need a massive wordlist please


Recommended Posts

hey can anyone help me I need a massive word list which fits WPA/WPA2 - psk standards .... im pen testing my network and my key is a 10 character hexadecimal (most people would use a basic shared key I know but i thought this would be more of a challenge ) soooo I need a MASSIVE word list... anyone help?

Link to comment
Share on other sites

It's interesting that you mention this, as I'm about to be testing my network sometime in the next week. I've come across this wordlist. How does around 200 million words sound? It's about 128MB to download, but unzipped it hits 800MB.

Link to comment
Share on other sites

A "word" list is not going to help you with a random PSK.. You need a rainbow table for that.

http://en.wikipedia....i/Rainbow_table

Google there is software for creation, there are ones already done -- but 10 characters random that include special, but you say hex so that limits actually very limited keyspace.. your only using A to F and no specials, etc. That is a good length for testing breaking of, etc. But in the real world I would suggest a 20 Character using some from each character set, A-Z,a-z,0-9,#$%^, for your PSK.

A word list is normally common passwords, dictionary type works - some include common substitutions.. But a word list is not what you want if going after a random sort of password.

Keep in mind the SSID is used to salt the hash - so the tables you need to go after psks for wpa/wpa2 need to take this in account.. There are tables that use say the top 1000 ssids, etc. But this again is why you use a UNIQUE SSID!!! Which prevents the use of a rainbow table in going against your psk.

As to 128MB?? Um the tables I know of that use the top 1000 SSIDS are 7GB and that was with only 172k words. The one with 1 million words and 1000 ssids is 33GB ;)

Read that book I gave you SPEhosting!

Link to comment
Share on other sites

It's interesting that you mention this, as I'm about to be testing my network sometime in the next week. I've come across this wordlist. How does around 200 million words sound? It's about 128MB to download, but unzipped it hits 800MB.

haha DOWNLOADING NOW !!!

(having issues downloading it :(

A "word" list is not going to help you with a random PSK.. You need a rainbow table for that.

http://en.wikipedia....i/Rainbow_table

Google there is software for creation, there are ones already done -- but 10 characters random that include special, but you say hex so that limits actually very limited keyspace.. your only using A to F and no specials, etc. That is a good length for testing breaking of, etc. But in the real world I would suggest a 20 Character using some from each character set, A-Z,a-z,0-9,#$%^, for your PSK.

A word list is normally common passwords, dictionary type works - some include common substitutions.. But a word list is not what you want if going after a random sort of password.

Keep in mind the SSID is used to salt the hash - so the tables you need to go after psks for wpa/wpa2 need to take this in account.. There are tables that use say the top 1000 ssids, etc. But this again is why you use a UNIQUE SSID!!! Which prevents the use of a rainbow table in going against your psk.

As to 128MB?? Um the tables I know of that use the top 1000 SSIDS are 7GB and that was with only 172k words. The one with 1 million words and 1000 ssids is 33GB ;)

Read that book I gave you SPEhosting!

I will read the book :'( haha was thinking of making a small java program that will create hexadecimal password list with every possible combination (following standard 64-bit and 128-bit length rules ) with some special characters thrown in on a second list maybe ... cause obviously they can only be certain length sooo :) ......

Link to comment
Share on other sites

Google there is software for creation, there are ones already done --

Instead of just saying "Google.." why dont you go ahead and recommend the software that creates them or links to predefined rainbow tables?

Link to comment
Share on other sites

Because this topic is not really aligned with neowin policy in the first place.. You can discuss security as such, and its one of my favorite topics to be honest!

But a direct link to something that could be used to circumvent someones network.. Yeah not going to do it, I already gave him a great resource for doing what he is wanting to do that clearly would be in violation of neowin rules.. But I did so in a PM.

I gave you the terms you need to do a simple google - this keeps neowin mod happy, everyone wins.

"was thinking of making a small java program that will create hexadecimal password"

Why?? Those would be BAD passwords, you using a limited character set.. Why would you want to do such a thing?

Um WEP uses a specific length HEX KEY (password) if you will -- but you would not want to check everyone with a word list sort of thing. Since I can figure out what KEY is used much faster methods. I am at a loss to why you want to use a HEX based password, as I said before hex only uses A-F, this reduces key space of the passwords -- not good idea.. You want MORE Characters possible that could be in the password, not less.

Link to comment
Share on other sites

Because this topic is not really aligned with neowin policy in the first place.. You can discuss security as such, and its one of my favorite topics to be honest!

