Bruteforce on 10 characters length WPA2 password

  • I'm trying to hack my own WPA2 network for learning purposes.

    I have the *.cap file generated by aircrack-ng tools after a WPA handshake.

    I've tested by including my own password and a bunch of incorrect passwords on a wordlist and aircrack-ng crack successfully. My password is 10 characters length, only uppercase letters and numbers, so I tried generating a wordlist with crunch (10 characters length, uppercase and numbers only):

    $ crunch 10 10 -f charset.lst ualpha-numeric -o wordlist.txt

    But crunch weight estimation was stunning:

    Crunch will now generate the following amount of data: 40217742840692736 bytes
    38354628411 MB
    37455691 GB
    36577 TB
    35 PB
    Crunch will now generate the following number of lines: 3656158440062976

    The wordlist is incredibly big. And I generated the wordlist by having clues about the lenght and characters involved. If I didn't know that It'd be even bigger.

    I guess I know believe that bruteforce attacks on non trivial passwords is impossible, at least with pre generated wordlists.

    Is there a way to let aircrack-ng incrementally crack the password with a given length and charset?

    What other sane options do I have to attack my password?

    You don't need to actually generate those huge files. You can pipe each line like @Anon did.

  • Peleus

    Peleus Correct answer

    8 years ago

    I'd look at OCLHashcat, as it let's you brute force with specific character sets and doesn't need to generate the list beforehand.

    I'm not sure what you mean by "incrementally" however, if you mean stopping and starting OHC will let you do that.

    In terms of cracking WPA2, you've got 3 options.

    1. Dictionary attacks
    2. Reaver attack against WPS (most successful option in majority of cases)
    3. Taking a wrench to the person and beating their password out of them

    Ok, perhaps two options if you're not really wanting that password.

    Brute force, unless you know a lot about the password and it's incredibly stupid (i.e. you know for certain it's an 8 character set of numbers) is going to be a non-starter.

    Don't forget, strictly speaking there "shouldn't" be a way to break the password, so if none of these options seem viable, it just means you've got decent security. There may not be an answer as to how you can do it.

License under CC-BY-SA with attribution

Content dated before 6/26/2020 9:53 AM