Jump to content

Wpa2 crack

aka

By aka
in Questions

 Share

Recommended Posts

aka Newbie

aka

Posted
Posted

Hello,

We know all the technics to hack wpa2 wifi password.

- brute force using dictionary

-wps

-social engineering

But could someone with good experiences on that can cite 3 best softwares that are currently works.

 

Thanks

Link to comment
Share on other sites
aka Newbie

aka

Posted
  • Author
Posted

Thanks, I will try.

But if I understand your point, once I got a handshake(with little laptop) then I will to my desktop(more power) and use oclhashcat to decrypt..

Correct.

Sorry ,if i'm little tired to try everything to crack wpa2.

Link to comment
Share on other sites
b0N3z Rookie

b0N3z

Posted
Posted
14 hours ago, aka said:

Thanks, I will try.

But if I understand your point, once I got a handshake(with little laptop) then I will to my desktop(more power) and use oclhashcat to decrypt..

Correct.

Sorry ,if i'm little tired to try everything to crack wpa2.

correct.  Get a good password list like rockyou.txt and depending on the gpu for your desktop depends on how long it will take to run through the list.  I have a GTX1050 and it runs through the rockyou.txt in about 3 mins.  ive also cleaned the handshake to make it as small as possible to run quicker.

Link to comment
Share on other sites
Dave-ee Jones Newbie

Dave-ee Jones

Posted
Posted
4 hours ago, b0N3z said:

correct.  Get a good password list like rockyou.txt and depending on the gpu for your desktop depends on how long it will take to run through the list.  I have a GTX1050 and it runs through the rockyou.txt in about 3 mins.  ive also cleaned the handshake to make it as small as possible to run quicker.

I wonder how fast my 1080 Ti could do it...

20 seconds, maybe?

Link to comment
Share on other sites
b0N3z Rookie

b0N3z

Posted
Posted
23 hours ago, Dave-ee Jones said:

I wonder how fast my 1080 Ti could do it...

20 seconds, maybe?

maybe,  also using kali for OS on a cheap ssd.  So with a good ssd and 1080Ti would be quite quick

Link to comment
Share on other sites
aka Newbie

aka

Posted
  • Author
Posted
On 7/2/2018 at 1:39 AM, b0N3z said:

correct.  Get a good password list like rockyou.txt and depending on the gpu for your desktop depends on how long it will take to run through the list.  I have a GTX1050 and it runs through the rockyou.txt in about 3 mins.  ive also cleaned the handshake to make it as small as possible to run quicker.

ok, i will try and let you know.

i will install oclhascat on my both system windows and kali.

but you said we used rockyou.txt wordlist to decrypt so i assume that wordlist is very efficient to decrypt wpa2.

 

thanks

 

Link to comment
Share on other sites
b0N3z Rookie

b0N3z

Posted
Posted
4 minutes ago, aka said:

ok, i will try and let you know.

i will install oclhascat on my both system windows and kali.

but you said we used rockyou.txt wordlist to decrypt so i assume that wordlist is very efficient to decrypt wpa2.

 

thanks

 

Havent tryed the windows subsystem for hashcat yet, just kali itself so I dont quite know how that will work.  Yes the rockyou.txt is pretty good if you dont want to make a custom list.  I have pulled a couple of my family members wifi passwords with the rockyou list, mainly to show them how bad there passwords are lol.  they had no idea that somebody could even do something like that

Link to comment
Share on other sites
aka Newbie

aka

Posted
  • Author
Posted
31 minutes ago, b0N3z said:

Havent tryed the windows subsystem for hashcat yet, just kali itself so I dont quite know how that will work.  Yes the rockyou.txt is pretty good if you dont want to make a custom list.  I have pulled a couple of my family members wifi passwords with the rockyou list, mainly to show them how bad there passwords are lol.  they had no idea that somebody could even do something like that

thanks, i will try and let you know.

Link to comment
Share on other sites
Dave-ee Jones Newbie

Dave-ee Jones

Posted
Posted
23 hours ago, b0N3z said:

maybe,  also using kali for OS on a cheap ssd.  So with a good ssd and 1080Ti would be quite quick

Yeah I've got one of the Samsung 860 EVOs.

Considering an M.2 but can't justify spending another $500 or so just for extra read/write speed..

