Wireless networks secured by WPA / WPA2 can be cracked. But it's not as easy as cracking WEP. [article link]
How To Crack WPA / WPA2
- Thread starter thiggins
- Start date
A
Ash-lee
Guest
WEP crackin:easy...WPA its solid. how is it done?
im a newbie to this hackin lark really. its them live help vids that got me successful at the WEP crack. with the permition of my neighbour, i had a go of there WEP network and succeeded. Now im tryna do the dreaded WPA network and i cant seem to get it off the ground. i cant even get the 'handshake' thing. Does that only happen when the user is logging on or can it work if there online, period? or doesnt it matter? and how do i know in the program kismet/airodump that they are; going online/online already/not online? ive tried doin the dictionary thing aswell by puttin a text file in root directory called dictionary, filled it up with 5,200 words, one word per start line, used it in the commands and it just says: 'no such directory'. Its doin me nut in! what am i doin wrong? email me @ [email protected] or reply to this thread if u can help. thanx alot...
Ash-Lee
im a newbie to this hackin lark really. its them live help vids that got me successful at the WEP crack. with the permition of my neighbour, i had a go of there WEP network and succeeded. Now im tryna do the dreaded WPA network and i cant seem to get it off the ground. i cant even get the 'handshake' thing. Does that only happen when the user is logging on or can it work if there online, period? or doesnt it matter? and how do i know in the program kismet/airodump that they are; going online/online already/not online? ive tried doin the dictionary thing aswell by puttin a text file in root directory called dictionary, filled it up with 5,200 words, one word per start line, used it in the commands and it just says: 'no such directory'. Its doin me nut in! what am i doin wrong? email me @ [email protected] or reply to this thread if u can help. thanx alot...
Ash-Lee
U
Unregistered
Guest
Erm, call me silly but
"..poor little laptop can only crunch about 35 hashes a second.."
is commented at one point, and then:
"..testing 3740 keys took 35 seconds.."
One's 35, the other is 100... So which is correct?
"..poor little laptop can only crunch about 35 hashes a second.."
is commented at one point, and then:
"..testing 3740 keys took 35 seconds.."
One's 35, the other is 100... So which is correct?
R
ronnald smith
Guest
hi,crack wpa very difficult to me because want read the password very long time.1 time i read 12hour around 8million key but fail.
now i just focus for wep.very simple to get the key.
i use vmware in windows+usb wifi..no need type command.just type 1,2,3,4 and finish..i can crack around 3 minute..
for newbie can find here Tutorial WEP Cracking In 3 Minute
can someone help me what the best software to read the handshake very fast?i use aircrack but just 200key/second.take long time to read the hankshake.i use dual core processor and aircrack make my notebook cpu 100% usage..helpp...
now i just focus for wep.very simple to get the key.
i use vmware in windows+usb wifi..no need type command.just type 1,2,3,4 and finish..i can crack around 3 minute..
for newbie can find here Tutorial WEP Cracking In 3 Minute
can someone help me what the best software to read the handshake very fast?i use aircrack but just 200key/second.take long time to read the hankshake.i use dual core processor and aircrack make my notebook cpu 100% usage..helpp...
jdabbs
Super Moderator
Deauthing a client is a fast way to force an EAPOL handshake.
If by "read" you meant "crack," the fastest method is the Church of WiFi's WPA hash tables, located here. The tables are precomputed hashes of one million passwords, for a thousand of the most common SSIDs.
If your target network isn't one of the thousand SSIDs in the hash tables, you'd have to manually compute the hashes, which is what it sounds like you're doing now. The recently-introduced Pyrit allows hash computation to be performed by CUDA-supporting GPUs (newer Nvidia cards). The current top of the line card, the GTX 280 (~$450), can break 11k keys/second.
If by "read" you meant "crack," the fastest method is the Church of WiFi's WPA hash tables, located here. The tables are precomputed hashes of one million passwords, for a thousand of the most common SSIDs.
