User Controls
Want to be an accesory to cyber crime? (WiFi shenanigans)
-
2017-04-17 at 9:27 AM UTCWell if so, most of the deed is already done. I got bored yesterday and grabbed a bunch of WPA handshakes that were just floating around in the aether. I got a dope little USB WiFi adapter that supports monitoring and injecting packets. In any case i got a couple of handshakes. If you'd like to know which program i used and particularly enjoyed using have a gander over here https://github.com/wi-fi-analyzer/zizzania
So anyway, i got a couple handshakes and i was trying to crack them with Aircrack-ng, the thing is, i used a couple of password lists, up to 1gb worth i think but non had the proper passwords. I even used this shellscript to sort the most relevant packets and data.
I know that's a long ass shellscript but basically it just sorts out the useful WPA handshakes that were captured, saves them to a pcap file and then automatically invokes Aircrack-ng to process the results. Pretty dank IMO.
In any event, from what i know most default AP passwords here look like this.
A5S7ABE8B8I9
The thing is, there is no password list that i know of that has this kind of format. Should i just generate a bunch of lines that look like this randomly? That would be pretty easy with Python i reckon. But it will take a while to get a nice comprehensive list. I would much prefer a pre existing one. Also, bruteforcing is out of the question. 12 character passwords will take a billion years to crack with bruteforce. Hence the reason i am trying to use a dictionary attack.
Anyway, thoughts? -
2017-04-17 at 1:36 PM UTCSo for now i have decided to use Crunch to generate a dictionary based on my criteria. I forgot Crunch was a thing.
-
2017-04-17 at 1:44 PM UTC
Originally posted by Sophie Routers are stupid. That being said, you're probably not getting phished, probably. WiFi deauthentication attack seems way more likely. Perhaps your neighbors are sniffing for WPA handshakes and are trying to expedite the process by sending deauth frames.
A WiFi phishing attack involves deauthenticating the user as well, but you have to set up an evil AP that looks exactly like your AP and then serve some kind of web app or whatever to ask for whatever credentials the attacker wants. Seems like a lot of trouble to do to some random nigga.
Are you fucking with the site? -
2017-04-17 at 2:20 PM UTCHey fucknigger, answer me. Why am I getting weird shit the momemt you start doing weird shit?
-
2017-04-17 at 2:23 PM UTC
Originally posted by RisiR Are you fucking with the site?
Attacking a router or WiFi Access Point is completely different compared to attacking a web application(Like a forum)
Besides, Lanny's Cyber-Fu is formidable. When the forum was in development i helped Lanny out with some security testing and as far as i can tell the whole thing seems pretty secure to me. -
2017-04-17 at 2:26 PM UTC
-
2017-04-17 at 2:34 PM UTC
Originally posted by Sophie Attacking a router or WiFi Access Point is completely different compared to attacking a web application(Like a forum)
Yeah, until you start hitting the router at Lanny's home where he hosts his server.
Originally posted by Sophie Calm the fuck down, you wouldn't notice a fucking thing if i started messing with you.
I haven't noticed you messing with me, but now I'm on to you.
Also, I've read that JohnTheRipper can be piped to aircrack-ng for brute forcing in real time, but I haven't ever gotten it to work properly. -
2017-04-17 at 2:34 PM UTC
Originally posted by Sophie Calm the fuck down, you wouldn't notice a fucking thing if i started messing with you.
You'd notice my foot in your face real quick if you talked to me like that face to face you little bitch. Fuck you.
Now I'm gonna get banned for posting in this shitty subforum. THANK YOU. -
2017-04-17 at 2:51 PM UTC
Originally posted by Ghost Prototype Yeah, until you start hitting the router at Lanny's home where he hosts his server.
Lanny hosts at a hosting company.
Originally posted by Ghost Prototype I haven't noticed you messing with me, but now I'm on to you.
Also, I've read that JohnTheRipper can be piped to aircrack-ng for brute forcing in real time, but I haven't ever gotten it to work properly.
You should pipe crunch instead.
crunch 8 8 abcdefghijklmnopqrstuvwxyz | aircrack-ng -arguments
Also don't worry i am mostly harmless. -
2017-04-17 at 3:19 PM UTC
Originally posted by Sophie Lanny hosts at a hosting company.
You should pipe crunch instead.
crunch 8 8 abcdefghijklmnopqrstuvwxyz | aircrack-ng -arguments
Also don't worry i am mostly harmless.
I'll definitely look into crunch. thanks! Also, I think I should drop Lanny a line. I'd like to start hosting for others and would love some guidance. -
2017-04-17 at 3:22 PM UTC
Originally posted by Ghost Prototype I'll definitely look into crunch. thanks! Also, I think I should drop Lanny a line. I'd like to start hosting for others and would love some guidance.
If you're looking for answers with regards to hosting just post a thread in T&T asking about it. I personally don't know a lot about hosting but we got some knowledgeable tech people here all things considered and i am sure one or two will respond to your questions. -
2017-04-19 at 7:59 AM UTCThe problem is that people these days usually know to use long passwords with numbers injected into them. You're really just searching for that one person that doesn't know.
I've never really gotten into Wi-Fi hacking but I'd suggest using a few good wordlists on a bunch of "hand shakes"(is this what they're called?) rather than modifying your wordless hundreds of times on the same one. -
2017-04-19 at 1:19 PM UTCYes, the hashed password is exchanged between client and AP in what's called the handshake.
WPA is easy to break as well, but requires you stay within range of the AP while executing your attack. Reaver makes it fairly easy. -
2017-04-19 at 1:42 PM UTCHuff Raid, turdstomper. I'll post where I want.
-
2017-04-19 at 5:07 PM UTC
Originally posted by SBTlauien The problem is that people these days usually know to use long passwords with numbers injected into them. You're really just searching for that one person that doesn't know.
I've never really gotten into Wi-Fi hacking but I'd suggest using a few good wordlists on a bunch of "hand shakes"(is this what they're called?) rather than modifying your wordless hundreds of times on the same one.
I do have a bunch of word lists but they seem to not be working. Eh. -
2017-04-19 at 5:11 PM UTC
-
2017-04-19 at 5:25 PM UTC
-
2017-04-19 at 5:30 PM UTC
-
2017-04-19 at 5:34 PM UTC
Originally posted by Sophie This. Also stop alt-posting in my thread Scrawny. T&T is srs bsns remember.
I'm not ghost prototype i swear i think its risir.richard burnish or chris hansen or something man they are gangstalking me plz dont ban me i have only been unbanned like 1 hour im being good scrawny today -
2017-04-19 at 5:42 PM UTC
Originally posted by SCronaldo_J_Trump I'm not ghost prototype i swear i think its risir.richard burnish or chris hansen or something man they are gangstalking me plz dont ban me i have only been unbanned like 1 hour im being good scrawny today
GP is not an alt. But Bearded Faggot is your alt. You posted "Zaint Zattex" in the alt thread with that account.