So I'm studying to take a job as a pentester, and specifically right now how to crack wpa/wpa2 security. I've been able to use aircrack (well, airodump) to capture a handshake, and I know at this point it's just a matter of cracking the password. I actually know what the password is in this case, and it conforms to the way a lot of wifi passwords are set up... it's just a phrase of a few words strung together, in this case, 3 words strung together. Now obviously I could brute-force it, but it's 12 characters long, and the first is a capital letter, so that's a long process to wait out... so the better approach would be to have a wordlist file... except that this is looking for single words, at least in the case of the file/list generators that I've found so far... are there any programs out there that help you build more complex lists? specifically, one that might say "take all the words that are between 2 and 6 characters long, and create a new file/list that contains combinations of these words that are 12 characters long? It seems like this would be a vast improvement over the brute force method, but while it's easy to find wordlist generators out there, I can't seem to find one that does this concatenation part... I know JtR is excellent for this kind of stuff, but don't know enough about the program, and can't find enough documentation out there to get me started... I know there's an incremental mode for JtR, which might or might not get me closer, but in order to set that up, I'd have to edit the jon.conf file? I think? and while I had no problem running john and piping it into aircrack-ng, I couldn't actually find the config file to see if there were options I could adjust to make it do what I want... ideas?
just an additional piece... it doesn't seem like this wouldn't be out there... coming from a programming background, it doesn't seem like it would be too hard to write a program that would filter a list of words to the smaller ones, and then create a new file of the ones that could be put together at a certain length... which is why I figured it would be easier to look for a tool as opposed to building one...
Aucun commentaire:
Enregistrer un commentaire