oojosheoo Posted November 1, 2008 Share Posted November 1, 2008 Good morning Hak.5 enthusiast, Hope everyone had an awesome Halloween. I just had a few questions about WPA-PSK cracking. I followed the episode notes from 3x6. All went well until I had to do the following command: aircrack-ng -w word.lst -b <AP Mac address> psk*.cap I understand i need a word list. So i been looking around the internet for one. First ill share my set up leading to my question. SETUP: PC: Acer Aspire One Router: Standard Dlink G with WPA-PSK Password OS: Backtrack 3 USB Heres my question. If I find a word list, where would i put the file so aircrack-ng can read it? Is it possible through Backtrack 3 loaded by USB? (I would love to install BT3 on my HDD with XP but MAN!!! i been searching for a decent tutorial but all the ones I've found are very difficult.) Well hope you guys can help. :) Quote Link to comment Share on other sites More sharing options...
ne3jedi Posted November 2, 2008 Share Posted November 2, 2008 In /pentest/wireless/aircrack-ng/test/ there is a file called password.lst which is a sample word lst. If you were using that file you would use this command aircrack-ng -w /pentest/wireless/aircrack-ng/test/password.lst -b <AP Mac address> psk*.cap if you were to download a word list i would suggest either putting on sperate usbdrive or you could try putting it on your harddrive and mounting you hard drive when using the backtrack live cd. The only way to add it to the backtrack 3 live cd it self would be decompileing the user.lzm file in the iso and adding the wordlist and then recompile which would have to be done under backtrack 3 os or another linux distro with lzm decompiling and compiling capablity. But if your just doing pentesting to learn the steps i would suggest adding your password to the test password.lst file. Good Luck Quote Link to comment Share on other sites More sharing options...
Steve8x Posted November 2, 2008 Share Posted November 2, 2008 Your USB BT3 is a live version right? Where as its like a live CD/DVD but on USB! (That is how I have mine setup) First get a wordlist... Once you have a wordlist, you could just place it on your USB drive anywhere (recommend just putting it on the root of your USB drive) then you can find it in the /mnt folder once you boot up, you should find your usb drive in there in like sdb1 or something like that. locate the wordlist and maybe copy it into your /root folder so you don't have to cd to the /mnt/sdb1 directory when you execute the aircrack-ng command... cp /mnt/sdb1/wordlist.txt /root I suspect your probably doing your aircracking from your /root folder. If your prompt looks like this: bt ~ # then you are... you can type "ls" to list the files in that folder, its the same folder where on the desktop there's a shortcut called "Home" opens to... now lets say instead of having to copy that wordlist into your /root folder everytime you boot, you could create a slax module(.lzm) so that everytime you boot, the wordlist is automatically in your root folder ;) to do this its simple... first make a folder which is what you will use to create the lzm file mkdir /wordlists now make a folder called "root" inside of the wordlists folder mkdir /wordlists/root copy the wordlist(s) into the /wordlists/root folder! cp /mnt/sdb1/wordlist.txt /wordlists/root cp /mnt/sdb1/wordlist2.txt /wordlists/root now your ready to create the .lzm file cd / dir2lzm /wordlists wordlists.lzm now all you have to do is add the wordlists.lzm file into your 'BT3/modules' folder //again if your usb is not called 'sdb1' then adjust the next line cp /wordlists.lzm /mnt/sdb1/BT3/modules now re-boot from your USB drive! What will happen is when booting aside from all the .lzm files it extracts by default, it will also extract your "wordlists.lzm" it extracts all .lzm files to the / folder during boot up. so suppose your .lzm file contains for example: /root/wordlist.txt wordlist.txt will now be in the /root folder on after boot! ;) Thats how easily extensible BT3 is! you can easily add files you want auto-loaded with BT3 just by adding .lzm's to the modules folder! Here's a guide a made if you need more info, or if you want to install a newer driver thats ready to go upon boot! http://forums.remote-exploit.org/showthread.php?p=104179 Quote Link to comment Share on other sites More sharing options...
oojosheoo Posted November 2, 2008 Author Share Posted November 2, 2008 Your USB BT3 is a live version right? Where as its like a live CD/DVD but on USB! (That is how I have mine setup) First get a wordlist... Once you have a wordlist, you could just place it on your USB drive anywhere (recommend just putting it on the root of your USB drive) then you can find it in the /mnt folder once you boot up, you should find your usb drive in there in like sdb1 or something like that. locate the wordlist and maybe copy it into your /root folder so you don't have to cd to the /mnt/sdb1 directory when you execute the aircrack-ng command... cp /mnt/sdb1/wordlist.txt /root I suspect your probably doing your aircracking from your /root folder. If your prompt looks like this: bt ~ # then you are... you can type "ls" to list the files in that folder, its the same folder where on the desktop there's a shortcut called "Home" opens to... now lets say instead of having to copy that wordlist into your /root folder everytime you boot, you could create a slax module(.lzm) so that everytime you boot, the wordlist is automatically in your root folder ;) to do this its simple... first make a folder which is what you will use to create the lzm file mkdir /wordlists now make a folder called "root" inside of the wordlists folder mkdir /wordlists/root copy the wordlist(s) into the /wordlists/root folder! cp /mnt/sdb1/wordlist.txt /wordlists/root cp /mnt/sdb1/wordlist2.txt /wordlists/root now your ready to create the .lzm file cd / dir2lzm /wordlists wordlists.lzm now all you have to do is add the wordlists.lzm file into your 'BT3/modules' folder //again if your usb is not called 'sdb1' then adjust the next line cp /wordlists.lzm /mnt/sdb1/BT3/modules now re-boot from your USB drive! What will happen is when booting aside from all the .lzm files it extracts by default, it will also extract your "wordlists.lzm" it extracts all .lzm files to the / folder during boot up. so suppose your .lzm file contains for example: /root/wordlist.txt wordlist.txt will now be in the /root folder on after boot! ;) Thats how easily extensible BT3 is! you can easily add files you want auto-loaded with BT3 just by adding .lzm's to the modules folder! Here's a guide a made if you need more info, or if you want to install a newer driver thats ready to go upon boot! http://forums.remote-exploit.org/showthread.php?p=104179 WOW Amazing. Thank you so much for the time you put in on your reply. I will try this and let you guys know if went well. Now to just find a Word list ;) Quote Link to comment Share on other sites More sharing options...
gEEEk Posted November 11, 2008 Share Posted November 11, 2008 A little off-topic but the wordlist method isn't 100% reliable if the character combination can't be find a "dictionary" right? So, can you brute-force a WPA-PSK key? /gEEEk Quote Link to comment Share on other sites More sharing options...
mubix Posted November 11, 2008 Share Posted November 11, 2008 Just in case you guys haven't heard yet, WPA is much easier to crack now: http://www.itworld.com/security/57285/once...ryption-cracked If you can inject packets up to 15 was the max needed in testing, you can crack WPA-TKIP, and in most testes even on routers that let you pick between TKIP and AES, they will fall back to TKIP if requested to do so. This is all put into the latest releases of the Aircrack-NG suite so update time guys. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.