Link to comment
Share on other sites
b0N3z Rookie

b0N3z

Posted
Posted (edited)
9 minutes ago, Dave-ee Jones said:

Yeah I've got one of the Samsung 860 EVOs.

Considering an M.2 but can't justify spending another $500 or so just for extra read/write speed..

im running an old i7-2600K with 16gb ram and an intel 240gb with slower read/write (480 maybe).  Working on upgrading mobo, cpu, ram, and power soon

Edited by b0N3z
Link to comment
Share on other sites
Exmix Newbie

Exmix

Posted
Posted
On 7/1/2018 at 4:09 PM, b0N3z said:

correct.  Get a good password list like rockyou.txt and depending on the gpu for your desktop depends on how long it will take to run through the list.  I have a GTX1050 and it runs through the rockyou.txt in about 3 mins.  ive also cleaned the handshake to make it as small as possible to run quicker.

I have a question about that. As i've use aircrack mostly but as we all know it takes FOREVER. I was working with hashcat for a bit. It was hit and miss, like I used a dictionary that I know for 100% sure had the password of the handshake in it. Sometimes it would show it, sometimes it wouldn't. Is there any reason behind that?
Also, how do you 'clean' the handshake? What exactly does that do? I'm not COMPLETELY into WiFi hacking, but would like know some basics of it.

Link to comment
Share on other sites
b0N3z Rookie

b0N3z

Posted
Posted
4 hours ago, Exmix said:

I have a question about that. As i've use aircrack mostly but as we all know it takes FOREVER. I was working with hashcat for a bit. It was hit and miss, like I used a dictionary that I know for 100% sure had the password of the handshake in it. Sometimes it would show it, sometimes it wouldn't. Is there any reason behind that?
Also, how do you 'clean' the handshake? What exactly does that do? I'm not COMPLETELY into WiFi hacking, but would like know some basics of it.

i loaded the pcap into wireshark and exported the handshake only, then convert the file to hashcat format with an online converter tool.  I cant remember the website as I spent an entire day messing with it and havent really touched it since.  Running the pcap with aircrack was taking 3-4hrs and once I setup kali and hashcat I was running handshakes in 2-3 mins

Link to comment
Share on other sites
0phoi5 Apprentice

0phoi5

Posted
Posted
2 hours ago, b0N3z said:

i loaded the pcap into wireshark and exported the handshake only

Could you explain the steps to do this at all? To be honest, I've not really bothered with this in the past. Does it make much of a difference in time to crack?

Thank you.

Link to comment
Share on other sites
b0N3z Rookie

b0N3z

Posted
Posted
1 minute ago, haze1434 said:

Could you explain the steps to do this at all? To be honest, I've not really bothered with this in the past. Does it make much of a difference in time to crack?

Thank you.

The only reason I exported the individual handshake was because I had multiple handshakes in the same pcap and I wanted to separate each one to its on individual pcap file.  I dont know the exact filter I used in wireshark but you can google wireshark filter for wifi handshake and give it a try.  You only need the first 3 packets of the handshake to crack.  this will make the file smaller and I dont really know if it makes much of a difference unless your pcap is huge, as in it took forever to get the handshake and the file is very large.   Sry I cant be more specific, I quit messing with it after I figured it out and for some reason didnt make any notes on the subject.  probably because beer lol

  • Upvote 1
Link to comment
Share on other sites
b0N3z Rookie

b0N3z

Posted
Posted

my biggest hurdle was figuring out hashcat and converting the pcap to hccapx.  once I had that figured out, it was smooth sailing from there.  Im also going to have to dig into it a bit more and make notes this time lol

Link to comment
Share on other sites
aka Newbie

aka

Posted
  • Author
Posted
On 7/4/2018 at 8:01 PM, b0N3z said:

my biggest hurdle was figuring out hashcat and converting the pcap to hccapx.  once I had that figured out, it was smooth sailing from there.  Im also going to have to dig into it a bit more and make notes this time lol

HI,

sorry to disturb you, since you have more experience on using hashcat. can you give at aleast an average config to decrypt wpa.

i'm little confused with interface, wordlist, hybrid, bruteforce etc...

i used hascat v4.1.0, and gui v1.00rc3

Link to comment
Share on other sites
0phoi5 Apprentice

0phoi5

Posted
Posted (edited)
13 hours ago, aka said:

HI,

sorry to disturb you, since you have more experience on using hashcat. can you give at aleast an average config to decrypt wpa.

i'm little confused with interface, wordlist, hybrid, bruteforce etc...

i used hascat v4.1.0, and gui v1.00rc3

Most of the time, you'll want to go for a Mask Attack.

