A cloud service to crack WPA/WPA2

[Hybrid_theory]

Thought this to be interesting. You can use it to test your wireless security. It probably won't work as easily if you use central auth for wireless.

Rest of the article:http://blogs.techrepublic.com.com/security/?p=4097&tag=results;CR1

In 2008, I speculated about the future of distributed security cracking. That future has arrived, in the form of a $17 “cloud” based service provided through the efforts of a security researcher known as Moxie Marlinspike. It is effective against pre-shared key deployments of both WPA and WPA2 wireless networks.

The mechanism used involves captured network traffic, which is uploaded to the WPA Cracker service and subjected to an intensive brute force cracking effort. As advertised on the site, what would be a five-day task on a dual-core PC is reduced to a job of about twenty minutes on average. For the more “premium” price of $35, you can get the job done in about half the time. Because it is a dictionary attack using a predefined 135-million-word list, there is no guarantee that you will crack the WPA key, but such an extensive dictionary attack should be sufficient for any but the most specialized penetration testing purposes.

If you opt to use the service, you will of course leave a money trail via Amazon Payments — which is probably a bad idea if you are attempting to gain unauthorized access to a secured network illegally. For the good guys testing the security of a client’s network, however, this is an incredibly handy tool to have at one’s disposal.

It gets even better. If you try the standard 135-million-word dictionary and do not crack the WPA encryption on your target network, there is an extended dictionary that contains an additional 284 million words. In short, serious brute force wireless network encryption cracking has become a retail commodity.

 

[hat]

They just use a dictionary? Good luck getting in to mine.

 

[Easy Rhino]

yea, the idea of distributed cracking is intriguing, but their setup is fail. no way anybody is getting into mine just by going through a dictionary.

 

[slyfox2151]

yeah this is not brute force as they claim :*(... its also not much faster then running your own crack on Cuda using your high end video card instead of the CPU.




if your using WPA chances are you wont be using a dictionary word if your smart enough... witch pritty much confirms this service would only be usefull to crackers out there who want to abuse it. its worthless to anyone who would use it to test security.

any WPA encription is pritty much uncrackable over 10 charators long using all forms of charactors (!fh24) ect.. it would take months to years with multiple GPUs/CPUs trying to brute force it.



i toyed with cracking my own Wifi routers, trying all forms of WEP WPA WPA2 tkip aes...

 

[VulkanBros]

wait a second....2 month ago I had a network security firm hired to test my company´s wireless networks.

The lowest encryption we use is WPA2 AES/TKIP with a 13 character encryption code.
The highest encryption we use is a mix of radius servers, mac filtering, static ip´s and randomly keys.

WPA2 AES/TKIP: With various packet sniffing and other winky (Linux tools) it took them 13 hours to crack the key.

The high encryption network: The leaved the Linux laptop with all its fabulous tools for 7 days.
They did not succeed .......

And remember - this was a professional network security company

So it sounds to me - that this "cloud" thing is no other than a money machine....

 

[slyfox2151]

wait a second....2 month ago I had a network security firm hired to test my company´s wireless networks.

The lowest encryption we use is WPA2 AES/TKIP with a 13 character encryption code.
The highest encryption we use is a mix of radius servers, mac filtering, static ip´s and randomly keys.

WPA2 AES/TKIP: With various packet sniffing and other winky (Linux tools) it took them 13 hours to crack the key.

The high encryption network: The leaved the Linux laptop with all its fabulous tools for 7 days.
They did not succeed .......

And remember - this was a professional network security company

So it sounds to me - that this "cloud" thing is no other than a money machine....

this cloud is not doing the same thing that your security company did. there are a few different ways to crack WPA2, this is just a simple large word list.
your security company would not have tried to crack it via a password list if it was long and complex. there is simply to many variations... the word list would be MASSIVE.... over petabytes...... (50 million average words in a .txt file comes 300-500mb uncompressed)


the last time i checked, a GTX260 did about 120000 passwords per second... if you had a complex password just 8 charactors long it would take over 1933 years to break.
or if it was not so complex, just letters and numbers, 59 years.

if you clustered a lot of GPUs together then you may get the time to crack down to a resonable scale.

 

[Easy Rhino]

this cloud is not doing the same thing that your security company did.

yes. more than likely the firm ran a shit ton of programs both on and off your network. some were brute force but others were packet sniffing high traffic areas and snooping out local machines that have lame passwords or weak encryption and trying man in the middle attacks on them.

