EH-Net

Ethical Hacking Discussions and Related Certifications => Wireless => Topic started by: V0IDANC3 on January 28, 2009, 07:44:38 PM


Title: WPA-PSK crcking with Elcomsoft
Post by: V0IDANC3 on January 28, 2009, 07:44:38 PM
Hi Guys

any idea on whether it is possible to import .cap files with WPA-PSK hashes into Elcomsoft distributed password recovery., if it is possible can anyone give me any insight Would i have to convert it into another format. After scouring the net all i can see to find is news articles and reviews on the product there is no actual information and the help files are vague. Any help would e appreciated Thanks in advance.

Title: Re: WPA-PSK crcking with Elcomsoft
Post by: xXxKrisxXx on February 04, 2009, 05:02:39 AM
Not exactly sure how to do that but you'd have better luck using SpoonWPA. I'll post a link to it right now. Look Here (http://www.ethicalhacker.net/component/option,com_smf/Itemid,54/topic,3441.msg15947/topicseen,1/#new)

Title: Re: WPA-PSK crcking with Elcomsoft
Post by: V0IDANC3 on February 05, 2009, 07:41:41 PM
Thanks for the reply, i've used SpoonWPA quite a few times before however the inbuilt dictionary attack takes ages to complete, getting the WPA-PSK hash is no problem it's the amount of time taken to crack the PSK that takes countless hours.

Maybe the best way of performing the dictionary attack aside the elcomsoft method is to set up a few BT machines running John and launch the attack that way. Else generate a few rainbow tables with something like rtgen. I would like to test the GPU theory out though as i am interested in the kinds of speeds it will pull.

Title: Re: WPA-PSK crcking with Elcomsoft
Post by: xXxKrisxXx on February 06, 2009, 01:01:45 AM
Your right about the speed of SpoonWPA, it's not the quickest. I believe there was even a thread on here where the discussion was based upon how long is too long for attempting dictionary attacks against WPA. If you end up testing that theory let us know which tools quicker!

Title: Re: WPA-PSK crcking with Elcomsoft
Post by: Jhaddix on February 07, 2009, 07:40:51 AM
Quote from: V0IDANC3 on February 05, 2009, 07:41:41 PM
Thanks for the reply, i've used SpoonWPA quite a few times before however the inbuilt dictionary attack takes ages to complete, getting the WPA-PSK hash is no problem it's the amount of time taken to crack the PSK that takes countless hours.

Maybe the best way of performing the dictionary attack aside the elcomsoft method is to set up a few BT machines running John and launch the attack that way. Else generate a few rainbow tables with something like rtgen. I would like to test the GPU theory out though as i am interested in the kinds of speeds it will pull.

Maybe you could use:

http://www.bindshell.net/tools/johntheripper

Quote
This is an updated version of Ryan Lim's patch for john the ripper to support MPI, in addition to a large number of third party patches to support additional ciphers and such.

MPI allows you to use multiple processors on a single system, or a cluster of systems for cracking passwords using john the ripper. Incredibly useful in these days of multi core processors.

Dont know if you have the resources, nor have i played with MPI yet, just a thought b/c i was on Bindshell today =P

Title: Re: WPA-PSK crcking with Elcomsoft
Post by: Jhaddix on February 07, 2009, 08:06:34 AM
Oops MPI doesnt do dictionary, looks like there was a project that did but i cant find the tool anywhere released.

http://distro.ibiblio.org/pub/linux/distributions/openwall/projects/john/contrib/mpi/2004-pippin/report.pdf

Sorry!


Powered by SMF 1.1.18 | SMF © 2013, Simple Machines
Joomla Bridge by JoomlaHacks.com