If your target network isn't one of the thousand SSIDs in the hash tables, you'd have to manually compute the hashes, which is what it sounds like you're doing now. The recently-introduced Pyrit allows hash computation to be performed by CUDA-supporting GPUs (newer Nvidia cards). The current top of the line card, the GTX 280 (~$450), can break 11k keys/second.
U
Unregistered
Guest
WPA Help
I've followed the instructions for cracking WPA w/ no clients;
airmon-ng stop...start ....
airodump-ng ....
aireplay-ng -0 5 -a"" ath0
aircrack-ng -w ....
I've never gotten a handshake can someone please help me through the steps.
Thanks
I've followed the instructions for cracking WPA w/ no clients;
airmon-ng stop...start ....
airodump-ng ....
aireplay-ng -0 5 -a"" ath0
aircrack-ng -w ....
I've never gotten a handshake can someone please help me through the steps.
Thanks
U
Unregistered
Guest
capturing the handshake
im very new at this, and I dont actually have any of this stuff running...but once a client authenticates, how do you capture the handshake into the .dump file? or does it do it automatically?
im very new at this, and I dont actually have any of this stuff running...but once a client authenticates, how do you capture the handshake into the .dump file? or does it do it automatically?
U
Unregistered
Guest
new at this need help
hey
Can anyone recommend what kind of wireless card to get for my laptop that run the backtrack or Auditor Security Collection? email me at [email protected]
hey
Can anyone recommend what kind of wireless card to get for my laptop that run the backtrack or Auditor Security Collection? email me at [email protected]
S
sin4me
Guest
The list of supported devices for BacktTrack is located here.
I'm currently using a Hawking HWUG1 which uses the RT73 chipset - it works right out of the box with BackTrack 3 Final. So far, I've only setup my test AP with WEP to get familiar with the aircrack-ng suite; however, I was able to crack the password I created in less than 1 min. WPA will obviously take longer, but at least I know all the tools support my adapter without having to install updated drivers or patches.
This is another great article - very concise & easy to follow. Thanks again SNB!
W
worto03
Guest
.
Hi,
Good article, if I'm getting no clients showing up at all when I know there is one connected whats the likely cause?
I have picked up all of the network info like the channel & Encryption type ect but clients always reads 0
I get the below info back from a iwconfig of my network card & if I'm getting as far as seeing the packet count going up and getting the channel info does that mean my card is working OK & is supported?
Thanks for any help,
worto.
edit - I have the Intel(R) PRO/Wireless 3945ABG Network card which doesn't seem to be in the above list - do I need to look at getting another network card?
Hi,
Good article, if I'm getting no clients showing up at all when I know there is one connected whats the likely cause?
I have picked up all of the network info like the channel & Encryption type ect but clients always reads 0
I get the below info back from a iwconfig of my network card & if I'm getting as far as seeing the packet count going up and getting the channel info does that mean my card is working OK & is supported?
Thanks for any help,
worto.
edit - I have the Intel(R) PRO/Wireless 3945ABG Network card which doesn't seem to be in the above list - do I need to look at getting another network card?
Last edited by a moderator:
S
spankky
Guest
wpa hacking
hello everyone.i am a newbie at this thought id never say it lol. anyways i put in a random password to my next door friends wpa network and got limited connection. it gave me the physical address and ip and subnet but i couldnt get it to give me a ip. so anyways if the user has access to 1 ip can more then one connect to it? dam wish there was a program just click and it hooks ya up lol . well any info i will aprechiate
hello everyone.i am a newbie at this thought id never say it lol. anyways i put in a random password to my next door friends wpa network and got limited connection. it gave me the physical address and ip and subnet but i couldnt get it to give me a ip. so anyways if the user has access to 1 ip can more then one connect to it? dam wish there was a program just click and it hooks ya up lol . well any info i will aprechiate
Online WPA Password Cracker Available
After you capture a WPA/WPA2 handshake you can use the Question Defense Online WPA Password Cracker to run a dictionary attack against the capture. There is a fairly high success rate in cracking WPA/WPA2 passwords since most people use short passwords only reaching 8 characters in length as required by WPA.
