My mate noticed that a widely-used brand of modem/router seems to have a pattern for the default passwords.
His ships with a default that's 5 letters, 4 numbers, 5 letters. All letters lowercase.
Running an appropriate mask for that through hashcat would be ?l?l?l?l?l?d?d?d?d?l?l?l?l?l? - not a quick run but at least doable with a top-end GPU (3080-3090 or 4000 series for example) and at the very least it's better than trying to bruteforce a 14 character combination. If that pattern holds true for others of the same model he can scan for others, nab the handshakes and run them through the same mask rather than a terabyte sized wordlist or guessing.
Has there been any effort to discern the patterns of default passwords in popular routers? A spreadsheet and some community effort could nail down the keyspaces for popular models without an insane amount of effort, I think.
His ships with a default that's 5 letters, 4 numbers, 5 letters. All letters lowercase.
Running an appropriate mask for that through hashcat would be ?l?l?l?l?l?d?d?d?d?l?l?l?l?l? - not a quick run but at least doable with a top-end GPU (3080-3090 or 4000 series for example) and at the very least it's better than trying to bruteforce a 14 character combination. If that pattern holds true for others of the same model he can scan for others, nab the handshakes and run them through the same mask rather than a terabyte sized wordlist or guessing.
Has there been any effort to discern the patterns of default passwords in popular routers? A spreadsheet and some community effort could nail down the keyspaces for popular models without an insane amount of effort, I think.