Jump to content

WPA-PSK Help


oojosheoo
 Share

Recommended Posts

Good morning Hak.5 enthusiast,

Hope everyone had an awesome Halloween. I just had a few questions about WPA-PSK cracking. I followed the episode notes from 3x6. All went well until I had to do the following command:

aircrack-ng -w word.lst -b <AP Mac address> psk*.cap

I understand i need a word list. So i been looking around the internet for one. First ill share my set up leading to my question.

SETUP:

PC: Acer Aspire One

Router: Standard Dlink G with WPA-PSK Password

OS: Backtrack 3 USB

Heres my question. If I find a word list, where would i put the file so aircrack-ng can read it? Is it possible through Backtrack 3 loaded by USB? (I would love to install BT3 on my HDD with XP but MAN!!! i been searching for a decent tutorial but all the ones I've found are very difficult.)

Well hope you guys can help. :)

Link to comment
Share on other sites

In /pentest/wireless/aircrack-ng/test/

there is a file called password.lst which is a sample word lst.

If you were using that file you would use this command

aircrack-ng -w /pentest/wireless/aircrack-ng/test/password.lst -b <AP Mac address> psk*.cap

if you were to download a word list i would suggest either putting on sperate usbdrive or you could try putting it on your harddrive and mounting you hard drive when using the backtrack live cd. The only way to add it to the backtrack 3 live cd it self would be decompileing the user.lzm file in the iso and adding the wordlist and then recompile which would have to be done under backtrack 3 os or another linux distro with lzm decompiling and compiling capablity. But if your just doing pentesting to learn the steps i would suggest adding your password to the test password.lst file.

Good Luck

Link to comment
Share on other sites

Your USB BT3 is a live version right? Where as its like a live CD/DVD but on USB! (That is how I have mine setup)

First get a wordlist...

Once you have a wordlist, you could just place it on your USB drive anywhere (recommend just putting it on the root of your USB drive)

then you can find it in the /mnt folder once you boot up, you should find your usb drive in there in like sdb1 or something like that. locate the wordlist and maybe copy it into your /root folder so you don't have to cd to the /mnt/sdb1 directory when you execute the aircrack-ng command...

cp /mnt/sdb1/wordlist.txt /root

I suspect your probably doing your aircracking from your /root folder.

If your prompt looks like this:

bt ~ #

then you are... you can type "ls" to list the files in that folder, its the same folder where on the desktop there's a shortcut called "Home" opens to...

now lets say instead of having to copy that wordlist into your /root folder everytime you boot, you could create a slax module(.lzm) so that everytime you boot, the wordlist is automatically in your root folder ;)

to do this its simple...

first make a folder which is what you will use to create the lzm file

mkdir /wordlists

now make a folder called "root" inside of the wordlists folder

mkdir /wordlists/root

copy the wordlist(s) into the /wordlists/root folder!

cp /mnt/sdb1/wordlist.txt /wordlists/root

cp /mnt/sdb1/wordlist2.txt /wordlists/root

now your ready to create the .lzm file

cd /

dir2lzm /wordlists wordlists.lzm

now all you have to do is add the wordlists.lzm file into your 'BT3/modules' folder

//again if your usb is not called 'sdb1' then adjust the next line

cp /wordlists.lzm /mnt/sdb1/BT3/modules

now re-boot from your USB drive! What will happen is when booting aside from all the .lzm files it extracts by default, it will also extract your "wordlists.lzm" it extracts all .lzm files to the / folder during boot up.

so suppose your .lzm file contains for example: /root/wordlist.txt

wordlist.txt will now be in the /root folder on after boot! ;)

Thats how easily extensible BT3 is! you can easily add files you want auto-loaded with BT3 just by adding .lzm's to the modules folder!

Here's a guide a made if you need more info, or if you want to install a newer driver thats ready to go upon boot!

http://forums.remote-exploit.org/showthread.php?p=104179

Link to comment
Share on other sites

Your USB BT3 is a live version right? Where as its like a live CD/DVD but on USB! (That is how I have mine setup)

First get a wordlist...

Once you have a wordlist, you could just place it on your USB drive anywhere (recommend just putting it on the root of your USB drive)

then you can find it in the /mnt folder once you boot up, you should find your usb drive in there in like sdb1 or something like that. locate the wordlist and maybe copy it into your /root folder so you don't have to cd to the /mnt/sdb1 directory when you execute the aircrack-ng command...

cp /mnt/sdb1/wordlist.txt /root

I suspect your probably doing your aircracking from your /root folder.

If your prompt looks like this:

bt ~ #

then you are... you can type "ls" to list the files in that folder, its the same folder where on the desktop there's a shortcut called "Home" opens to...

now lets say instead of having to copy that wordlist into your /root folder everytime you boot, you could create a slax module(.lzm) so that everytime you boot, the wordlist is automatically in your root folder ;)

to do this its simple...

first make a folder which is what you will use to create the lzm file

mkdir /wordlists

now make a folder called "root" inside of the wordlists folder

mkdir /wordlists/root

copy the wordlist(s) into the /wordlists/root folder!

cp /mnt/sdb1/wordlist.txt /wordlists/root

cp /mnt/sdb1/wordlist2.txt /wordlists/root

now your ready to create the .lzm file

cd /

dir2lzm /wordlists wordlists.lzm

now all you have to do is add the wordlists.lzm file into your 'BT3/modules' folder

//again if your usb is not called 'sdb1' then adjust the next line

cp /wordlists.lzm /mnt/sdb1/BT3/modules

now re-boot from your USB drive! What will happen is when booting aside from all the .lzm files it extracts by default, it will also extract your "wordlists.lzm" it extracts all .lzm files to the / folder during boot up.

so suppose your .lzm file contains for example: /root/wordlist.txt

wordlist.txt will now be in the /root folder on after boot! ;)

Thats how easily extensible BT3 is! you can easily add files you want auto-loaded with BT3 just by adding .lzm's to the modules folder!

Here's a guide a made if you need more info, or if you want to install a newer driver thats ready to go upon boot!

http://forums.remote-exploit.org/showthread.php?p=104179

WOW Amazing. Thank you so much for the time you put in on your reply. I will try this and let you guys know if went well. Now to just find a Word list ;)

Link to comment
Share on other sites

  • 2 weeks later...

A little off-topic but the wordlist method isn't 100% reliable if the character combination

can't be find a "dictionary" right?

So, can you brute-force a WPA-PSK key?

/gEEEk

Link to comment
Share on other sites

Just in case you guys haven't heard yet, WPA is much easier to crack now:

http://www.itworld.com/security/57285/once...ryption-cracked

If you can inject packets up to 15 was the max needed in testing, you can crack WPA-TKIP, and in most testes even on routers that let you pick between TKIP and AES, they will fall back to TKIP if requested to do so.

This is all put into the latest releases of the Aircrack-NG suite so update time guys.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...