Jump to content

Backtrack And Wpa


singh763173

Recommended Posts

Hi all,

So I started messing around with Backtrack today... Not really been too successful in cracking some WPA/WPA2 keys.

I started with my own network and was able to get the handshake and then played with the wordlists (scanned and didnt find anything - entered the key manually into the list and it worked)... that was all very well. So i thought I'd try on a friends network (with permission)... I couldnt get the handshake :( So i tried another.... again couldnt get the handshake. What could I be doing wrong? or What else can I try? Im fairly new to all of this and just to further my own knowledge want to learn how to "crack it" pardon the pun.

I also went on to start thinking about brute forcing the key rather than relying on a wordlist... 9/10 people use A-Z and 1-9 in their keys so i watched some vids on youtube with regards to brute forcing. found that this could be pretty time consuming to say the least...

So I suppose what Im asking is - Anyone fancy showing me the ropes?

Thanks in advance all!

Link to comment
Share on other sites

You need to make sure someone is actually connected to the router, then do the deauth. Its possible you have the handshake in the pcap, but Aircrack couldn't parse it out to find it. If so, you would have to manually pull the data out. See here: http://trac.aircrack-ng.org/ticket/651 and http://forum.aircrack-ng.org/index.php?topic=4054.msg30718#msg30718

However, this also doesn't confirm you have the key, just that it may already be in the pcap. You would have to use something like wireshark to find the handshake to use it in Aircrack, or try feeding the pcap to cowpatty, see if its found.

Link to comment
Share on other sites

Thanks for the links! I shall read up on them both when i get in aswell as cowpatty!

In the cases where I do have the handshake and the cap files (or IVS in some videos ive seen), is there such a thing as brute forcing? and if so, is there anyway of speeding up the process. I have done some brute force attacks in the past using windows and now how time consuming it can be. Or maybe theres another way of pulling the key without the use of answer files? or how would you go about creating an answer file with every possibility of A-Z 0-9, im sure that would produce a huge answer file, but would it take the same amount of time to compute than a brute force?

Link to comment
Share on other sites

Thanks for the links! I shall read up on them both when i get in aswell as cowpatty!

In the cases where I do have the handshake and the cap files (or IVS in some videos ive seen), is there such a thing as brute forcing? and if so, is there anyway of speeding up the process. I have done some brute force attacks in the past using windows and now how time consuming it can be. Or maybe theres another way of pulling the key without the use of answer files? or how would you go about creating an answer file with every possibility of A-Z 0-9, im sure that would produce a huge answer file, but would it take the same amount of time to compute than a brute force?

You are talking about two different things. The handshake is for WPA. IVS are for WEP. WPA can only be cracked via bruteforce, either dictionary attacks or rainbow tables. WEP can be cracked because of a weakness in the protocol and how it handles the encryption, offering only so many permutations, after so many IVS of data captured, one can derive the key in use.

Link to comment
Share on other sites

ahhh, now i understand! im gonna practise some more tonight and tomorrow.

found a little issue, when using jtr i get fopen: john.ini no such file or directory

im assuming its not installed properly, im using BT5 R1 - I tried moving the ini file from the windows release to the /pentest/password/john folder but it doesnt appear to have done anything

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...