Tuesday, October 6, 2015

WPA/WPA2 cracking using Dictionary attack with Aircrack-ng

WPA cracking involves 2 steps-

  1. Capture the handshake
  2. Crack the handshake to get the password

We have already covered WPA-handshake capture in a lot of detail. In this tutorial we will actually crack a WPA handshake file using dictionary attack. Our tool of choice for this tutorial will be aircrack-ng. We will not bother about the speed of various tools in this post. However, in the next post, we will compare various CPU and GPU algorithms for WPA hash cracking. I'd like to add that I already know the password of the network so I'll simply put it into the dictionary that I'm using. A full fledged dictionary attack is quite time consuming.

Also, a lot of people are facing problems with monitor mode in Kali 2.0. I have a post regarding that coming soon.
PS: If you stumbled on this post out of nowhere and find it hard to follow, I recommend you go through some of the easier posts first. How to use this site is a good place to begin.




My current state

I have already captured a WPA handshake for my Wifi. The password is fairly strong so one can't rely on any dictionary. So just for the sake of this exercise, I'll put the password in the dictionary myself.

My handshake capture


The handshake is captured in a file students2-01.cap (you can name yours whatever you want)

wireshark students2-01.cap
This command can be used to go through the packets captured. We will learn more about Wireshark later. I will guide you through a complete EAPoL 4-way handshake. For this tutorial, lets move on.

My dictionary file

root@kali:~# cat new.txt
firstpass
secondpass
randompass
************ 


The last line has the password.

Action!

root@kali:~# aircrack-ng students2-01.cap -w new.txt

It will ask for index number of target network. Select the network you want to hack.
I chose 13


 It didn't take any time at all considering Aircrack had to check a total of 4 keys!!!
                                 Aircrack-ng 1.2 rc2


                   [00:00:00] 4 keys tested (589.45 k/s)


                           KEY FOUND! [ ***************** ]


      Master Key     : 60 B7 9D 29 26 0F 92 65 ** ** ** ** **

      Transient Key  : 1C F2 23 FE B3 67 ** ** ** *
                      
      EAPOL HMAC     : F9 A1 5D ** ** ** ** **

Standard attacks too slow?

The standard attacks against WPA take too long. There a novel alternative. Using the Evil Twin attack to fool a client into giving you the AP's password. Sounds interesting? Take a look-

Hacking WPA/WPA-2 without dictionary/bruteforce : Fluxion

28 comments:

  1. Is their any other way then dictionary, wps attack or crunching attack to crack WPA? which is more power full on single gpu password crack?
    And what will be hash type of this capture(MD5,3 whatever)?

    ReplyDelete
    Replies
    1. Emails = exploit dot tools4u at gmail dot com
      Wickr = peeterhacks
      TG/ICQ = @killhacks
      WA = +92 317 2721122

      SSN DOB DL FULLZ
      HIGH CREDT SCORES FULLZ
      CC FULZZ WITH CVV
      DUMPS
      EIN FULLZ
      COMBOS
      LOGS
      TOOLS & TUTORIALS
      LOAN METHODS
      MAILERS
      SMS SENDERS
      TAX RETURN FILLING LEADS/PROS
      I.P's/PROXIES
      HACKING TOOLS
      CRDING METHODS

      Emails = exploit dot tools4u at gmail dot com
      Wickr = peeterhacks
      TG/ICQ = @killhacks
      WA = +92 317 2721122

      Delete
  2. Hello guys,
    Tutorial :
    http://softsana.blogspot.com/2015/12/huong-dan-cai-at-cmatrix-kali-linux-20.html

    ReplyDelete
  3. hi i dont know what i do ?plese do you halp me ..

    ReplyDelete
  4. Replies
    1. Stop asking for 'halp' you moron and ask for something specific. Eediot.

      Delete
  5. Attack the pin would do but I keep getting errors

    ReplyDelete
    Replies
    1. I am assuming you are talking about reaver error after running a wash. Sometimes this happens if you do not set a rate. In other words, the AP is not responding or does not have time to respond with a confirm or deny of the random WPS pin reaver is trying. Lower rate so its not a flood attack on AP.

      Delete
  6. Cool post bro i got this thanks.

    ReplyDelete
  7. Hello guys pls help me hack in wpa psk Wi-Fi..

