Aircloud-ng

Also known as cracking on the cloud…

This project is a wireless password recovery application written in python, using over 70 own made, commonly used dictionaries.

Application: https://aircloud-ng.me

Dictionaries: https://aircloud-ng.me/dict.php

about

WPA / WPA2 PSK Rainbow Tables (n * 4GB) (OUTDATED!)

Aircloud-ng online app: https://aircloud-ng.me


A while ago I’ve decided that I will create pre-computed hash dictionary to myself saving my expensive time while pentesting poorly-secured networks. What is it, and why is it good? Short version: For pre-defined SSID networks you can create a custom dictionary file which has the passphrases inside, but hashed. Why? Because this can speed up the obtain process of the “lost” WPA/WPA2 key of your access point. By speed up I mean it’s much faster than the original, when using a sinlge plain-texted dictionary for various SSID handshakes.

(More about it: http://wirelessdefence.org/Contents/coWPAttyMain.htm)

These hash files are still “under construction”, but once I’ve finished them I am going to publish each of them. These contain (wait for it…) 100 million passphrases (it’s only an 8 digit number for the top SSID names of the world, but still!) and each file will be approximately 4GB large.

For example:

00000000  //line no. 1
00000001  //line no. 2

22439863  //line no. 22.439.864

99999999  //line no. 100.000.000

It takes an awful lot of time to precompute one (since genpmk is a single-threaded program which can not use multi cores. Yes, it’s really slow (takes around two weeks to create only ONE file!))

And why 8 digits of passphrases? We all know how lazy most people are, and that they do not even care enough about security nowadays. So if WPAx requires at least 8 characters long password, they will use EXACTLY 8 characters long password. Not in all cases, but in most of them. Thats’s why penetration testers are here. As I mentioned testing these hash files are only for pre-defined SSID names, so our main target in this case are the weak-setup links. For example a linksys access point with 8 characters long password, which FORTUNATELY contains of only number.

While a 4×2 cores CPU with 24G of RAM crack this linksys AP with 3000 passphrases / sec, with pre-calculated hashes this speed can be increase to 200.000 pass / sec. Yeah, there is very little difference right? We can pretty much see the advantages of the PMK’s now.

List (based on this):

  • Internet

  • Ziggo

  • workgroup

  • test

  • ACTIONTEC

  In progress ↓

  • null
SSID / Download link dropbox depositfiles torrent screenshot sample capture
  • Belkin54g
  • dlink
  • linksys
  • smc
  • NETGEAR
  • 3Com
  • ZyXEL
  • home
  • default
  • TP-LINK
  • hpsetup
  • wireless
  • GIGABYTE
  • network
  • WLAN
  • WiFi
  • ASUS
  • D-LINK
  • Office
  • belkin
  • blank
  • Cisco
  • linksys
9 digit num 1 bill pass 40GB size 32GB compressed curr state: 100%
  • SITECOM
  • orange
  • Guest
  • eurospot
  • arescom
  • 101
NEW! ↓
  • Gateway
  • Motorola
  • SpeedStream
  • tsunami

The password for each archive is nodeGun_8

Feel free to use it, copy it, distribute it, modify it and whatever you want to do with them. You can find my E-mail address in the About page in case there are any questions or requests.

Wireless Exploitation

Two years ago I’ve started dealing with wireless stuff, for example of its weaknesses, and its security and penetration testing. Special thanks to the tons of BackTrack5 video tutorials, and also for the Wireless LAN Security and Penetration Testing Megaprimer video series created by Vivek Ramachandran (my favourite lecturer :) ) which is available at http://securitytube.net

And don’t forget to disable the WPS function on your router: