[Concept]BruteForce on Mobile Device.

[sythe179]

yea, where'd those come from?

[NextGen1]

Imperva has released a list of the 20 most commonly used (and therefore worst) passwords, culled from a hacking incident that took place in December at RockYou.com, a photo-sharing and slideshow site. Reportedly, 32 million usernames and passwords were breached.

Imperva posted a summary of the passwords, along with advice on how to create stronger passwords.

The most common passwords are as follows. Is yours among them?

123456
12345
123456789
Password
iloveyou
princess
1234567
12345678
abc123
Nicole
Daniel
babygirl
monkey
Jessica
Lovely
michael
Ashley
654321
Qwerty

So out of 32 million ppl, these were the most commonly used passwords.

I read the article last year sometime, I found a snippet by searching just now, just search google for the information,

[doofbla]

I don't wanna be a dog in the manger but sorry that is just that annoying to hear things like BRUTEFORCE -.-.

My opinion for Bruteforce: NEVER NEVER NEVER use Bruteforce if you can search for or invent a better and intelligent algorithm!!!

You can affect such a dramatical speed advantage with using (or finding) better algorithms that you can never get with buying a better pc or so.

Normal Home PCs can try about 80,000,000 key/s and with a 128bit (WEP) key there are
2^128 combinations = 3.40282367 × 10^38

divided by 80,000,000 it would result in
4.25352959 × 10^30s

/2 for average /3600 for hours /24 for days /365 for years
it is:
6.74392692 × 10^22 = 67439269200000000000000 years

good Luck with Bruteforce =)


BUT:
There are ways to get into a WEP secure net in less than 1 min.


I don't wanna support attacks on WEP secure nets these are just information I give you

['Bruno]

what you actually said is the obvious.. not even needed to those maths.

And ofc there is ways.. i posted a example: thc-hydra

[NextGen1]

We all (or most know) of 100's of ways into secure wep, and like my friend Brinuz says, it's obvious, in fact (as I can recall) there are numerous applications for idevice and android devices that allow you to easily enter a secure wep.

Bruteforce may not be practical, but usually effective.

[doofbla]

effective???

that ma friend is definitly not right! Bruteforce is the most uneffective attack that you can do
(if you measure the effectivity on the needed time for a effective attack)

[NextGen1]

effective???

that ma friend is definitly not right! Bruteforce is the most uneffective attack that you can do
(if you measure the effectivity on the needed time for a effective attack)

Ok, Consider this my less then informed friend.

Effective: producing or capable of producing an intended result or having a striking effect.

Practical: concerned with actual use or practice;

Is BruteForce a Effective attack?

Well, that depends, are you attacking a network or attacking a server, or site.

That is the only place where effectiveness can be questioned, the reason, most systems now and days check for a succession of failed password attempts.

But in the question of Network and or Wireless Encryption, then obviously the result is effective by definition.

Other then the proposed theory dubbed "Von Neumann-Landauer Limit" (which states that brute force is not effective with 128bit encryption) However, the thoery can be crushed because WEP uses either 64 bit or 128 bit keys.BUT the keys are not actually in the number of bits proclaimed, since a 24-bit Initialization Vector (IV) is used, which will provide randomness. So the "real key" is actually 40 or 104 bits long and because of the concept of Psudeo Random (the ability for a computer to actual generate a random key) it becomes even easier.

I tested aircrack a while ago to test the WEP on a network at a local church (to test security of network as favor) With airstrike I received a key within seconds (45 to be exact).

When dealing with more elaborate security it may take a day or two, however, (as I stated) it is not practical, but Effective by definition, just ask the thousands upon thousands of PBX boxes compromised last year by port sniffing and brute forcing which lead to nationwide identity and credit card theft. , ask RockYou, ask Yahoo Mail members , ask AT&T who's php ports were sniffed and then access personal information on Idevices. The recent list goes on and on, not to mention the past.

Fact, Brute force is effective, BUT, because of the time it MAY take, it is not practical, which is exactly what I said in a few sentences last post I made, but apparently it required more detail for you to understand.

Sorry about that.

[why06]

Well said. I never got into networking and packet spoofing, but all this talk is getting me insterested. I read a little bit on IP/TCP and apparently there's all these Daemons running in the background which handle communication, but I'd like to read up on packet spoofing, that could prove beneficial to the stuff Im doing right now.

[sythe179]

why06, have a look at a program called WPE pro.
shows the fundamentals of packet-sniffing and editing. (W7 combatable)


well as i said at page 1 and 2, bruteforcing is one way of doing it.
if there are programs for other phones, can you see if theres sorce code to em?
or can you get a copy and see if theres a way to decompile em?

theres a few ways of doing this, and bruteforcing has been astablished as the long-way around.
its effective, but time-consuming. and if you leave that node, you'd have to be able to save what you got upto or you gota do it all again.

another way is dictionary hacking. (or cracking)
not as effective, but less time consuming depending on how big your initial dictionary file is. ther located remotely (not sure about that) or localy on the phone, and could be split up into a group of files for faster cracking if your not always around the node.

packet-sniffing would probably be a bit harder on a phone, but i'v read it is possible.
phreaking as its known i think......could be modify'd to pick up the password checks of a node, but would require like a HEAP of signels to be sent at 1 time. not sure of a 7.5megabit phone could chuck enough out, while also reading that many and saving/displaying them. again, if anybody has any ideas towards these ideas, post away.

^.^