    ReplyDelete
  8. Hey fellas i made a video specifically for wps routers that get locked by reaver. If u ever get that error message like ap rate limiting detected or see wps locked = yes. in wash scan simply watch this video. Please
    Like share and subscribe!
    https://m.youtube.com/watch?v=y3ByYdVJFqg

    ReplyDelete
  9. you will need a Password Dictionary
    you may want to check this
    Best Password Dictionary

    ReplyDelete
  10. Hi Sashwat,

    Thank you for your tutorials really helpful. I have captured a handshake of my own router and I am trying to bruteforce the password, I am using Hashcat with a powerful two graphic cards but I am unable to find the password. I have tried dark0de, rockyou and a couple of other dictionaries I found online. Could you please recommend the best dictionary of default router passwords?

    Cheers

    ReplyDelete
    Replies
    1. There are plenty of huge dictionaries around, but I think you're best off doing a intelligent bruteforce based on what you know about the target (length of password, numeric or alphanumeric, etc.)

      If you want dictionaries-
      https://forums.hak5.org/index.php?/topic/29308-13gb-44gb-compressed-wpa-wpa2-word-list-982963904-words/

      Delete
  11. Man i want a good dictionary for this the links in the forum aren't working....plz help....!!

    ReplyDelete
  12. sir i have mac adrress of netwrok channel and pin reaver nad aircrack is installed also i want to connect with the network ubuntu cammand ????

    ReplyDelete
  13. how to prevent standard attacks against wpa?

    ReplyDelete
  14. I am amazed by the way you have explained things in this article. Many thanks for sharing this useful content. Keep up the good work.
    Quickbooks For Mac

    ReplyDelete
  15. I learned absolutely everything about my question when I read this post, thanks to the author for the detailed description. I wrote my review on the https://essaysservicesreviews.com/greatassignmenthelp-review/ you can go in and read. Thank you very much for your attention and your time.

    ReplyDelete
  16. I have thought so many times of entering the blogging world as I love reading them. I think I finally have the courage to give it a try. Thank you so much for all of the ideas!

    ReplyDelete
  17. The quality of the website's content – Although the website's appearance may be appealing, the content may not be of the quality required by the user in some cases. As a result, you should not only examine the quality of but also the content. In this context, the website write a paper in apa should also include some essential pages that include information about the company, its history, information about the products it offers, a sample of an academic paper for the new client, information about different plans, terms and conditions, the process, information about price range and payment mode, the process in the event of a dispute, and so on.

    ReplyDelete
  18. If you are reading this, you are in luck because you can hire our company buyessay.org review to complete your essay writing assignment.

    ReplyDelete
  19. word hurdle has replaced Wordle 2. It is a six-letter word guessing game in which players get six chances to guess a word.

    ReplyDelete
  20. This is such useful information in this post I have ever seen. Thanks for taking the time to publish it for us. Keep sharing that positive news and updates. This helps us to pay someone to do my online course.

    ReplyDelete
  21. Emails = exploit dot tools4u at gmail dot com
    Wickr = peeterhacks
    TG/ICQ = @killhacks
    WA = +92 317 2721122

    SSN DOB DL FULLZ
    HIGH CREDT SCORES FULLZ
    CC FULZZ WITH CVV
    DUMPS
    EIN FULLZ
    COMBOS
    LOGS
    TOOLS & TUTORIALS
    LOAN METHODS
    MAILERS
    SMS SENDERS
    TAX RETURN FILLING LEADS/PROS
    I.P's/PROXIES
    HACKING TOOLS
    CRDING METHODS

    Emails = exploit dot tools4u at gmail dot com
    Wickr = peeterhacks
    TG/ICQ = @killhacks
    WA = +92 317 2721122

    ReplyDelete
  22. This is an excellent article! I'm looking forward to learning something new from you. Other from that, this site is full with valuable facts. Maintain your wonderful effort in this area. unblocked gamez

    ReplyDelete

© Kali Tutorials, 2016. Unauthorized use and/or duplication of this material without express and written permission from this site’s author and/or owner is strictly prohibited. Excerpts and links may be used, provided that full and clear credit is given to Shashwat Chaudhary and Kali Tutorials with appropriate and specific direction to the original content.
Bitcoin: 1B5aLqJcMW7zznffTxQwta8JTZsxBDPguC