Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Pen-Test
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [pen-test] WPA-PSK audit

from [Aaron Peterson] Network Security [Permanent Link]
Subject: Re: [pen-test] WPA-PSK audit
Date: Tue, 18 Dec 2007 21:04:29 -0800 

Hi Nikolaj:

In general WPA-PSK cracking is very slow (by several orders of magnitude)
compared to cracking other types of hashing.  Unless the customer is using a
dictionary word or a common password you probably won't be able to crack the
password within the 2-3 hour timeframe you mention.  Aircrack-ng is now much
faster than coWPAtty (for a software only implementation of cracking), but
if you really want good performance I'd check into getting some FPGA
hardware from Pico Computing (http://picocomputing.com/).  If you're doing
professional pen-testing I'd say it's worth the money since they can be used
for multiple purposes.  


A couple other very general suggestions for cracking WPA-PSK in a pen-test
engagement:
        - You can use wigle.net (or just do a drive-by if you're physically
          close) to find the SSIDs for your target customer,
          and before the engagement generate custom rainbow tables with
          genpmk.
        - I've found that taking the time to craft a custom
          dictionary/password list and then generating permutations with the
          john the ripper rules very effective.  You can use things like
          wget -m and wyd to help generate customer or industry specific
          lists.  I'm always surprised at how many customers use permutations
          of their name or the product/group names for passwords (I know
          this isn't WPA-PSK specific, but since cracking it is so slow,
          this becomes more effective than the gains you see in software).


HTH,

Aaron


On Mon, Dec 17, 2007 at 11:17:25PM +0200, Nikolaj wrote:

Hello list,

I'd like to know of any existing tools designed to test the WPA-PSK 
security mode. I know it's more secure than wep with TKIP and so on but I 
wonder if there are any tools that are able to crack the WPA key within a 
reasonable time limit - 2-3 hours? Any ideas and suggestions on WPA 
security will be appreciated.

Kind regards.

------------------------------------------------------------------------
This list is sponsored by: Cenzic

Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!

http://www.cenzic.com/downloads
------------------------------------------------------------------------



------------------------------------------------------------------------
This list is sponsored by: Cenzic

Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!

http://www.cenzic.com/downloads
------------------------------------------------------------------------
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: GCIA, GSEC, GCIH, CISSP, CEH ???, Jason Thompson
Next by Date:  Lotus 1352 NRPC Encryption, Clone
Previous by Thread:  WPA-PSK audit, Nikolaj
Next by Thread:  Re: WPA-PSK audit, DaKahuna
Indexes:  [Date] [Thread] [Top] [All Lists]