GPUHASH.com

Online Wi-Fi wireless networks WPA password cracking service

Add new task

GPUHASH.com is a GPU-based Wi-Fi wireless networks cracking service for penetration testers and network auditors who need to check the security of their own WPA/WPA2-PSK protected wireless networks.

It is widely known that WPA/WPA2-PSK secured networks are vulnerable to dictionary attacks. But running a respectable-sized dictionary over a WPA network handshake on usual PC can take days or weeks. Our service gives you access to a powerful GPU system that will run your handshake capture against a set of wordlist created specifically for WPA passwords. While this job would take weeks on a contemporary dual-core PC, with our service it takes from 10 minutes to several hours depending on wordlists selected.

What do you need to crack Wi-Fi online?

Just upload your WPA handshake to our online service and select proper WPA wordlists. You do not need to register anywhere.

Please note this service is for penetration testing of your own wireless networks only and not for illegal purposes.

We request you not to use this service for cracking others’ passwords and we take no responsibility for that.

Frequently asked questions

Q: What are your dictionary options?

A:We use our custom WPA wordlists which are carefully generated and free of junk and duplicates.
Following wordlists are available at the moment:

• Common 2Gb — well-balanced basic WPA wordlist, includes full 8-digit support and a wide set of common dictionary and alphanumeric passwords. Although it is limited in size, it is capable of fast cracking ~20% of international networks, therefore, we recommend that you always use it first
• Russian 4Gb — custom Russian language wordlist, includes russian names, surnames, russian words in qwerty and translit
• US English 10Gb — large general US English WPA wordlist, recommended for all international networks in addition to Common 2Gb wordlist (contains a lot of common passwords as well)
• 9 digits 10Gb — full nine digits support wordlist
• Multilingual 12Gb — Big multilingual Wikipedia wordlist (50 million words) and common words of european and other languages: Croatian, Czech, Danish, Dutch, Finnish, French, German, Italian, Norwegian, Polish, Portugese, Spanish, Swedish, Turkish, Japanese, Brazilian and a few Yiddish words as well
• Russian Mobile 10Gb — a full set of Russian Mobile numbers
• New! Chinese 4Gb — a lot of Chinese words in Pinyin
• New! Alphanumeric 14Gb — combinatorial alpha-numeric wordlist (8,9 and 10 chars), not based on dictionary words

Q: Why do you miss full 8-10 digits support?

A: Full 8-10 digits password pool will have 10^8+10^9+10^10 = 11,100,000,000 entries which is equivalent to 112Gb text wordlist (ouch!). It will take approximately 10 hours to work out just one ESSID with our current hardware and thus does not seem reasonable. Instead we include full 8-digits support to our free common wordlist, and give you separate 9-digits wordlist option online.

Please contact us for details if you want to work out custom wordlists.

Q: Why do you limit access to large wordlists?

A: Cracking WPA handshakes require costly GPU hardware and a lot of disk storage and electricity. We do not able to run your tasks for free.

Q: You accept bitcoins only, what is it and how to make a payment using bitcoin?

A: Bitcoin is new digital currency that enables instant payments to anyone, anywhere in the world. Bitcoin uses peer-to-peer technology and strong cryptographic algorithms to operate with no central authority. You can learn more at official bitcoin website: www.bitcoin.org

You can also find getting started tutorial and handy examples at www.weusecoins.com

All bitcoin transactions are anonymous so you do not need to register somewhere to make a payment.

Q: I don't want to install Bitcoin client. Is it possible to make Webmoney payment?

A: We accept Bitcoin payments only. But you can use https://btc-e.com online Bitcoin exchange. Just deposit Webmoney funds, buy coins and withdraw required Bitcoin amount directly to our payment address without installing the Bitcoin client software.

Q: Why do you ask me to pay twice?

A: Our service require a lot of electricity and so it is very expensive to run. To reduce total amount we charge you a wordlist scheduling fee ("energy fee") which covers our energy bills, and a result fee which is our (and your) profit. We are interested to make a wordlist scheduling fee as low as possible (and sometimes zero) to obtain more handshakes to work out.

Q: Should I register to your service to obtain results?

A: No, registering is not necessary. We will give you an ID of your task after uploading so you will be able to get your results without registering. You can optionally fill an 'e-mail' field so we can inform you about change of the status of your task.

Q: Do you use Rainbow Tables?

A: Yes we do.

If your lucky ESSID is in our precomputed Rainbow Tables we will work out your task 6-8 times faster.

Q: How do I capture a WPA handshake?

A: We recommend checking out the aircrack-ng tutorial: www.aircrack-ng.org/doku.php?id=cracking_wpa

Video for begginers: www.youtube.com/watch?v=EOJB3heWnyI

Q: What do I do if my capture file is greater than 1MB?

A: You'll need to use Wireshark or something else to export only the handshake to a smaller file. Remember to leave at least one beacon for your target network in there, though, so that the handshake remains associated with the ESSID you're targeting.

Stripping your handshakes with Wireshark:

• Open your capture in Wireshark
• Enter "eapol || wlan.fc.type_subtype == 0x04 || wlan.fc.type_subtype == 0x08" as filter expression (without quotes) then press "Apply"
• Go to File->Save As... menu, enter new file name and select "Displayed" to save filtered packets only

Command-line stripping capture file with pyrit:

pyrit –r <input file> –o <output file> -e <essid> strip

Command-line stripping capture file with tshark:

tshark -r <input file> -R "eapol || wlan.fc.type_subtype == 0x04 || wlan.fc.type_subtype == 0x08" -w <output file>
tshark -r <input file> -R "eapol || wlan_mgt == <bssid>" -w <output file>
tshark -r <input file> -R "eapol || wlan_mgt.tag.interpretation eq <essid>" -w <output file>

Q: How do I contact you?

A: Please use the contact form.

Q: But I use WPA2 so it's cool right?

A: Actually, while WPA2 introduced CCMP mode as a replacement for the problematic TKIP, when run with authentication based on Pre-Shared Keys (PSK), it is still vulnerable to dictionary attacks. Our service works against both WPA and WPA2 when PSK is being used.

Q: What kind of information do you collect from me?

A: All we need is a pcap file with a WPA handshake in it, the ESSID of the network (case sensitive), the BSSID of the network (optional) and a proper wordlist selection. You may leave ESSID field blank and we will try to extract it from your capture automatically (note we will run with first ESSID if you have several in one file). The BSSID field is optional and required in such rare cases as you have several handshakes of several networks with the same ESSID in one capture file.

Q: My handshake was rejected, why?

A: There are may be several reasons:

• You capture file is duplicated.
• Your capture file does not contain at least one valid EAPOL handshake.
• Your capture file does contain valid EAPOL handshakes of several networks, but you left ESSID field blank.
• The ESSID field you entered is not correspond to network's ESSID (note ESSIDs are case sensitive).
• The bug in our software, why not, the service is beta now.

Please contact us and we will check your handshake.

Q: Are you ugly hackers?