Monday, July 8, 2019

Cracking wifi passwords with wordlists

Wordlists:

ftp://ftp.openwall.com/pub/wordlists/
http://www.openwall.com/mirrors/
https://github.com/danielmiessler/SecLists
http://www.outpost9.com/files/WordLists.html
http://www.vulnerabilityassessment.co.uk/passwords.htm
http://packetstormsecurity.org/Crackers/wordlists/
http://www.ai.uga.edu/ftplib/natural-language/moby/
http://wordlist.sourceforge.net/
https://github.com/berzerk0/Probable-Wordlists
https://weakpass.com/wordlist
https://pypi.org/project/wordlist/
https://packages.debian.org/jessie/wordlist
 
Use crunch to create a wordlist "on-the-fly" (without wasting storage) - pipe that to john with --session option (you can resume the cracking process) and give that to aircrack (-w - // without password list since crunch is creating it)

crunch 8 8 | john --stdin --session=superwifi --stdout | aircrack-ng -b 00:11:22:33:44:55 -w - handshake-Superwifi.cap

Platform:
https://www.parrotsec.org/download-security.php

About John the ripper session parameter usage:

You do not have to leave John running on a (pseudo-)terminal. If running John on a Unix-like system, you can simply disconnect from the server, close your xterm, etc. John will catch the SIGHUP ("hangup" signal) and continue running. Alternatively, you may prefer to start it in the background right away:
 john --wordlist=all.lst --rules mypasswd &
Obviously, the "&" is specific to Unix shells and will not work on most other platforms.
You may further enhance this by specifying a session name:
 john --session=allrules --wordlist=all.lst --rules mypasswd &
This ensures that you won't accidentally interfere with the instance of John running in the background if you proceed to start other sessions.
To view the status of a running session, use:
 john --status
for the default session or:
 john --status=allrules

No comments:

Post a Comment