New Online WPA cracking service.

[pureh@te]

I have finally made my wpacracker service public as well. With the recent release of another similar service I decided to implement mine as well. This one is GPU powered rather than cloud computing. This is NOT a guaranteed password crack or a bruteforce. Your cap file is tested against a 540 million word list optimized for WPA.
 
Here is the URL: http://ph33rbot.com/kracker/

[Jano]

Hi,
- I think that in a bit of time, there will be many similar services !!
- This was the first to be published:
http://forum.aircrack-ng.org/index.php?topic=6585.0

Bye Jano

[pureh@te]

I know that one was "Published" first but mine has been up and running for six months. I was inspired to make it public by the release of the other one.

[Zermelo]

Not for nothing, but pureh@te's service will run faster, assuming he's using the full power of the 3 295gtx's which will do about 60000 passwords per second.

So this could go through 135 million passwords in about 35 minutes, faster than the 40 mins advertised by the other service.

[Jano]

- My comment is not meant to be offensive to pureh@te, which contributes for years and shares his knowledge on the Internet.
- It was just a comment on the spread of this wpa-crack online system.
(I hope not to have been misunderstood)

Bye Jano

[SecUpwN]

I have finally made my wpacracker service public as well. With the recent release of another similar service I decided to implement mine as well.

Hey pureh@te, cool to see you around! Hm.. your project seems to be more promising as the one I discovered previously. But just to mention it here: I don´t like the index of the last uploaded capture-files on your site at all. No offense, but if one decides to give your cracker a try, one should also be able to chose whether to keep his data private or not. In my eyes, a very important point. Another question for me is if you are using a compilation of the dictionaries that are already out there or one made with a crawler.

Cheers,

-SecUpwN-

[pureh@te]

That's is a good point. I have been thinking of taking the index down. I figured with nicks and no email it would be okay, however, I see your point.


The dictionary is made up of a little bit of every thing but for the most part it is made with tools that download and crawl sites like wikapedia for example. Most of the dictionaries online a geared towards passwords and not WPA.

WPA is still hard to break. Since I am not in this to make any money I will be honest in saying I currently so far with about 350 captures have had a 33% success rate in decrypting the captures.

In my opinion I would pay 10 dollars to run a cap file any day instead of wasting a ton of time and effort making a 6 gig dictionary and then burning a week of cpu time running it. This is the reason for the service.

[mctiew]

Given that it is only 33% success rate, shouldn't the users be charged upon success ? Honestly I would say many would not have any problem paying for it if it is charged only upon success.

Given the "remoteness" of these service and all kinds of fakes and crooks existing over the internet these days, I would say many would prefer not to be a "sucker" for fake services over the internet.

Cheers.

[pureh@te]

That reasoning doesn't make sense.  The 10 dollars is paid to cover the hosting fees, the electricity (Which is  a lot) and to cover the time me and my partner spend improving it. You are paying 10 dollars to offset a job which might take you anywhere from 3 days to 2 weeks depending on your hardware to a service which can complete it in a few hours.  As far as fake services go, I feel like I have a pretty good reputation around the security world since I have been developing on backtrack for almost 4 years.

I feel like all of this for 10 dollars is a steal and to be honest, 10 dollars doesn't even cover my costs.

If I only charged when the password was found then the service would not even be worth having.

If you don't want to spend a lousy 10 dollars then do the cracks yourself I guess, its not going to hurt my feelings.

[mctiew]

I know your reasoning. However, please, I am not referring to you as a service provider. I am referring to the case of a user coming upon a website providing such a service, in the DEEP SEA OF INTERNET. He is not going to be aware of your credibility in the security world. He is going to put on his usual suspicion mask for a start. How is he going to know for sure a service provider is going to be genuine ? 

A service has to be paid. That we have to recognise. The difference is how you are perceiving it, verses how the users are perceiving it. In any case, it is just my humble opionion that a service has to be rendered according to how the users are going to perceive it, and not according to how the service provider is perceiving it.

In order to recover the costs or to be profitable, then it is a matter of whether it should be 10, 20 or even more. That's is a question of feasibility of the service.

[sleek]

pureh@te,

Might I suggest an idea for your business/service, lower the price.

For example, place 5$ for a .cap check. This type of service is new, people are unaware of what they're getting out of it and are perhaps somewhat reluctant to spend 10$. Is the service worth 10$? Yes, it is, but you have market it first. You need to spread the word to make it appealing and worthwhile.

If you put a 5USD price tag, you will generate more sales and revenue for the fees and time you spend on the project. If someone pays you 5$ and you retrieve his password, he is more likely to return to you and spend an other 5$ than not. You could try "two for one", "buy one get two", "by two get three(4)". At the end of the day, this is a product, and you have to treat it primarily as business and follow a business model to develop it.

Once you establish your product, you may gradually increase prices until they reach their market value and satisfaction for your own work. From there on, its going to be smooth sailing.

I think your project is promising and whats not to like about the execution. Now, you have to focus on business side of aspect.

I guess the question you want ask yourself is: Which is better for me, to get 10$ and check two handshakes, or no 10$ at all?

At least, you can give it a test period and see how it unfolds. I suspect you'll like the end result.

[jmbx1]

I say the price is more than fair. The man isn't making money off the deal.

Also, when you have need to crack something like WPA/WPA2 ... why is that?

Either you have need to know for sure how fast your information can be opened up ... OR .... you have a target in mind, and regardless of your reason, it's important enough to you to have it cracked open or at least to have searched for a service to do so.

Either of those is worth $10 easily. If you just want to play around and try different keys for giggles ... well, gotta pay to play or like he said, wait a few weeks/months depending on your own gear.

[Sethioz]

lame and retarded to ask money for this.
it shows that you are out for money, not to make your tool work properly. opensource is always better than any payed shit, cuz places where you have to pay are always the same, as long as theres income, owner doesnt give a shit if it works or not.
same, i pay and get fucked with not found.

i would probably pay, if you would first add option to check, if password is found, then you have to pay to see it, that would actually make sense.

[pureh@te]

I'm sorry you feel that way. The plain fact is that is costs money to run it properly so I ask a small fee for using it to help me get new hardware and pay the electric bill. I spend more than 10 bucks on lunch every day. As for the fact that I don't maintain it, you clearly didn't read the changelog.

[Jano]

Hi Sethioz,

lame and retarded to ask money for this.
it shows that you are out for money, not to make your tool work properly. opensource is always better than any payed shit, cuz places where you have to pay are always the same, as long as theres income, owner doesnt give a shit if it works or not.
same, i pay and get fucked with not found.

- I am sorry, but this time your language and how to comment on topics I find them offensive and inappropriate.
- I hope and I suggest that Admins take action for this.

Bye Jano