Using Windows CMD, this would be something like; 

oclHashCat.exe -m 2500 HASHES.txt -a 3 -1 ?l?d?u ?1?1?1?1?1?1?1?1

(run Hashcat) (hash type is WPA/WPA2) (use HASHES.txt for the hashes to be cracked) (mode Brute-Force) (create '1' as meaning lowercase, uppercase and numbers) (set password as 8 characters in length, so 1 repeated 8 times)

The above will (I think, I'd need to double check the syntax) crack a WPA2 password that is up to 8 characters in length and contains uppercase, lowercase and numbers.

You should research the default passwords for the router being pentested; the above mask should be amended to match initially. For example, if you knew the password was 5 letters and 4 numbers, you could use; 

-1 ?l?u -2 ?d ?1?1?1?1?1?2?2?2?2

 

Note the above is a brute-force example, you should exhaust your password files first, such as rockyou, via a dictionary attack; 

oclHashCat.exe –m 2500 HASHES.txt DICTIONARY.txt

 

I go in this order;

  1. Dictionary attacks, using the smallest/quickest dictionary first and the slowest last
  2. Mask attack using likely default password layout
  3. Mask attack using incremental lowercase letters, uppercase letters and numbers, up to 12 digits
  4. Anything past this usually takes too long, so if the above fails, I tend to stop there and admit defeat. You can judge this based on your rig.
Edited by haze1434
  • Upvote 1
Link to comment
Share on other sites
b0N3z Rookie

b0N3z

Posted
Posted (edited)
3 hours ago, haze1434 said:

Most of the time, you'll want to go for a Mask Attack.

Using Windows CMD, this would be something like; 


oclHashCat.exe -m 2500 HASHES.txt -a 3 -1 ?l?d?u ?1?1?1?1?1?1?1?1

(run Hashcat) (hash type is WPA/WPA2) (use HASHES.txt for the hashes to be cracked) (mode Brute-Force) (create '1' as meaning lowercase, uppercase and numbers) (set password as 8 characters in length, so 1 repeated 8 times)

The above will (I think, I'd need to double check the syntax) crack a WPA2 password that is up to 8 characters in length and contains uppercase, lowercase and numbers.

You should research the default passwords for the router being pentested; the above mask should be amended to match initially. For example, if you knew the password was 5 letters and 4 numbers, you could use; 


-1 ?l?u -2 ?d ?1?1?1?1?1?2?2?2?2

 

Note the above is a brute-force example, you should exhaust your password files first, such as rockyou, via a dictionary attack; 


oclHashCat.exe –m 2500 HASHES.txt DICTIONARY.txt

 

I go in this order;

  1. Dictionary attacks, using the smallest/quickest dictionary first and the slowest last
  2. Mask attack using likely default password layout
  3. Mask attack using incremental lowercase letters, uppercase letters and numbers, up to 12 digits
  4. Anything past this usually takes too long, so if the above fails, I tend to stop there and admit defeat. You can judge this based on your rig.

you went further than I. I normally just run a wordlist and call it a day. If I get it cool, if not I move on.  

Edited by b0N3z
  • Like 1
Link to comment
Share on other sites
aka Newbie

aka

Posted
  • Author
Posted

THANKS.

i try your combination, but i think my graphic card is not too powerful for mask-attack, so i try again by using a word-list that i modified and it's works.

so my conclusion is :

1- if you have a good graphic card mast-attack is better and avoid you to think to hard to custom a word list.

2- with a good recon and luck, word list gives you a good crack but you have to repeat the test

 

3. my interface of hashcat

 

int 1.PNG

int 2.PNG

Link to comment
Share on other sites
b0N3z Rookie

b0N3z

Posted
Posted

I run a GTX 1050 and it worked great.  It is a budget card I got for around $100-125 ish.

Link to comment
Share on other sites
aka Newbie

aka

Posted
  • Author
Posted (edited)
1 hour ago, b0N3z said:

I run a GTX 1050 and it worked great.  It is a budget card I got for around $100-125 ish.

for mask-attack ??

i have to change my graphic card , i have gtx 660 2gb, so i plan to get 1050 gtx

Edited by aka
Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...