Oh baby Crunch crunch! 🌰
First and foremost, we had to know some of the basics.
Crunch is a powerful tool for creating wordlists of any length. It's a simple command line utility and has simple syntax and can easily be adjusted to suit your needs. Beware, though, these lists can be very large and can easily fill an entire hard drive and can take years to get completed if you wanna crack with your PC CPU! I mean it takes time till NEXT BIG BANG!!! So use GPU-clusters instead.
Word lists are just a list of words, you know??! 😂 They are actually the key part of brute force password attacks. For those of you that aren't familiar, a brute force password attack is an attack in which an attacker uses a kind of script usually is written in Python to repeatedly attempt to log into an account. Brute force attacks are not the best way of doing your business because of session timeout configurations defined on most of the servers nowadays.
Your server should block attackers that attempt these attacks, and should report the increased traffic. On the user end, passwords should be more secure and regularly get changed. It's important to understand how the attack is carried out to create and enforce a strong password policy.
Now that you know enough about crunch and word lists let's jump in and use Crunch with Aircrack-ng so we can get rid of the constantly increasing dictionary files used to retrieve WiFi passwords from cap files. When we pipe the output from Crunch with Aircrack-ng the data will be fed directly into Aircrack-ng instead of huge a text file.
Aircrack-ng will be using the input from Crunch for brute forcing the password. This method will save us a lot of energy and time and of course lots of disk space since effective wordlists for brute forcing purposes tend to grow very fast in a short time.
After we captured the 4 way handshake *(call us if you still do not know how to do it!) ,we can link Crunch with Aircrack-ng to break the password.
The following command can be used to start Aircrack-ng with input from Crunch:
crunch 8 8 | aircrack-ng -e [ESSID] -w – [file path to the .cap file]
TRADEMARK LEGAL NOTICE
All product names, logos, and brands are the property of their respective owners in Austria or other countries. All company, product and service names used in this website are for identification purposes only. Pheniix is not affiliated with or an official partner of Cisco, CompTIA,Dimension Data, VMware, Amazon, Microsoft, Certified Ethical Hacker, (ISC)², Juniper, Wireshark, Offensive Security,Google, GNS3, F5, Python, Linux, Java, OpenStack, Vagrant, Ansible, Docker, GIT, Blockchain or other companies. Use of these names, logos, and brands does not imply endorsement. The opinions expressed in Pheniix are personal perspectives and not those of Cisco, Dimension Data or any other company. Pheniix runs as an independent blog.
#IPSEC #SecurityCenter #InfoSec #wordlist #ASASecurityDeviceManagerASDM #CCNASecurity #NationalCyberSecurityAwarenessMonth #Cybersecurity #TechCrunch #bruteforce #Cybercrime #cyberwar #CCNACyberOps #cybersecurity #CyberSecurity #CCNP #CCIE #CCIELab