But a direct link to something that could be used to circumvent someones network.. Yeah not going to do it, I already gave him a great resource for doing what he is wanting to do that clearly would be in violation of neowin rules.. But I did so in a PM.

I gave you the terms you need to do a simple google - this keeps neowin mod happy, everyone wins.

"was thinking of making a small java program that will create hexadecimal password"

Why?? Those would be BAD passwords, you using a limited character set.. Why would you want to do such a thing?

Um WEP uses a specific length HEX KEY (password) if you will -- but you would not want to check everyone with a word list sort of thing. Since I can figure out what KEY is used much faster methods. I am at a loss to why you want to use a HEX based password, as I said before hex only uses A-F, this reduces key space of the passwords -- not good idea.. You want MORE Characters possible that could be in the password, not less.

A-F 0-9 ;) 10 characters long and all but one are numbers :p also through research it will take a long time to hack such a random string if you start it with F especially if some is using a dictionary hack, this way they have to go through atleast 15million phrases (trust me ) to even get to D -.- then its still got all the numbers to crack ... if anything such a random combo with set parameters makes it easier for me tor remember while making it hard to the attacker.

also I am reading that book you sent me it waffles on a bit a mean this is really a beginners guide lol but its good teaching me a lot about WPA/WPA2 encryptions thanks for the resource!

Link to comment
Share on other sites

I can send you a better book -- clearly its a beginner guide, hence the title ;)

"also through research it will take a long time to hack such a random string"

Not my point to how long you think it will take to break, your keyspace is LIMITED!!, your only using A-F and 0-9, This is a MUCH smaller keyspace than A-z,0-9,Specials --Do the math on how much larger the keyspace is ;)

I am at a loss to how your not grasping this concept??

Your password is the needle in a haystack right.. With the limit you have placed in what can be used in creation of the password, you have made the haystack smaller. Does not matter how big the haystack actually is. The concept I am trying to get across to you is your placing an arbitrary constraint of only using characters in A-f,0-9 as your haystack. Which makes your password much weaker than allowing the same number of characters 10 in a larger haystack A-z,0-9,~!@#$%^&*(_+=)-?>'<"|\{[}].,/ (printable ascii) which would be a MUCH LARGER haystack to find your 10 character needle.

A passwords strength comes down to its entropy, your limiting yours - to make your password as strong as 10 characters using the larger keyspace you would need more characters.. Your 10 character hex is only as strong as 7 characters using my printable ascii space.

Keep in mind when calculating time to break a password, your normally only looking at checking 50% of the total keyspace. Your keyspace is lot smaller than normal printable ascii space.. So why would you want to limit yourself to that space??

Link to comment
Share on other sites

I can send you a better book -- clearly its a beginner guide, hence the title ;)

"also through research it will take a long time to hack such a random string"

Not my point to how long you think it will take to break, your keyspace is LIMITED!!, your only using A-F and 0-9, This is a MUCH smaller keyspace than A-z,0-9,Specials --Do the math on how much larger the keyspace is ;)

I am at a loss to how your not grasping this concept??

Your password is the needle in a haystack right.. With the limit you have placed in what can be used in creation of the password, you have made the haystack smaller. Does not matter how big the haystack actually is. The concept I am trying to get across to you is your placing an arbitrary constraint of only using characters in A-f,0-9 as your haystack. Which makes your password much weaker than allowing the same number of characters 10 in a larger haystack A-z,0-9,~!@#$%^&*(_+=)-?>'<"|\{[}].,/ (printable ascii) which would be a MUCH LARGER haystack to find your 10 character needle.

A passwords strength comes down to its entropy, your limiting yours - to make your password as strong as 10 characters using the larger keyspace you would need more characters.. Your 10 character hex is only as strong as 7 characters using my printable ascii space.

Keep in mind when calculating time to break a password, your normally only looking at checking 50% of the total keyspace. Your keyspace is lot smaller than normal printable ascii space.. So why would you want to limit yourself to that space??

sorry I didnt make my self clear that I understood your point 100% lol I was simply giving reasons as to why I used hex, I did make a 128bit php encryption on a website and the decryption key I dont even know its backed up and saved in secure locations using random keys I hit all over the keyboard including special characters :p dw im not a complete idiot as I have made my self appear I just didn't think I needed to acknowledge the point you made as it is obviously correct.

either way I will be continuing with my research later tonight so I may be asking more questions later haha! for now off to computer mathematics and my java programming lectures !

Link to comment
Share on other sites

This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.