What's new

How To Crack WPA / WPA2

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

thiggins

Mr. Easy
Staff member
Wireless networks secured by WPA / WPA2 can be cracked. But it's not as easy as cracking WEP. [article link]
 
WEP crackin:easy...WPA its solid. how is it done?

im a newbie to this hackin lark really. its them live help vids that got me successful at the WEP crack. with the permition of my neighbour, i had a go of there WEP network and succeeded. Now im tryna do the dreaded WPA network and i cant seem to get it off the ground. i cant even get the 'handshake' thing. Does that only happen when the user is logging on or can it work if there online, period? or doesnt it matter? and how do i know in the program kismet/airodump that they are; going online/online already/not online? ive tried doin the dictionary thing aswell by puttin a text file in root directory called dictionary, filled it up with 5,200 words, one word per start line, used it in the commands and it just says: 'no such directory'. Its doin me nut in! what am i doin wrong? email me @ ash_lee_g@hotmail.com or reply to this thread if u can help. thanx alot...

Ash-Lee
 
Set up a network of your own and play around with the tools. A hour or two to familiarize yourself will help you understand what's going on in the background.
 
The original handshake will happen when one of the users connect to the wifi network (typically, when he start his computer or after a connection loss).

You can check if you captured an handshake by going in wireshark opening the dump files and using the filter eapol.
 
Erm, call me silly but

"..poor little laptop can only crunch about 35 hashes a second.."

is commented at one point, and then:

"..testing 3740 keys took 35 seconds.."

One's 35, the other is 100... So which is correct?
 
hi,crack wpa very difficult to me because want read the password very long time.1 time i read 12hour around 8million key but fail.
now i just focus for wep.very simple to get the key.
i use vmware in windows+usb wifi..no need type command.just type 1,2,3,4 and finish..i can crack around 3 minute..
for newbie can find here Tutorial WEP Cracking In 3 Minute

can someone help me what the best software to read the handshake very fast?i use aircrack but just 200key/second.take long time to read the hankshake.i use dual core processor and aircrack make my notebook cpu 100% usage..helpp...
 
Deauthing a client is a fast way to force an EAPOL handshake.
If by "read" you meant "crack," the fastest method is the Church of WiFi's WPA hash tables, located here. The tables are precomputed hashes of one million passwords, for a thousand of the most common SSIDs.

If your target network isn't one of the thousand SSIDs in the hash tables, you'd have to manually compute the hashes, which is what it sounds like you're doing now. The recently-introduced Pyrit allows hash computation to be performed by CUDA-supporting GPUs (newer Nvidia cards). The current top of the line card, the GTX 280 (~$450), can break 11k keys/second.
 
WPA Help

I've followed the instructions for cracking WPA w/ no clients;
airmon-ng stop...start ....
airodump-ng ....
aireplay-ng -0 5 -a"" ath0
aircrack-ng -w ....

I've never gotten a handshake can someone please help me through the steps.

Thanks
 
Reread the tutorial; you won't find a clientless technique as the handshake is conducted between the client and the AP.
You won't get very far without a client.
 
capturing the handshake

im very new at this, and I dont actually have any of this stuff running...but once a client authenticates, how do you capture the handshake into the .dump file? or does it do it automatically?
 
new at this need help

hey
Can anyone recommend what kind of wireless card to get for my laptop that run the backtrack or Auditor Security Collection? email me at jimmihendrix82@yahoo.com
 
hey
Can anyone recommend what kind of wireless card to get for my laptop that run the backtrack or Auditor Security Collection? email me at jimmihendrix82@yahoo.com

The list of supported devices for BacktTrack is located here.

I'm currently using a Hawking HWUG1 which uses the RT73 chipset - it works right out of the box with BackTrack 3 Final. So far, I've only setup my test AP with WEP to get familiar with the aircrack-ng suite; however, I was able to crack the password I created in less than 1 min. WPA will obviously take longer, but at least I know all the tools support my adapter without having to install updated drivers or patches.

This is another great article - very concise & easy to follow. Thanks again SNB!
 
.

Hi,

Good article, if I'm getting no clients showing up at all when I know there is one connected whats the likely cause?

I have picked up all of the network info like the channel & Encryption type ect but clients always reads 0

I get the below info back from a iwconfig of my network card & if I'm getting as far as seeing the packet count going up and getting the channel info does that mean my card is working OK & is supported?


wlan0 IEEE 802.11g Nickname:""
Mode:Monitor Frequency:2.412 GHz Tx-Power=27 dBm
Retry min limit:7 RTS thr: off Fragment thr=2346 B
Encryption key: off
Power Management: off
Link Quality: 0 Signal level:0 Noise level:0
Rx invalid nwid: 0 Rx invalid crypt:0 Rx invalid frag:0
Tx excessive retries: 0 Invalid misc:0 Missed beacon:0


Thanks for any help,
worto.

edit - I have the Intel(R) PRO/Wireless 3945ABG Network card which doesn't seem to be in the above list - do I need to look at getting another network card?
 
