Author Message Status: n/a Joined: Fri, 11 Sep 2015 Posts: 66 Team: Reputation: 0 Offline Sat, 28 Jan 2017 @ 21:59:16 Hello all, first time I try to find a wifi pw so sorry if I do nooby things. I have, through airdump on kali linux, got the handshake file called 'completeList.cap' Then, with wireshark, I tried to save the only ones which I thought could be useful.but wireshark let me only save the file with.pcap extension, hope it is ok anyway. That's the 'shortList.pcap' file. And eventually the complete one converted in.hccap. I could not convert the short one because the converter on hashcat website gave me error.

Crack wpa vodafone station. Click here to get file. Cracking wpa wpa2 key using aircrack ng on kali linux. Wpa psk x x is the password of the wireless network. How to crack a wi fi network s wpa password with reaver lifehacker australia. Migliori programmi per trovare le password wi fi. Note that airmon ng has renamed your. Jun 13, 2017. Vodafone Station 2 SHG1500 Unlock dengan kemampuan routing dan bridging serta konfigurasi jaringan yang fleksibel. Router ini mendukung NAT / Firewall dan UPnP QoS. Simple Configuration Via Web Browser; Interactive 3.2' LCD colour screen; Broadband Internet Access up to 24 Mbps (ADSL2+).

The AP name is: Vodafone-34347558 Hope having done things well, otherwire let me know, and I will try to do them better Thank in advance for help! Attachments: to view attachments.

Status: Trusted Joined: Mon, 16 Jan 2017 Posts: 183 Team: Reputation: 170 Offline Sun, 29 Jan 2017 @ 12:08:26 Your shortList capture only contains handshake message 2 and no Beacon frame. It will never convert to HCCAP. The capture needs one Beacon frame and a minimum of two handshake messages, one from STA and one from AP, both containing nonces. The completeList capture looks very poor quality.

Many frames have been missed in capture. You need to get closer, or use a better antenna.

You should strive to capture a complete set of four handshake messages that are all received with close timestamps of each other. If you have gaps of seconds between a set of handshake frames, forget it and try again. Getting a good handshake can be more of an art than a science and it needs practice. In situations of high RF multipath, even moving a short distance can make a big difference to what can be received, but being closer, or having a good directional antenna is usually the answer. Having said all of that, if this is one of those Italian Vodaphone APs with a default key of 24 characters of [a-z0-9], your only real option is to walk over and look at the label to find out the WPA key! BTC: 12QTTgtbSHqxseW2Hnt5qzrngvBRXgTEj4 Status: Trusted Joined: Mon, 16 Jan 2017 Posts: 183 Team: Reputation: 170 Offline Sun, 29 Jan 2017 @ 14:51:42.

.a minimum of two handshake messages, one from STA and one from AP, both containing nonces. Just re-read that again and it is more accurate to say:.a minimum of two handshake messages, one from STA and one from AP, with at least one of them containing a MIC.

BTC: 12QTTgtbSHqxseW2Hnt5qzrngvBRXgTEj4 Status: n/a Joined: Fri, 11 Sep 2015 Posts: 66 Team: Reputation: 0 Offline Tue, 31 Jan 2017 @ 21:34:43 First of all, thank Gort for the advices, and then damn! Yes, it is one of those vodafone wireless I think:S Anyway, these are the full.cap file and the.cap file made from wireshark with EAPOL filter.

I can see in it just message 1 and 2 of 4, so I think I have no chanches, shall I retry to get the handshakes? I can't get closer Attachments: to view attachments. Status: Trusted Joined: Mon, 16 Jan 2017 Posts: 183 Team: Reputation: 170 Offline Tue, 31 Jan 2017 @ 22:37:32 All I can see in the handshake capture is the AP sending handshake message 1 to the station with MAC ac:2b:6e:e2:2f:20. This station is then sending handshake message 2 back to the AP, but the fact that the handshake never progresses further makes me suspicious that the station ac:2b:6e:e2:2f:20 does not even have the correct key and handshake 2 is being silently discarded by the AP. If you are capturing a STA that does not even know the network key, that is not going to help you very much. BTC: 12QTTgtbSHqxseW2Hnt5qzrngvBRXgTEj4 Status: n/a Joined: Fri, 11 Sep 2015 Posts: 66 Team: Reputation: 0 Offline Wed, 01 Feb 2017 @ 21:53:51 Hmmmmm, might it be that there is no client connected to the router so I have no way to deauthenticate it? And if I can ask you, how can i find out what clients are connected to the router? Lg Smart Share Apk Descargar there.

