singh763173 Posted November 21, 2011 Share Posted November 21, 2011 Hi all, So I started messing around with Backtrack today... Not really been too successful in cracking some WPA/WPA2 keys. I started with my own network and was able to get the handshake and then played with the wordlists (scanned and didnt find anything - entered the key manually into the list and it worked)... that was all very well. So i thought I'd try on a friends network (with permission)... I couldnt get the handshake :( So i tried another.... again couldnt get the handshake. What could I be doing wrong? or What else can I try? Im fairly new to all of this and just to further my own knowledge want to learn how to "crack it" pardon the pun. I also went on to start thinking about brute forcing the key rather than relying on a wordlist... 9/10 people use A-Z and 1-9 in their keys so i watched some vids on youtube with regards to brute forcing. found that this could be pretty time consuming to say the least... So I suppose what Im asking is - Anyone fancy showing me the ropes? Thanks in advance all! Quote Link to comment Share on other sites More sharing options...
Mad Pierre Posted November 21, 2011 Share Posted November 21, 2011 You need to Deauth them to get the handshake Quote Link to comment Share on other sites More sharing options...
singh763173 Posted November 21, 2011 Author Share Posted November 21, 2011 I have done the deauth, from what I've seen, sendin just one deauth command is sufficient but it wouldnt do it. I've tried with up to 10 and still nothing Quote Link to comment Share on other sites More sharing options...
digip Posted November 22, 2011 Share Posted November 22, 2011 You need to make sure someone is actually connected to the router, then do the deauth. Its possible you have the handshake in the pcap, but Aircrack couldn't parse it out to find it. If so, you would have to manually pull the data out. See here: http://trac.aircrack-ng.org/ticket/651 and http://forum.aircrack-ng.org/index.php?topic=4054.msg30718#msg30718 However, this also doesn't confirm you have the key, just that it may already be in the pcap. You would have to use something like wireshark to find the handshake to use it in Aircrack, or try feeding the pcap to cowpatty, see if its found. Quote Link to comment Share on other sites More sharing options...
singh763173 Posted November 22, 2011 Author Share Posted November 22, 2011 Thanks for the links! I shall read up on them both when i get in aswell as cowpatty! In the cases where I do have the handshake and the cap files (or IVS in some videos ive seen), is there such a thing as brute forcing? and if so, is there anyway of speeding up the process. I have done some brute force attacks in the past using windows and now how time consuming it can be. Or maybe theres another way of pulling the key without the use of answer files? or how would you go about creating an answer file with every possibility of A-Z 0-9, im sure that would produce a huge answer file, but would it take the same amount of time to compute than a brute force? Quote Link to comment Share on other sites More sharing options...
digip Posted November 22, 2011 Share Posted November 22, 2011 Thanks for the links! I shall read up on them both when i get in aswell as cowpatty! In the cases where I do have the handshake and the cap files (or IVS in some videos ive seen), is there such a thing as brute forcing? and if so, is there anyway of speeding up the process. I have done some brute force attacks in the past using windows and now how time consuming it can be. Or maybe theres another way of pulling the key without the use of answer files? or how would you go about creating an answer file with every possibility of A-Z 0-9, im sure that would produce a huge answer file, but would it take the same amount of time to compute than a brute force? You are talking about two different things. The handshake is for WPA. IVS are for WEP. WPA can only be cracked via bruteforce, either dictionary attacks or rainbow tables. WEP can be cracked because of a weakness in the protocol and how it handles the encryption, offering only so many permutations, after so many IVS of data captured, one can derive the key in use. Quote Link to comment Share on other sites More sharing options...
singh763173 Posted November 22, 2011 Author Share Posted November 22, 2011 ahhh, now i understand! im gonna practise some more tonight and tomorrow. found a little issue, when using jtr i get fopen: john.ini no such file or directory im assuming its not installed properly, im using BT5 R1 - I tried moving the ini file from the windows release to the /pentest/password/john folder but it doesnt appear to have done anything Quote Link to comment Share on other sites More sharing options...
singh763173 Posted November 22, 2011 Author Share Posted November 22, 2011 UPDATE: So i got around the ini issue by pointing the terminal to the john folder. I am now reading this http://osix.net/modules/article/?id=455 and my next issue is no password hashes loaded! :( Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.