Last edited:
wpa hacking

hello everyone.i am a newbie at this thought id never say it lol. anyways i put in a random password to my next door friends wpa network and got limited connection. it gave me the physical address and ip and subnet but i couldnt get it to give me a ip. so anyways if the user has access to 1 ip can more then one connect to it? dam wish there was a program just click and it hooks ya up lol . well any info i will aprechiate:eek::eek:
 
Online WPA Password Cracker Available

After you capture a WPA/WPA2 handshake you can use the Question Defense Online WPA Password Cracker to run a dictionary attack against the capture. There is a fairly high success rate in cracking WPA/WPA2 passwords since most people use short passwords only reaching 8 characters in length as required by WPA.

If you are unfamiliar with how to capture WPA handshakes there are directions to do so here.
 
@wort

You can test your injection capabilites by using aireplay-ng -9 option by sending packets and waitng for ACKs back. %100 is what should be strived for
 
There's no sure fire bet that WPA/WPA2 can be cracked like this. It's only if the user who setup the target WiFi AP was stupid and set a very weak password. This is opposed to WEP that's crackable regardless of the complexity of the key.

This is why I fire:
head -c 32 /dev/random | sha256sum -b

in a linux console window, for my WPA2 keys.
 
Last edited:
Cracking WPA/WPA2 is Jst DRAMA,

______________________________*_____

Cracking WPA is Jst DRAMA. . Part 1

______________________________*_____

Cracking WPA/WPA2 is highly IMPOSSIBLE.

______________________________*_____

lemme explain you , cracking WPA means jst capturing encrypted information and applying dictionary/wordlist. bt the key should be min 8 to 63 digits in length., so number of possible combinations of 8 digit lenngth password : 218,340,105,584,896 . Is it possible check all des words??


Cracking WPA is jst kind of DRAMA - part 2

______________________________*________

in SOME VIDEOs , ppl are cracking within 1min. how is it POSSIBLE ?

Simple they write the actual PASSWORD in dictionay file( and the file contains very less words ) nd appply this word list ..

thats they show ' WE CRACKED WPA/WPA2 WITH IN 60 SECONDS' .

this is one kind of CH*ATING..

----------------------------------------------
BIG D R A M A , Cracking WPA/WPA2 - part 3

For Suppose , your computer check da 500 keys/second ,

den it will take 218,340,105,584,896/500/60/60 = ??

it will take YEARS to crack the password.. So its better NOT to try..

NB : I am NOT abusing anyone , Jst telling da FACT.

HIGHLY IMPOSSIBLE , CRACKING WPA/WPA2
 
"Cracking WPA/WPA2 is Jst DRAMA," urmm noo

techieguy your post is complete and utter bullsh*t..

1. yes there are (26+26+10)^8 theoretical combinations for a WPA/2 passphrase however the owner of the AP may not have been smart enough to change his passphrase to something like Iiss1337 which contains numbers, lower_alpha and upper_alpha and indeed something longer than 6 chars. it is far more likely, due to human tendencies, to choose a password someone can remember, eg a word with only letters in. which we can cover with a dictionary file!

if the dictionary attack fails we have to resort to brute force.

The if someone has bought a router from a specific ISP eg. sky (im from the uk) then the passphrase is guaranteed (if it hasnt been changed) to contain only upper_alpha characters. i am not sure about other ISPs but i think this is true for sky routers/APs. so the poss combinations is "only" 26^8 (in this specific example).

2. its always good when cracking to use a dictionary file first.... cheaper in terms of electricity and computational power... plus i would be kicking myself if i found out that the APs passphrase was "password" (in any dictionary file) after waiting hours by doing a brute force.

3. 500 k/s is very slow... i can usually achieve around 1000 k/s using my 4gb ram and 2ghz processor speed. p/s will get bigger and bigger the more ram and proc. speed you have.

It is poss to use this along with GPU cracking if you have a graphics card (Nvida, Radeon etc) using a program called pyrit. ive seen people achieve speeds of well over 20,000 p/s and you can speed this up further by using cowpatty which uses procomputed hashes of all the passphrases in a list (could be every poss combination) based on a specific APs BSSID/ESID. This reduces the time to hours :D

also you can pay to have the handshake cracked online (few hours ~$20 last time i checked)

sincerely,
aircrack-ng suite, cowpatty, pyrit, proper penetration-testers and hackers
 
Try gpuhash.com

I have just discovered new online WPA cracking service - gpuhash.com
Amazing true success rate - 20%!
 

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top