I tried to do it with 'airodump-ng wlan0mon -c X --bssid Y -a' where x is the channel number and the y the mac of the client. Does it also find connected client? I'm not that sure. Status: Trusted Joined: Mon, 16 Jan 2017 Posts: 183 Team: Reputation: 170 Offline Wed, 01 Feb 2017 @ 22:51:01. And if I can ask you, how can i find out what clients are connected to the router? I tried to do it with 'airodump-ng wlan0mon -c X --bssid Y -a' where x is the channel number and the y the mac of the client. Does it also find connected client?

That command looks OK, except that --bssid is your filter for the AP and has to be given the MAC of the AP, not the client. The -a should filter out any unassociated clients, which are not particularly interesting anyway.

Do you know what device has the ac:2b:6e:e2:2f:20 MAC? It is your equipment? I also noticed some EAPOL traffic in your trace for WPS Registrar attempts. Was this from using something like Reaver against the network?

A WPS flaw might be your only chance if the AP has a 24 char [a-z0-9] passphrase. Nothing will brute force that other than a Quantum Computer.

Unfortunately, my own Quantum Computer is tied up, because I am using it for playing Minecraft BTC: 12QTTgtbSHqxseW2Hnt5qzrngvBRXgTEj4 Status: n/a Joined: Fri, 11 Sep 2015 Posts: 66 Team: Reputation: 0 Offline Sat, 04 Feb 2017 @ 12:36:15 I tried it again, the hashcat converter worked this time, so i'm hopeful everything went in the right way. But the word to the Expert I attached the rar. Attachments: to view attachments. Status: Trusted Joined: Mon, 16 Jan 2017 Posts: 183 Team: Reputation: 170 Offline Sat, 04 Feb 2017 @ 19:13:09 Your hccap looks good.

The MIC has been taken from STA handshake message 2, but there is a following AP handshake message 3 which proves that the AP was able to verify the MIC from the STA with the AP passphrase. However, there remains the problem that if this AP has the Vodafone default passphrase it is going to be something like erkglxjdktpdvqqw6ghgiu0z as shown in the attached image for another AP with SSID Vodafone-11567000. Even a 8 character passphrase with [a-z][0-9] would be a serious brute force challenge. A 24 character brute force is absolutely impossible. The Universe will not be around long enough! BTC: 12QTTgtbSHqxseW2Hnt5qzrngvBRXgTEj4 Attachments: to view attachments.

Status: n/a Joined: Fri, 11 Sep 2015 Posts: 66 Team: Reputation: 0 Offline Sat, 04 Feb 2017 @ 21:49:50 Fuck, that's the only AP which has a good wifi reception and the fiber connection But I see in other posts that pw with 8 characters are normally found, isn't that normal? PS: actually there is another AP with a good wifi reception, but airodump never finds clients connected to it Status: n/a Joined: Fri, 11 Sep 2015 Posts: 66 Team: Reputation: 0 Offline Sat, 04 Feb 2017 @ 22:02:32 I tried to google some vodafone wifi password and have seen they have 15 characters. I have no idea if this one is new or old. Status: Trusted Joined: Mon, 16 Jan 2017 Posts: 183 Team: Reputation: 170 Offline Sat, 04 Feb 2017 @ 22:15:21. PS: actually there is another AP with a good wifi reception, but airodump never finds clients connected to it Have you tried Reaver?

I cannot claim to have much luck with the Reaver WPS approach these days, because most routers have been updated to fix any flaws. You might still get lucky and find a poor WPS implementation that will give you a foothold. The latest Reaver has Pixiedust built in that can give another opportunity. The worst that will happen is that you will get a WPS lockout, but Reaver is always worth a try as part of any pentest investigation. BTC: 12QTTgtbSHqxseW2Hnt5qzrngvBRXgTEj4 Status: n/a Joined: Fri, 11 Sep 2015 Posts: 66 Team: Reputation: 0 Offline Sun, 05 Feb 2017 @ 20:31:21 Nothing to do, reaver keeps trying the same pin for times and times. What do you think about decrypting an italian Telecom/Tim router? If you think that's ok, I'm gonna try with it.

Status: Trusted Joined: Mon, 16 Jan 2017 Posts: 183 Team: Reputation: 170 Offline Sun, 05 Feb 2017 @ 20:53:36. What do you think about decrypting an italian Telecom/Tim router? If you think that's ok, I'm gonna try with it. Daemon By Daniel Suarez Pdf To Word. Telecom Italia Mobile? If so, there are many different platfoms deployed for routers and pocket hotspots.

