Forum Thread: diconary or brute force

diconary or brute force

I'm trying to crack a WPA with .. What is better? Brute Force or a word list .. if so where can i get a word list?

4 Responses

Try googling "word list" you can even get fancy and prepend adjectives at the front ex. "medical word list" or "pets word list". As for which is better… Try a dictionary attack first, because it is MUCH faster but not nearly as thorough. It just won't work if the original pass is secure at all. A brute force will always work, if you've got the time.. 

My favorite method to this day remains the rainbow table though, because nothing else is quite that fast or easy. If your just messing around and nothing too serious is on the line, I think it's the best option.

Brute Force is the method of compromising the password and a word list and/or rainbow tables would be the data input. You should look at it as a method of last resort because if you are not doing this through a proxy or VPN it looks messy on the server logs, is slow, and if the password is legit (not using words, over 10 chars and using symbols) you are simply chasing the wind. Rainbow tables are a LOT faster (as pointed out above) but based on what you are trying to do, they might not be the best option. Maybe even find a way without having to brute force anything. 

(google FPGA - They build entire swarms of these to force passwords on a hardware level, very speedy)

How far did you get?

edit: clarity 

I hadn't even considered that he was trying to crack this live over the network, I was assuming he sniffed packets and was trying to crack it offline or something.. I dunno, I have basically no knowledge of networking. Is what I said ridiculous, or is that also an option?

Not ridiculous at all as you could attempt this many ways. I was only pointing out that if this target has a moderately well thought up password, it might well be outside the logical range of a bruteforce. 

That being said if the password turns out to be 'potato' it might be a quick night!

And forcing a password from your computer over the interwebs with no protection is asking to be arrested depending on the network. Think of a proxy/VPN/...etc  as a suit of armor. You would not ride off to war without it! 

Share Your Thoughts

  • Hot
  • Active