Jump to content

Archived

This topic is now archived and is closed to further replies.

aka

Wpa2 crack

Recommended Posts

Hello,

We know all the technics to hack wpa2 wifi password.

- brute force using dictionary

-wps

-social engineering

But could someone with good experiences on that can cite 3 best softwares that are currently works.

 

Thanks

Share this post


Link to post
Share on other sites

Loads of experience here.

Personally, aircrack-ng and oclHashCat are the way to go.

No need for 3. Those 2 do it better than anything else I've come across. Aircrack for grabbing the handshake, HashCat for cracking it using GPU (fastest method I've come across).

 

Share this post


Link to post
Share on other sites

Thanks, I will try.

But if I understand your point, once I got a handshake(with little laptop) then I will to my desktop(more power) and use oclhashcat to decrypt..

Correct.

Sorry ,if i'm little tired to try everything to crack wpa2.

Share this post


Link to post
Share on other sites
14 hours ago, aka said:

Thanks, I will try.

But if I understand your point, once I got a handshake(with little laptop) then I will to my desktop(more power) and use oclhashcat to decrypt..

Correct.

Sorry ,if i'm little tired to try everything to crack wpa2.

correct.  Get a good password list like rockyou.txt and depending on the gpu for your desktop depends on how long it will take to run through the list.  I have a GTX1050 and it runs through the rockyou.txt in about 3 mins.  ive also cleaned the handshake to make it as small as possible to run quicker.

Share this post


Link to post
Share on other sites
4 hours ago, b0N3z said:

correct.  Get a good password list like rockyou.txt and depending on the gpu for your desktop depends on how long it will take to run through the list.  I have a GTX1050 and it runs through the rockyou.txt in about 3 mins.  ive also cleaned the handshake to make it as small as possible to run quicker.

I wonder how fast my 1080 Ti could do it...

20 seconds, maybe?

Share this post


Link to post
Share on other sites
23 hours ago, Dave-ee Jones said:

I wonder how fast my 1080 Ti could do it...

20 seconds, maybe?

maybe,  also using kali for OS on a cheap ssd.  So with a good ssd and 1080Ti would be quite quick

Share this post


Link to post
Share on other sites
On 7/2/2018 at 1:39 AM, b0N3z said:

correct.  Get a good password list like rockyou.txt and depending on the gpu for your desktop depends on how long it will take to run through the list.  I have a GTX1050 and it runs through the rockyou.txt in about 3 mins.  ive also cleaned the handshake to make it as small as possible to run quicker.

ok, i will try and let you know.

i will install oclhascat on my both system windows and kali.

but you said we used rockyou.txt wordlist to decrypt so i assume that wordlist is very efficient to decrypt wpa2.

 

thanks

 

Share this post


Link to post
Share on other sites
4 minutes ago, aka said:

ok, i will try and let you know.

i will install oclhascat on my both system windows and kali.

but you said we used rockyou.txt wordlist to decrypt so i assume that wordlist is very efficient to decrypt wpa2.

 

thanks

 

Havent tryed the windows subsystem for hashcat yet, just kali itself so I dont quite know how that will work.  Yes the rockyou.txt is pretty good if you dont want to make a custom list.  I have pulled a couple of my family members wifi passwords with the rockyou list, mainly to show them how bad there passwords are lol.  they had no idea that somebody could even do something like that

Share this post


Link to post
Share on other sites
31 minutes ago, b0N3z said:

Havent tryed the windows subsystem for hashcat yet, just kali itself so I dont quite know how that will work.  Yes the rockyou.txt is pretty good if you dont want to make a custom list.  I have pulled a couple of my family members wifi passwords with the rockyou list, mainly to show them how bad there passwords are lol.  they had no idea that somebody could even do something like that

thanks, i will try and let you know.

Share this post


Link to post
Share on other sites
23 hours ago, b0N3z said:

maybe,  also using kali for OS on a cheap ssd.  So with a good ssd and 1080Ti would be quite quick

Yeah I've got one of the Samsung 860 EVOs.

Considering an M.2 but can't justify spending another $500 or so just for extra read/write speed..

Share this post


Link to post
Share on other sites
9 minutes ago, Dave-ee Jones said:

Yeah I've got one of the Samsung 860 EVOs.

Considering an M.2 but can't justify spending another $500 or so just for extra read/write speed..

im running an old i7-2600K with 16gb ram and an intel 240gb with slower read/write (480 maybe).  Working on upgrading mobo, cpu, ram, and power soon

Share this post


Link to post
Share on other sites
On 7/1/2018 at 4:09 PM, b0N3z said:

correct.  Get a good password list like rockyou.txt and depending on the gpu for your desktop depends on how long it will take to run through the list.  I have a GTX1050 and it runs through the rockyou.txt in about 3 mins.  ive also cleaned the handshake to make it as small as possible to run quicker.

I have a question about that. As i've use aircrack mostly but as we all know it takes FOREVER. I was working with hashcat for a bit. It was hit and miss, like I used a dictionary that I know for 100% sure had the password of the handshake in it. Sometimes it would show it, sometimes it wouldn't. Is there any reason behind that?
Also, how do you 'clean' the handshake? What exactly does that do? I'm not COMPLETELY into WiFi hacking, but would like know some basics of it.

