|
Search Results
|
| Post |
Author |
Forum |
Replies
[asc]
|
Views |
Posted |
| |
|
Thread: Keyspace List for WPA on Default Routers
Post: RE: Keyspace List for WPA on Default Routers
| Since there are 2.1 billion 599-type passwords and 37^6 ~ 2.6 billion possible 6-character strings, odds are good that there's a 599-type password that starts at any randomly picked 6-char string. So,... |
|
mrfancypants |
User Contributions
|
182 |
305,372 |
07-25-2017, 07:41 AM |
| |
|
Thread: Keyspace List for WPA on Default Routers
Post: RE: Keyspace List for WPA on Default Routers
| I am not sure I even understand your difficulty.
Let's take NVG589 specifically. We have an algorithm that takes in a 64-bit integer 'x' and spits out a 12-letter password:
for n in range(0,6):
... |
|
mrfancypants |
User Contributions
|
182 |
305,372 |
08-15-2017, 02:26 AM |
| |
|
Thread: Keyspace List for WPA on Default Routers
Post: RE: Keyspace List for WPA on Default Routers
| I'm gone for less than a year and you guys have already added 5 more pages!
Let's recap.
* I am easily distracted.
* AT&T firmwares were ridden with holes and backdoors (even I, not a security ... |
|
mrfancypants |
User Contributions
|
182 |
305,372 |
03-13-2018, 01:47 AM |
| |
|
Thread: Keyspace List for WPA on Default Routers
Post: RE: Keyspace List for WPA on Default Routers
| I think I got the rounding in the 589 generator correct now.
Code:
--
void genpass589(uint32_t x, unsigned char *psk) {
static const char CHARSET[] = "abcdefghijkmnpqrstuvwxyz23456789#%+=?";
... |
|
mrfancypants |
User Contributions
|
182 |
305,372 |
03-15-2018, 01:51 PM |
| |
|
Thread: Keyspace List for WPA on Default Routers
Post: RE: Keyspace List for WPA on Default Routers
|
fart-box Wrote: (03-14-2018, 11:08 PM)
--
Acording to my research, regardless of manufacturer or model number, (NVG-589, NVG-599, NVG-510, or 5268ac), all ATT passwords are available from the same gi... |
|
mrfancypants |
User Contributions
|
182 |
305,372 |
03-18-2018, 06:46 AM |
| |
|
Thread: Keyspace List for WPA on Default Routers
Post: RE: Keyspace List for WPA on Default Routers
|
fart-box Wrote: (04-08-2018, 01:17 AM)
--
On a different note, it seems you have no interest in working with the keys I showed you, or in sharing your complete list of known working ATT passwords. If... |
|
mrfancypants |
User Contributions
|
182 |
305,372 |
04-08-2018, 09:50 PM |
| |
|
Thread: Keyspace List for WPA on Default Routers
Post: RE: Keyspace List for WPA on Default Routers
|
taxil Wrote: (04-19-2018, 09:29 PM)
--
Is it possible to identify which model is being used for a ATTXXXXXXX AP from a handshake? Specificlly NVG589 vs NVG599 vs neither?
----UPDATE I found my ans... |
|
mrfancypants |
User Contributions
|
182 |
305,372 |
04-20-2018, 09:52 PM |
| |
|
Thread: Keyspace List for WPA on Default Routers
Post: RE: Keyspace List for WPA on Default Routers
|
fart-box Wrote: (04-16-2018, 01:17 AM)
--
For anyone who is interested, or for anyone who would like to dig deeper, here is my complete list of keys with the passwords they produce.
Code:
--
... |
|
mrfancypants |
User Contributions
|
182 |
305,372 |
04-20-2018, 10:02 PM |
| |
|
Thread: Minimum investment on a descent rig for 16+ character NTLM passwords
Post: RE: Minimum investment on a descent rig for 16+ ch...
| For reference. I've just grabbed a list of 7500 NTLM hashes (which is what you'd dump from a SAM database) from another forum and hit it with my dictionaries using a NVIDIA GeForce 980 Ti.
It took ... |
|
mrfancypants |
Hardware
|
10 |
8,011 |
05-08-2018, 11:02 PM |
| |
|
Thread: Minimum investment on a descent rig for 16+ character NTLM passwords
Post: RE: Minimum investment on a descent rig for 16+ ch...
|
phildo Wrote: (05-08-2018, 11:52 PM)
--
(Sorry if this post is about to go off topic- but now I'm curious!)
Wait- how? Just to make sure- a dictionary is a list of password possibilities ("MyPa5... |
|
mrfancypants |
Hardware
|
10 |
8,011 |
05-09-2018, 12:47 AM |
| |
|
Thread: Unknown salt
Post: Unknown salt
| I have a bunch of MD5 hashes created with an algorithm md5(md5($pass).$salt) where $salt is an unknown 3-character string (different for each hash.)
It seems that there's a semi-undocumented mode -... |
|
mrfancypants |
hashcat
|
5 |
5,390 |
05-21-2017, 02:35 AM |
| |
|
Thread: Unknown salt
Post: RE: Unknown salt
| That would only work for a small number of hashes. Otherwise it'll slow down the attack a lot more than 95^3 (which is why I was hoping for an automated in-memory solution.)
Let's say I have a 100M w... |
|
mrfancypants |
hashcat
|
5 |
5,390 |
05-22-2017, 07:10 AM |
| |
|
Thread: Mask starting with a dash
Post: RE: Mask starting with a dash
| But, as my examples show, hashcat won't honor any attempts to escape the leading dash. If I write '-?d' or \-?d instead of -?d, that $ or \ goes straight into the mask.
And besides, it should be ab... |
|
mrfancypants |
hashcat
|
4 |
3,489 |
05-08-2018, 07:03 PM |
| |
|
Thread: Mask starting with a dash
Post: RE: Mask starting with a dash
|
mrfancypants |
hashcat
|
4 |
3,489 |
05-08-2018, 07:59 PM |
| |
|
Thread: Mask starting with a dash
Post: Mask starting with a dash
| Looks like hashcat has a problem with masks that start with a dash:
Code:
--
e:\hashcat-4.1.0>hashcat64 -O -w 3 -m 0 -a 6 --gpu-temp-disable 66343_left.txt files -?d
hashcat64: unknown option -- ... |
|
mrfancypants |
hashcat
|
4 |
3,489 |
05-08-2018, 09:39 AM |
| |
|
Thread: Hashcat WPA web UI
Post: RE: Hashcat WPA web UI
| It's similar, but much smaller and lighter (300 lines of code), with no dependencies other than python and hashcat, and aimed at Windows.
I'll take a look at yours. |
|
mrfancypants |
User Contributions
|
2 |
4,166 |
04-07-2018, 10:41 PM |
| |
|
Thread: Hashcat WPA web UI
Post: Hashcat WPA web UI
| If you spend enough time cracking WPA passkeys with hashcat, you may have noticed that handling the grabs is a bit of a hassle. You typically do the grabbing on a laptop and it produces .cap files, bu... |
|
mrfancypants |
User Contributions
|
2 |
4,166 |
04-06-2018, 01:03 AM |