 

[RejZoR]

Good luck with my full ASCII 64 character password

 

[slyfox2151]

Good luck with my full ASCII 64 character password

PFT i could crack that.... gimme a 9MM handgun job done in 5 minutes

if thats not convincing.. take out the Shotgun

 

[razaron]

there're 1.02*10^77 possibilities for my wireles security, and thats using hex. if it was ascii the possible passwords would equal 4.09*10^151. both of these are alot are alot bigger than the meager 370 million word dictionary.

 

[Dark_Webster]

Gosh, it's better to crack it yourself, keep the money even if it takes some days do decipher the password.

 

[Hybrid_theory]

Gosh, it's better to crack it yourself, keep the money even if it takes some days do decipher the password.

$17 is a lot cheaper than having company resources dedicated to running to crack the network. It also takes technician time which can be expensive.

 

[Geofrancis]

i tried the gpu cracking on a 9600gso and it done 6000 per second. with a 8 digit a-z password that come with isp's routers it would take a year.

i was thinking of building a gpu server with 4x 9800gx2's so i could do it in under a month. but lack of funds screwed that up

 

[Easy Rhino]

can't you just set your router to block requests from a mac address after it tried a bunch of times?

 

[Hybrid_theory]

Maybe, depends on the flexibility of the firmware. But if that happened they could spoof their MAC every so often.

 

[Easy Rhino]

Maybe, depends on the flexibility of the firmware. But if that happened they could spoof their MAC every so often.

true, but that would mean it would take a lot longer. it would not be worth it for the cracker and they would just move onto a different target. unless of course you have government secrets on your network

 

[Hybrid_theory]

The thing to keep in mind with this service too, is that you capture traffic for X amount of hours and then send it to the cloud to analyze it and break the key. So preventative measures such as MAC filtering won't work in this situation.

But if an attacker is trying to brute force a wireless network and gets kicked off. Well they could probably integrate into the script to change MAC every so often. Or they would move to another target if financial gain is not enough.

 

[Easy Rhino]

The thing to keep in mind with this service too, is that you capture traffic for X amount of hours and then send it to the cloud to analyze it and break the key. So preventative measures such as MAC filtering won't work in this situation.

But if an attacker is trying to brute force a wireless network and gets kicked off. Well they could probably integrate into the script to change MAC every so often. Or they would move to another target if financial gain is not enough.

hrm, but to capture traffic you have to be on the network unless using a man in the middle attack. but in that case you already have to know a bunch of information about the network.

 

[Hybrid_theory]

Wireless broadcasts beacons and other SSID information packets. So you can basically sniff that stuff for a long time and then analyze it. The service though is that you do this to your own network, and send the data to the cloud.

 

[Disparia]

I don't believe it wouldn't matter. One would only need to grab enough data and have the service (or their own tools) hack away at it. If successful, return and rape the network.

Like WEP, except that WEP fails so fast that you can find a WLAN, sit there, wait for the key to be figured out, then break in.



Edit, heh, a little late hitting the post button.

 

[3volvedcombat]

Just take fits mega reg.

equip it with some 4 GTX 480's

Overclock them just a tad and have them on water cooling

You would have alot of cores for a cluster of processing



but that is still not fast enough so.

but just a though hmmm

 

[Hybrid_theory]

Might be cheaper to buy a bunch of like 5 year old pcs for $200 each and cluster em or something

 

[blkhogan]

PFT i could crack that.... gimme a 9MM handgun job done in 5 minutes

if thats not convincing.. take out the Shotgun

That would work. Until you ran into someone (like me) that has bigger and badder guns waiting.
I had a friend for shits and giggles try and crack my network. He's cracked it before in about 3 days time. He had a dedicated gpu box with 3 or 4 260's working on it. He bet me $100 that he could crack it under 7 days max. Hahahaha.... I won. Still havent seen a dime from him though. Im more than safe in the area I live in. Its a neighborhood of older retired folks.

 

[Hybrid_theory]

That would work. Until you ran into someone (like me) that has bigger and badder guns waiting.
I had a friend for shits and giggles try and crack my network. He's cracked it before in about 3 days time. He had a dedicated gpu box with 3 or 4 260's working on it. He bet me $100 that he could crack it under 7 days max. Hahahaha.... I won. Still havent seen a dime from him though. Im more than safe in the area I live in. Its a neighborhood of older retired folks.

Retired hackers that worked for crimelords in the 80s

 

[claylomax]

Just right now, from my room I can detect 10 WiFi connections: 4 use WPA, 4 use WEP and the other 2 use no security key at all. Most of the people don't know about this and they just set up the router and leave it on a shelf and that's it. By the way they all use the same channels: 1, 6 and 11.