WPA / WPA2 PSK Rainbow Tables (n * 4GB)
A while ago I’ve decided that I will create pre-computed hash dictionary to myself saving my expensive time while pentesting poorly-secured networks. What is it, and why is it good? Short version: For pre-defined SSID networks you can create a custom dictionary file which has the passphrases inside, but hashed. Why? Because this can speed up the obtain process of the “lost” WPA/WPA2 key of your access point. By speed up I mean it’s much faster than the original, when using a sinlge plain-texted dictionary for various SSID handshakes.
(More about it: http://wirelessdefence.org/Contents/coWPAttyMain.htm)
These hash files are still “under construction”, but once I’ve finished them I am going to publish each of them. These contain (wait for it…) 100 million passphrases (it’s only an 8 digit number for the top SSID names of the world, but still!) and each file will be approximately 4GB large.
For example:
00000000 //line no. 1
00000001 //line no. 2
…
22439863 //line no. 22.439.864
…
99999999 //line no. 100.000.000
It takes an awful lot of time to precompute one (since genpmk is a single-threaded program which can not use multi cores. Yes, it’s really slow (takes around two weeks to create only ONE file!))
And why 8 digits of passphrases? We all know how lazy most people are, and that they do not even care enough about security nowadays. So if WPAx requires at least 8 characters long password, they will use EXACTLY 8 characters long password. Not in all cases, but in most of them. Thats’s why penetration testers are here. As I mentioned testing these hash files are only for pre-defined SSID names, so our main target in this case are the weak-setup links. For example a linksys access point with 8 characters long password, which FORTUNATELY contains of only number.
While a 4×2 cores CPU with 24G of RAM crack this linksys AP with 3000 passphrases / sec, with pre-calculated hashes this speed can be increase to 200.000 pass / sec. Yeah, there is very little difference right? We can pretty much see the advantages of the PMK’s now.
List (based on this):
| SSID / Download link | dropbox | depositfiles | torrent | screenshot | sample capture |
|---|---|---|---|---|---|
|
|
 |
 |
 |
 |
 |
|
|
|
|
|
 |
|
|
|
|
|
|
 |
|
|
|
|
|
|
 |
|
|
|
|
|
|
 |
|
|
|
|
|
|
 |
|
|
|
|
|
|
 |
|
|
|
|
|
|
 |
|
|
|
|
|
 |
|
|
|
|
|
|
 |
|
|
|
|
|
|
 |
|
|
|
|
|
|
 |
|
|
|
|
|
 |
|
||
|
|
|
 |
|
||
|
|
|
 |
|
||
|
|
|
 |
|
||
|
|
|
 |
|
||
|
|
|
 |
|
||
|
|
|
 |
|
||
|
|
|
 |
|
||
|
|
|
 |
|
||
|
|
|
 |
|
||
| NEW! ↓ | |||||
|
|
9 digit num | 1 bill pass | 40GB size | 32GB compressed | curr state: 100% |
|
|
|
||||
|
|
|
||||
|
|
|
||||
|
|
|
||||
|
|
|
||||
|
|
|
||||
| In progress ↓ | |||||
|
|
|||||
|
|
|||||
|
|
|||||
|
|
The password for each archive is nodeGun_8
Feel free to use it, copy it, distribute it, modify it and whatever you want to do with them. You can find my E-mail address in the About page in case there are any questions or requests.
PS: donate me with a referred dropbox registration (http://db.tt/XDrKMvS8), so i can gain more and more spaces and can keep continue uploading these pesky huge files 
(You have to install the dropbox application as well to make it work!)
If I helped you with my dictionaries, 
Follow me on 
for further updates!
Maybe you should create BitTorrent files or magnets for faster distribution? Just an idea.
Good idea, thank you!
Reblogged this on Connection Reset By Peer and commented:
For those who have are having problems downloading the 33gb file. Our kind friend over at nodegun.wordpress.com has kindly shared his methods and dictionaries. Informative.
Thanks for the effort, appreciate it.
You’re welcome
Thanks for the reblog.
You added torrents. Nice.
I wouldn’t bother with the eduroam ESSID though, as it is a RADIUS-based system for universities and such. No luck there.
True, any suggestions for more commonly used SSID names? I’m out of ideas.
ASUS, , dd-wrt, belkin, wlan-ap, Wireless, wlan, MSHOME, WIRELESS
http://www.wikidevi.com/wiki/Special:Ask?title=Special%3AAsk&q=%5B%5BCategory%3AWireless+embedded+system%5D%5D+%5B%5BDefault+SSID%3A%3A~*%5D%5D&po=%3FDefault+SSID%3FDefault+SSID+regex&sort%5B0%5D=&order%5B0%5D=ASC&sort_num=&order_num=ASC&eq=yes&p%5Bformat%5D=broadtable&p%5Blimit%5D=500&p%5Boffset%5D=0&p%5Bheaders%5D=show&p%5Bmainlabel%5D=&p%5Blink%5D=all&p%5Bintro%5D=&p%5Boutro%5D=&p%5Bdefault%5D=&eq=yes
The second suggestion is “blank”.
Do I need to rename *.pmk to *.txt in order to get it recognized as a wordlist by Cowpatty?
You don’t need to rename.
If you need help generating the RT, you can email me
Thanks for these rainbow tables, I would suggest you to use mega.co.nz to host these files, dropbox has disabled your account, as a lot of traffic generated by your account, they suck 1