If you are unfamiliar with how to capture WPA handshakes there are directions to do so here.
After you capture a WPA/WPA2 handshake you can use the Question Defense Online WPA Password Cracker to run a dictionary attack against the capture. There is a fairly high success rate in cracking WPA/WPA2 passwords since most people use short passwords only reaching 8 characters in length as required by WPA.
If you are unfamiliar with how to capture WPA handshakes there are directions to do so here.
U
Unregistered
Guest
@wort
You can test your injection capabilites by using aireplay-ng -9 option by sending packets and waitng for ACKs back. %100 is what should be strived for
You can test your injection capabilites by using aireplay-ng -9 option by sending packets and waitng for ACKs back. %100 is what should be strived for
There's no sure fire bet that WPA/WPA2 can be cracked like this. It's only if the user who setup the target WiFi AP was stupid and set a very weak password. This is opposed to WEP that's crackable regardless of the complexity of the key.
This is why I fire:
head -c 32 /dev/random | sha256sum -b
in a linux console window, for my WPA2 keys.
This is why I fire:
head -c 32 /dev/random | sha256sum -b
in a linux console window, for my WPA2 keys.
Last edited:
T
techieguy
Guest
Cracking WPA/WPA2 is Jst DRAMA,
______________________________*_____
Cracking WPA is Jst DRAMA. . Part 1
______________________________*_____
Cracking WPA/WPA2 is highly IMPOSSIBLE.
______________________________*_____
lemme explain you , cracking WPA means jst capturing encrypted information and applying dictionary/wordlist. bt the key should be min 8 to 63 digits in length., so number of possible combinations of 8 digit lenngth password : 218,340,105,584,896 . Is it possible check all des words??
Cracking WPA is jst kind of DRAMA - part 2
______________________________*________
in SOME VIDEOs , ppl are cracking within 1min. how is it POSSIBLE ?
Simple they write the actual PASSWORD in dictionay file( and the file contains very less words ) nd appply this word list ..
thats they show ' WE CRACKED WPA/WPA2 WITH IN 60 SECONDS' .
this is one kind of CH*ATING..
----------------------------------------------
BIG D R A M A , Cracking WPA/WPA2 - part 3
For Suppose , your computer check da 500 keys/second ,
den it will take 218,340,105,584,896/500/60/60 = ??
it will take YEARS to crack the password.. So its better NOT to try..
NB : I am NOT abusing anyone , Jst telling da FACT.
HIGHLY IMPOSSIBLE , CRACKING WPA/WPA2
______________________________*_____
Cracking WPA is Jst DRAMA. . Part 1
______________________________*_____
Cracking WPA/WPA2 is highly IMPOSSIBLE.
______________________________*_____
lemme explain you , cracking WPA means jst capturing encrypted information and applying dictionary/wordlist. bt the key should be min 8 to 63 digits in length., so number of possible combinations of 8 digit lenngth password : 218,340,105,584,896 . Is it possible check all des words??
Cracking WPA is jst kind of DRAMA - part 2
______________________________*________
in SOME VIDEOs , ppl are cracking within 1min. how is it POSSIBLE ?
Simple they write the actual PASSWORD in dictionay file( and the file contains very less words ) nd appply this word list ..
thats they show ' WE CRACKED WPA/WPA2 WITH IN 60 SECONDS' .
this is one kind of CH*ATING..
----------------------------------------------
BIG D R A M A , Cracking WPA/WPA2 - part 3
For Suppose , your computer check da 500 keys/second ,
den it will take 218,340,105,584,896/500/60/60 = ??
it will take YEARS to crack the password.. So its better NOT to try..
NB : I am NOT abusing anyone , Jst telling da FACT.
HIGHLY IMPOSSIBLE , CRACKING WPA/WPA2
U
Unregistered
Guest
"Cracking WPA/WPA2 is Jst DRAMA," urmm noo
techieguy your post is complete and utter bullsh*t..
