A crucial part of checking PC / Network security is having decent sets of wordlists.
There are a lot out there on the net, however a lot are not really worth much and some need a lot of work to make them usable.
Larger wordlists do not always mean better.
ROUTERS / ACCESS POINTS
For checking router logins and passwords, it is always worth your while to first run through the makers default login & passwords.
How to figure out the make of the router ? Well two options have worked for me;
When running Kismet, it will on occasion be able to show the manufacturer of the wireless router.
Open up Kismet (from shell)
Sort by BSSID (type 's' followed by 'b')
"s" --> "b"
Select the network of interest and hit 'enter' to see more details on the network.
If you are in luck the Manufacturer will be shown.
An alternative means is to look up the manufacturer based on the BSSID MAC address.
Get the BSSID mac by using either 'airodump' or Kismet.
The website ; http://www.coffer.com/mac_find/ will allow a lookup of MAC addresses and show you the manufacturer of same.
You can then check the default login / passwords on either;
[if you speak a bit of french ;) ]
This should be your first check before trying time-consuming brute-force cracking with hydra or medusa.
As shown in previous posts, mdk3 can be used to crack hidden ssids. A brute force option is available but in reality takes a loong time for ssids of over 3 or 4 characters.
It takes around 35min to try all printable characters for a 3 character ssid on my test setup.
Having a good wordlist is much better, however if the essid is not in the wordlist.. your outta luck.
There is a custom ssid wordlist based on the Shmoo Groups ssid list for WPA tables, which can be found here;
For instance, I have taken that list and add new ssids which I get when out and about with my trusty old PDA running WifiFofum.
(Now running at over 4000 of SSIDs seen to be used)
Plenty of wordlists can also be found on;
Church of Wifi WPA tables
And of course ...
Google is your friend :)
But what if you want to create a custom made wordlist for a specific job / test ?
I'll try to elaborate a bit more on that in part 2..