It will definitely need a capture to fingerprint the device, but just the SSID may help initially. BTC: 12QTTgtbSHqxseW2Hnt5qzrngvBRXgTEj4 Status: n/a Joined: Fri, 11 Sep 2015 Posts: 66 Team: Reputation: 0 Offline Sun, 05 Feb 2017 @ 21:35:47 Yes tim is what you just told, time ago, tim was for mobiles while telecom for adsl and home telephome, now they are mergin everything into one. Well, returning on the topic, I just haven't understood what you mean:):) Should I lose time trying to get the handshake or it would be impossibile to bruteforce like for the vodafone? Status: Trusted Joined: Mon, 16 Jan 2017 Posts: 183 Team: Reputation: 170 Offline Sun, 05 Feb 2017 @ 21:51:29.

Well, returning on the topic, I just haven't understood what you mean:):) Should I lose time trying to get the handshake or it would be impossibile to bruteforce like for the vodafone? Yes, you can try to capture a handshake. I do not know yet if bruteforce will be possible or not, but the handshake capture will give me more information about the router. BTC: 12QTTgtbSHqxseW2Hnt5qzrngvBRXgTEj4 Status: n/a Joined: Fri, 11 Sep 2015 Posts: 66 Team: Reputation: 0 Offline Mon, 06 Feb 2017 @ 20:42:00 Hi, I wanted to try this tp_link router before the tim one. What do you think? Attachments: to view attachments. Status: Trusted Joined: Mon, 16 Jan 2017 Posts: 183 Team: Reputation: 170 Offline Mon, 06 Feb 2017 @ 20:54:05 This looks more hopeful The TPLINK could be using a default of 8 characters [0-9A-F] You have also caught a very good handshake BTC: 12QTTgtbSHqxseW2Hnt5qzrngvBRXgTEj4 Status: Trusted Joined: Mon, 16 Jan 2017 Posts: 183 Team: Reputation: 170 Offline Mon, 06 Feb 2017 @ 22:30:29 I tried running an 8 character [0-9A-F] on your TPLINK, but found nothing.

It is either not set with default passphrase, or doesn't use that default pattern after all. The handshake looked rock solid to me, so I have little doubt with that. BTC: 12QTTgtbSHqxseW2Hnt5qzrngvBRXgTEj4 Status: n/a Joined: Fri, 11 Sep 2015 Posts: 66 Team: Reputation: 0 Offline Tue, 07 Feb 2017 @ 08:17:48 The bad luck. Status: Trusted Joined: Mon, 16 Jan 2017 Posts: 183 Team: Reputation: 170 Offline Tue, 07 Feb 2017 @ 08:26:28 I tried again to test the TP-LINK Easy Assistant generated passphrases of 10 characters from [2-9ABCDEFGHJKLMNPQRSTUVWXYZ], but nothing there either. It has probably been set manually and needs more of a wordlist attack, but I guess there could be some Italian influence in there, so something based on an Italian wordlist might be worth trying? BTC: 12QTTgtbSHqxseW2Hnt5qzrngvBRXgTEj4 Status: Trusted Joined: Mon, 16 Jan 2017 Posts: 183 Team: Reputation: 170 Offline Tue, 07 Feb 2017 @ 08:52:15 What are the common telephone and mobile prefixes in Italy and the number lengths? For example, is a landline starting with 0 followed by 9-10 digits [0-9]?

What is the area code where this TP-LINK is located? Something like 011 for Turin? Are mobiles commonly starting with 3 followed by 9 digits [0-9]? Let me know if you can confirm or add anything further from your local knowledge. It all helps to reduce the possible search space.

BTC: 12QTTgtbSHqxseW2Hnt5qzrngvBRXgTEj4 Status: n/a Joined: Fri, 11 Sep 2015 Posts: 66 Team: Reputation: 0 Offline Tue, 07 Feb 2017 @ 17:29:59 Of mobile prefixes there are a lot of: (The first four are the totally most used, dont look at others) landlines prefix here is: 0445 It starts with these four numbers and followed by 6 numbers [0-9] Mobiles have a prefix of 3 numbers (see the upper link) and followed by 6 or 7 numbers [0-9] I don't know what info to add. Maybe they put a birth date? Status: Trusted Joined: Mon, 16 Jan 2017 Posts: 183 Team: Reputation: 170 Offline Tue, 07 Feb 2017 @ 18:27:24 OK, I have tried all landline and mobile number. No luck with any of them. Always worth at try. I will play with some more dictionary permutations. But just to know, isn't there any way of using a bruteforce to generate a full list of letters/numbers combinations and store them in a db, instead of using wordlists?

Something like: aaaaaaaa aaaaaaab aaaaaaac. Ecc you mean using the database as a wordlist. This is called rainbow table cracking and is only possible for certain algorithms like MD5 and SHA.

As far as I know not for WPA. If I helped you, feel free to either +rep or donate below:) 1P56z7UjuFfmVypE8DfHUSodv4LVURzHoq 64 Results - Page 1 of 3.