Skip to main content

Cracking WPA-PSK secured Wireless Networks

WiFi Hacking part - WPA-PSK cracking. The text about cracking WPA coding is an alternative to the classic process (dictionary atack - cracking WPA key with Aircrack-ng and wordlist). I have used Cowpatty, John the Ripper and genPMK. Additionaly to the pentest you can get hash at Lostboxen (6GB) or at Shmoo (35GB) and wordlist for generating your own control sums..

After dowloading and decompressing the hashe (having a weaker processor might take a while :) are available by random browser of system files. You can use the way to the file in the folder where it is saved or it can be copied to the place where you are going to test it.

When using this technique PSK crack is not a dictionary atack but a comparison of control sums. I am mentioning the dictionary it self because of two reasons. The possibility of a dictionary atack exists all the time and somebody still enjoys the classic way :) The other more interesting possibility is to generate your own hashe by the tool genPMK. After the compilation Cowpatty you will find the application in the same folder. Before the compilation make sure that you have in the system the packet openSSL. Otherwise the compilation will fail.

Cowpatty
Cowpatty is a small application that works with hash. It knows stdin and stdout. The procedure is easy and not difficult. After catching handshake and identyfing the producer of Access Point (in case that AP is not signalizing ESSID and is set up defaultly or ESSID, copy (the path) or the correct hash into the folder where you are going to run the crack. Note: Just have a glance at tools MDK, SKA, aFrag.

If the Access Point has the ESSID changed I suggest to generate your own hash by genPMK where you are going to use as an essid the current name. If you have a high quality dictionary you can like this generate all existing passwords.

./genpmk -f dictionary -d test-hash -s ap-essid

and then use hash with cowpatty

./cowpatty -r test.dump -d test-hash -s ap-essid

If you decide to generate your own dictionary you can find useful links here (as well as annotations to the key words in the text) or use Google. Crack WPA with Aircrack-ng and the WEP vulnerability topic is descibed in tutorial Hacking WiFi. Catching handshake is shown in the text Attacking wireless networks. Sniffing is generaly (including examples and applications) described in the text about promiscuity and monitor mode Sniffing networks and data analysis.

Comments

Popular posts from this blog

Test New ALFA-AWUS036H v.2 (1.000mW) VS ALFA-AWUS036H v.1 (500mW)

- Recently emerged the New ALFA-AWUS036H v.2 (1.000mW), and these are the tests. TEST WITH NETSTUMBLER 1) usb da 100mW chipset railink 2) usb da 200mW chipset railink rt73 3) intel 2200 b/g con connettore esterno rp-sma 4) Alfa-AWUS036H 500mW 5) New Alfa-AWUS036H V2 da 1.000mW

Creating A Cheap Bluetooth Sniffer

Many papers and posts on internet forums have commented on the success of turning normal everyday bluetooth USB dongles ($10), into their more powerful counterparts that allow the capturing of packets from the airwaves. These more powerful USB dongles are usually sold at a much higher price ($10,000) together with the software to drive and control these devices. The problems associated with BlueTooth sniffing You cant simply just purchase the dongle with the alternate firmware. There is next to no real opensource packet capture program for the bluetooth protocol. Hardware & Limitations Chipsets: Whats the difference? The chipset of the Bluetooth USB Dongles are very important. Broadcom chipsets are cheap hardware and are deemed unsuitable devices for this paper. But unfortunalty nowadays, every manufacturer seems to prefer putting these chips in their products compared to the more reliable Cambridge Silicon Radio (CSR) chipset. If your lucky enough to find a dongle with a CSR chips...

ALFA-­AWUS036H & ALFA-­AWUS050NH INSTALLING/UPDATING DRIVERS RTL8187, r8187, RT2800usb on UBUNTU

NOTE: For surfing Internet with ALFA-AWUS050NH on Ubuntu Jaunty with rt2870sta driver, you must use the Kernel "2.6.28-11-generic #42-Ubuntu", without change or updates the drivers modules. NOTE: The tutorial is not related to Ubuntu karmic. Driver RTL8187/Stacks-­mac80211 (ref. ALFA-­AWUS036h) ­- These drivers, for surfing Internet, are more stable than r8187, and fully compatible with Network-Manager 0.7 installed by default on Ubuntu 9.04. Network-Manager 0.7 installed by default on Ubuntu 9.04. ­- Supports all encryption without problems. (OPEN, WEP and WPA/WPA2) ­- With Compat-Wireless, the "injection" working, but for support “Fragmentation attack” (opt. -5) you need to install one patch. - The RX sensitivity and packets injection is less, related to drivers r8187. Driver r8187/Stacks-ieee80211 (ref. ALFA-AWUS036h) - This driver is recommended for use with the Suite of Aircrack-ng, but not particularly suitable for Internet connections, as less stable and disc...