just don't get the interest of dictionary

[bphd]

We all know default password of router are completely random like r96ekeo7285ndlz97kh. So why waste time to test a 10 000 combination of dictionary word ? Why don't just pure bruteforce ? It's more accurate, cauz' password haven't any dictionary word

[OnkelM]

Brutefoce is a good option but can take really long to test.

Wordlists works better but you need a good one ore multiple.

I think OP did fetch some ramdom wordlist from Google hence why there are not legal passwords in there like 'pussy"....

WPA passwords are minimum 8 chars long and free hotspots typically use passwords like "12341234", "12345678", "12346789", "11112222" and so on.

Another tip is to use VARiables like the SSID name to form typically passwords like "ASTAR123", "astar123", "president001" or "golddigger1" and so on...

[bphd]

For my router I know it's a complete random password, and this app. aren't do bruteforce, uncrackable

[spmedia]

Check out #20 . This new password list version should yield more results as they are from the Probable Wordlists - WPA Length project.

[bphd]

My router has a really random password, generated, and it hasn't in this dictionary So I search for a bruteforce​

[spmedia]

If you can capture the handshake, there are places online you can upload the handshake to that will attempt to brute-force it for you.

https://gpuhash.me/ https://www.onlinehashcrack.com/wifi-wpa-rsna-psk-crack.php

Additionally, the Fluxion project might be of interest to you. Not related to brute forcing WPA/WPA2 passwords but rather a MITM style approach.

[OnkelM]

@pingo-power I think you don't understand how long a bruteforce attack with random letters+numbers can take so for example with only minimum of 8 chars you have to wait like years to get the right combination.

"Brute Force Calculator

Password Length 8

Keys per second WPA (3100 k/s)

Charset low alphanumeric abcdefghijklmnopqrstuvwxyz0123456789

Get Time To brute force the entire keyspace it will take about 29 years 241 days 17 hours 33 minutes 32 seconds (2901713047668 password combinations"

The other thing is, nowadays when you try to login somewhere and your entry is wrong the system normally will block any further tries. This can happen with wordlists too. To prevent this you would reduce the maximum login tries per second to a minimum.

So an Android application will not be able to even try 3100 logins per seconds because of hardware/software/sockets limitations which increases the time to find your random key to like hundreds of years.

And when add only one more char to find a 9 char long key it will take like 1 thousand years to crack

And in your first post you wrote a random key combination with the length of 19 chars which will, in the fastest possible option, take like 4 quintillion years to crack.

Don't misunderstand me. I too would like to see a bruteforce option in the app. But you have to consider the good and bad side of both attack forms before using. For example a key like "124522zz" is not so common to exist in a word list and would be able to be found with a bruteforce attack. It would even be much better/faster with filter options for the bruteforce attack to limit or use only selected ranges of numbers and chars from the alphabet.

[bphd]

Okay, the default password of my router is KZ2MZEORTXFG (really), and in my country the majority of customer router default password is patterned like that. So my question is about to know if this password figure in the dictionnary or if i have to use quintillon-years bruteforcer ? Thanks 😁

[spmedia]

Like @OnkelM mentioned, it is not worth it to brute-force router passwords like this. It is both a waste of time and waste of resources.

Most modern WPA/WPA2 routers will lock you out or start rate limiting you after 3-4 failed password attempts.

In your scenario, would have a faster and higher rate of success getting router wifi passwords by using a MITM style attack w Fluxion. Additionally, you can grab the WPA handshake and attempt cracking those via brute force.

tl;dr - brute forcing WPA/WPA2 passwords with an app like this is a waste of time and has a very low success rate. Use another tactic.

[bphd]

I search for an Android-compatible attack because i can't have PC for the moment. Your MIDM software and WPS crack are Android compatible ?