Wednesday, May 28, 2008

Cracking WPA-PSK secured Wireless Networks

WiFi Hacking part - WPA-PSK cracking. The text about cracking WPA coding is an alternative to the classic process (dictionary atack - cracking WPA key with Aircrack-ng and wordlist). I have used Cowpatty, John the Ripper and genPMK. Additionaly to the pentest you can get hash at Lostboxen (6GB) or at Shmoo (35GB) and wordlist for generating your own control sums..

After dowloading and decompressing the hashe (having a weaker processor might take a while :) are available by random browser of system files. You can use the way to the file in the folder where it is saved or it can be copied to the place where you are going to test it.

When using this technique PSK crack is not a dictionary atack but a comparison of control sums. I am mentioning the dictionary it self because of two reasons. The possibility of a dictionary atack exists all the time and somebody still enjoys the classic way :) The other more interesting possibility is to generate your own hashe by the tool genPMK. After the compilation Cowpatty you will find the application in the same folder. Before the compilation make sure that you have in the system the packet openSSL. Otherwise the compilation will fail.

Cowpatty is a small application that works with hash. It knows stdin and stdout. The procedure is easy and not difficult. After catching handshake and identyfing the producer of Access Point (in case that AP is not signalizing ESSID and is set up defaultly or ESSID, copy (the path) or the correct hash into the folder where you are going to run the crack. Note: Just have a glance at tools MDK, SKA, aFrag.

If the Access Point has the ESSID changed I suggest to generate your own hash by genPMK where you are going to use as an essid the current name. If you have a high quality dictionary you can like this generate all existing passwords.

./genpmk -f dictionary -d test-hash -s ap-essid

and then use hash with cowpatty

./cowpatty -r test.dump -d test-hash -s ap-essid

If you decide to generate your own dictionary you can find useful links here (as well as annotations to the key words in the text) or use Google. Crack WPA with Aircrack-ng and the WEP vulnerability topic is descibed in tutorial Hacking WiFi. Catching handshake is shown in the text Attacking wireless networks. Sniffing is generaly (including examples and applications) described in the text about promiscuity and monitor mode Sniffing networks and data analysis.

No comments: