?v=Ra0dGPYScLQ practical magic begins at 30min)... This one is a
tricky one and seems to be more reliable than just bruteforcing your way
in... But I presume you have to be near your victime and the real AP shut
down or farer than you for the victime... P.S: Sorry for my poor english;
it's only my third spoken language.
Justin Hutchens: That is correct. A successful dictionary attack requires that the
passphrase be located within the dictionary file used.
PackOfWyvern: 2. I guess its worth noting that I got a new router today( NETGEAR N600
DualBand). I did a packet capture of my new router and deauthed my computer
to get EAPOLs. When I tried cowpatty on it it gave me a message saying
"incomplete 4 way handshake, try a new cap file". I tried about three
different times with different amounts of deauths and waited a good amount
after the deauths to no avail. I suspect the dualband freaks it up. BTW im
using an older eee netbook with backtrack as the only os.
Justin Hutchens: You are correct that prehashing takes about the same amount of time. The
advantage of prehashing, over aircrack is that you can perform the hash
computations without being in proximity of the access point (assuming you
know the SSID). Hypothetically, if you wanted to crack an access point but
you didn't want to sit next to it the entire time, you could drastically
reduce the time spent sitting around suspiciously with your laptop by
prehashing. Hope that answers your question.
spankymcnolan1: I don't crack w.p.a just the routers pin cracking that takes 1minute to 10
hours althouth it needs it enabled for pin authorization wordlists just
take to long even with a g.p.u like hashcat
Dawsonmorph: Best wpa vid I've seen so far, very clear and well put. well done Mr. i'm
now off to crack my own network with this cantenna :)
Justin Hutchens: Yeah, you can still do it. The deauth injection just forces the system off
the WAP so that it has to reconnect. If you can't inject deauth packets,
you will have to wait for either the user or system to reconnect on its
own. Given enough time, it'll happen.
Johnson Doe: It is unlikely that a dictionary would contain that specific password, and
so any dictionary-based attack would not work. However, if your router is
susceptible to WPS hacks (which most routers are) you could just use
reaver. Or try the evil twin method.
Mac Sam: only way to crack it is using rever and wait at least 6 hours :(
Blackhole1686: I have a big problem. I use airodump-ng mon0 and it shows me a list of all
available WAPs and some of the clients (not all). But the Clients aren't
associatet with an bssid. The Probe (essid) is shown correctly, but the
client isn't associated. That why i cant see clients when i look for a
specific bssid. It just appears there, when I areplay that specific client
with de-auth, but when i reconnect as cleint, i don't get the handshake,
because the client then still isn't associated to an bssid.
lars38010: Are you people hack your own computers or other computers -_- ?
Random: im sorry but i dont really understand how this is different from
aircrack..i mean its basicly the same thing under a different name. (both
are dictionary attacks right?) and making a prehashed file takes the same
amount of time as just attacking directly right? could you explain how this
Justin Hutchens: Lot of variables involved there guy. Processing power will have an impact,
but so will the size of the wordlist. And I've never run this on a large
wordlist. There is not much professional demand for wireless pentesting.
These videos (particularly the wireless ones) were just demonstrations of
how the tools work. Even if I had the exact specs of your system and size
of the word list, I'd still just be giving a guess at best. Try it out and
find out. Quit the job if it takes too long.
Justin Hutchens: Thanks for the support Justin. I try to clean up the SPAM at least once a
week. But they keep on coming, lol
Chittu Kudumi: thanks for sharing your experience, I'm afraid that (pre-hashing)
generating "pregendump" file consumes same time as online site attack.
Ofcourse offline attack is really worth-full, but is there a way to fasten
Mac Sam: my wordlist passphrase is not in the dictionary so this gives it no hope
Dynamic4ever90: you r fantastic !!!!!!!!!!
Justin Hutchens: I wouldn't say using genpmk and cowpatty is really faster than aircrack.
Its more just a staging technique. If you aren't in range of an access
point that you want to attack, you can start doing the work with GenPMK.
Also, try CUPP for generating custom dictionary lists...if the generic
one's aren't proving very successful. I've got a video on it too. "Target
Specific Password Cracking with CUPP".
Matt Shepherd: it's taking 2 days to create pregendump file my word list is about 8
gigabytes how long will this take anybody?..
Justin Hutchens: Let me know if you find anything interesting. I could write the program,
but I doubt i have the math skills to create two independent functions that
would produce the same key as the single algorithm. Its things like this
that make me want to do a second bachelors in mathematics.
Justin Wagner: Oi! Get off the rooster you're sitting on and go be an asshole somewhere else.
xbadc0de: what the freak is wrong with your voice? are you crying?
Tsc.ConsultingInc. Mr.: this video is not that clear! your using backtrack in a VM Machine
PackOfWyvern: Thanks! One more thing, what if there arent any EAPOLs in my capture? do i
have to scan for longer? Im trying this on my WPA2 network.
MR.Josh Promjai: hallo brother. i have a big problem , when i put airmon-ng. not have any
thing show me. what it mean ? thank you for your ans !!!
makstukas: yeah he is a noob
Wrong Wahab: could you plz tell me that from where i get a cowpattys ....?
daytona1212: Thank you, this was very helpfull!!
PackOfWyvern: ok so after fiddling a little bit with sending deauth packets I noticed
that I could send them without my Alfa card even being plugged in, is this
supposed to happen or is something else going on?
ANAX ARKANGEL: Salvo si lo vas hacer desde ahí...!!! que además romper una clave WPA Ó
2...ya se ha practicado en demasía...por que no hacer cymothoa y extraer
por otros métodos ya que si en tu diccionario no se encuentra la clave vas
hacerlo difícil o esperaras miles de años...salvo que nazcan los menristor
Anthony Dacey: Excellent tutorial although the genpmk took over 16 hours to generate
against my wordlist which is a little bit bigger than the darkc0de list
infact I stopped the process then ran the crack cowppatty reported no 4 way
handshake found ran the cap file in wireshark and only found 3 way hanshake
ran this through aircrack took just under 4 minutes then imported my genpmk
file in to airolib-ng and created a database ran the crack and took just 1
second a nice learning curve. Thanks
Justin Wagner: No problem mate. I'm trying to get my CEH certs and stuff and when I see
spam on someone who has a CEH well it irritates me XD saying that the tools
we use are fake and then saying that skidrow is popular....makes me want to
puke in my sleep when I see that ;~;
1kekas: thx for the reply... i test handshakes with pyrit and cowpatty ,, its ok?
PackOfWyvern: would you mind shooting me a pm so i can better keep track of your
Ale Xander: How do i find the password for a wi-fi on windows 7?I don't know
linux....security type is WPA2-PSK.
Zachary Sloan: I got you now. Hey i also wanted to say that your wpa2 cracking video
helped me in mastering aircrack-ng , at least the part that is important.
If it wasn't for your video i would've never had the patience to learn back
track 5 at all. Thanks a lot man and lookin forward to more videos from
you. Later man.
setniggersfree: I wish i was 20 something again, this is to much to digest. Anyway, thank
you for a great video!
Pr. Nizar: What if your Wifi adapter does not inject (and you're incapable of deauth),
can you still can capture hanshakes? Or is there any techniques to
bruteforce without the handshake?
Mac Sam: Fu is for wpa only
Speed Cracking WPA & WPA2 with CowPatty and Genpmk4.8
out of 5