1. yes there are (26+26+10)^8 theoretical combinations for a WPA/2 passphrase however the owner of the AP may not have been smart enough to change his passphrase to something like Iiss1337 which contains numbers, lower_alpha and upper_alpha and indeed something longer than 6 chars. it is far more likely, due to human tendencies, to choose a password someone can remember, eg a word with only letters in. which we can cover with a dictionary file!
if the dictionary attack fails we have to resort to brute force.
The if someone has bought a router from a specific ISP eg. sky (im from the uk) then the passphrase is guaranteed (if it hasnt been changed) to contain only upper_alpha characters. i am not sure about other ISPs but i think this is true for sky routers/APs. so the poss combinations is "only" 26^8 (in this specific example).
2. its always good when cracking to use a dictionary file first.... cheaper in terms of electricity and computational power... plus i would be kicking myself if i found out that the APs passphrase was "password" (in any dictionary file) after waiting hours by doing a brute force.
3. 500 k/s is very slow... i can usually achieve around 1000 k/s using my 4gb ram and 2ghz processor speed. p/s will get bigger and bigger the more ram and proc. speed you have.
It is poss to use this along with GPU cracking if you have a graphics card (Nvida, Radeon etc) using a program called pyrit. ive seen people achieve speeds of well over 20,000 p/s and you can speed this up further by using cowpatty which uses procomputed hashes of all the passphrases in a list (could be every poss combination) based on a specific APs BSSID/ESID. This reduces the time to hours
also you can pay to have the handshake cracked online (few hours ~$20 last time i checked)
sincerely,
aircrack-ng suite, cowpatty, pyrit, proper penetration-testers and hackers
techieguy your post is complete and utter bullsh*t..
1. yes there are (26+26+10)^8 theoretical combinations for a WPA/2 passphrase however the owner of the AP may not have been smart enough to change his passphrase to something like Iiss1337 which contains numbers, lower_alpha and upper_alpha and indeed something longer than 6 chars. it is far more likely, due to human tendencies, to choose a password someone can remember, eg a word with only letters in. which we can cover with a dictionary file!
if the dictionary attack fails we have to resort to brute force.
The if someone has bought a router from a specific ISP eg. sky (im from the uk) then the passphrase is guaranteed (if it hasnt been changed) to contain only upper_alpha characters. i am not sure about other ISPs but i think this is true for sky routers/APs. so the poss combinations is "only" 26^8 (in this specific example).
2. its always good when cracking to use a dictionary file first.... cheaper in terms of electricity and computational power... plus i would be kicking myself if i found out that the APs passphrase was "password" (in any dictionary file) after waiting hours by doing a brute force.
3. 500 k/s is very slow... i can usually achieve around 1000 k/s using my 4gb ram and 2ghz processor speed. p/s will get bigger and bigger the more ram and proc. speed you have.
It is poss to use this along with GPU cracking if you have a graphics card (Nvida, Radeon etc) using a program called pyrit. ive seen people achieve speeds of well over 20,000 p/s and you can speed this up further by using cowpatty which uses procomputed hashes of all the passphrases in a list (could be every poss combination) based on a specific APs BSSID/ESID. This reduces the time to hours
also you can pay to have the handshake cracked online (few hours ~$20 last time i checked)
sincerely,
aircrack-ng suite, cowpatty, pyrit, proper penetration-testers and hackers
U
Unregistered
Guest
Try gpuhash.com
I have just discovered new online WPA cracking service - gpuhash.com
Amazing true success rate - 20%!
I have just discovered new online WPA cracking service - gpuhash.com
Amazing true success rate - 20%!
Similar threads
Latest threads
-
-
GT-BE98 Pro Loses DNS with stock or merlin fw
- Started by revo770
- Replies: 0
-
-
Network Optimization for PUBG Mobile / iPad Pro M4 / ASUS Merlin
- Started by Vint87
- Replies: 0
-
Support SNBForums w/ Amazon
If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!
Sign Up For SNBForums Daily Digest
Get an update of what's new every day delivered to your mailbox. Sign up here!