Share this post


Link to post
Share on other sites
4 hours ago, Exmix said:

I have a question about that. As i've use aircrack mostly but as we all know it takes FOREVER. I was working with hashcat for a bit. It was hit and miss, like I used a dictionary that I know for 100% sure had the password of the handshake in it. Sometimes it would show it, sometimes it wouldn't. Is there any reason behind that?
Also, how do you 'clean' the handshake? What exactly does that do? I'm not COMPLETELY into WiFi hacking, but would like know some basics of it.

i loaded the pcap into wireshark and exported the handshake only, then convert the file to hashcat format with an online converter tool.  I cant remember the website as I spent an entire day messing with it and havent really touched it since.  Running the pcap with aircrack was taking 3-4hrs and once I setup kali and hashcat I was running handshakes in 2-3 mins

Share this post


Link to post
Share on other sites
2 hours ago, b0N3z said:

i loaded the pcap into wireshark and exported the handshake only

Could you explain the steps to do this at all? To be honest, I've not really bothered with this in the past. Does it make much of a difference in time to crack?

Thank you.

Share this post


Link to post
Share on other sites
1 minute ago, haze1434 said:

Could you explain the steps to do this at all? To be honest, I've not really bothered with this in the past. Does it make much of a difference in time to crack?

Thank you.

The only reason I exported the individual handshake was because I had multiple handshakes in the same pcap and I wanted to separate each one to its on individual pcap file.  I dont know the exact filter I used in wireshark but you can google wireshark filter for wifi handshake and give it a try.  You only need the first 3 packets of the handshake to crack.  this will make the file smaller and I dont really know if it makes much of a difference unless your pcap is huge, as in it took forever to get the handshake and the file is very large.   Sry I cant be more specific, I quit messing with it after I figured it out and for some reason didnt make any notes on the subject.  probably because beer lol

Share this post


Link to post
Share on other sites
10 minutes ago, b0N3z said:

probably because beer lol

Ha no worries. I'll have to have another play this weekend :lol:

Share this post


Link to post
Share on other sites

my biggest hurdle was figuring out hashcat and converting the pcap to hccapx.  once I had that figured out, it was smooth sailing from there.  Im also going to have to dig into it a bit more and make notes this time lol

Share this post


Link to post
Share on other sites
On 7/4/2018 at 8:01 PM, b0N3z said:

my biggest hurdle was figuring out hashcat and converting the pcap to hccapx.  once I had that figured out, it was smooth sailing from there.  Im also going to have to dig into it a bit more and make notes this time lol

HI,

sorry to disturb you, since you have more experience on using hashcat. can you give at aleast an average config to decrypt wpa.

i'm little confused with interface, wordlist, hybrid, bruteforce etc...

i used hascat v4.1.0, and gui v1.00rc3

Share this post


Link to post
Share on other sites
13 hours ago, aka said:

HI,

sorry to disturb you, since you have more experience on using hashcat. can you give at aleast an average config to decrypt wpa.

i'm little confused with interface, wordlist, hybrid, bruteforce etc...

i used hascat v4.1.0, and gui v1.00rc3

Most of the time, you'll want to go for a Mask Attack.

Using Windows CMD, this would be something like;

oclHashCat.exe -m 2500 HASHES.txt -a 3 -1 ?l?d?u ?1?1?1?1?1?1?1?1

(run Hashcat) (hash type is WPA/WPA2) (use HASHES.txt for the hashes to be cracked) (mode Brute-Force) (create '1' as meaning lowercase, uppercase and numbers) (set password as 8 characters in length, so 1 repeated 8 times)

The above will (I think, I'd need to double check the syntax) crack a WPA2 password that is up to 8 characters in length and contains uppercase, lowercase and numbers.

You should research the default passwords for the router being pentested; the above mask should be amended to match initially. For example, if you knew the password was 5 letters and 4 numbers, you could use;

-1 ?l?u -2 ?d ?1?1?1?1?1?2?2?2?2

 

Note the above is a brute-force example, you should exhaust your password files first, such as rockyou, via a dictionary attack;

oclHashCat.exe –m 2500 HASHES.txt DICTIONARY.txt

 

I go in this order;

  1. Dictionary attacks, using the smallest/quickest dictionary first and the slowest last
  2. Mask attack using likely default password layout
  3. Mask attack using incremental lowercase letters, uppercase letters and numbers, up to 12 digits
  4. Anything past this usually takes too long, so if the above fails, I tend to stop there and admit defeat. You can judge this based on your rig.

Share this post


Link to post
Share on other sites
3 hours ago, haze1434 said:

Most of the time, you'll want to go for a Mask Attack.

Using Windows CMD, this would be something like;


oclHashCat.exe -m 2500 HASHES.txt -a 3 -1 ?l?d?u ?1?1?1?1?1?1?1?1

(run Hashcat) (hash type is WPA/WPA2) (use HASHES.txt for the hashes to be cracked) (mode Brute-Force) (create '1' as meaning lowercase, uppercase and numbers) (set password as 8 characters in length, so 1 repeated 8 times)

The above will (I think, I'd need to double check the syntax) crack a WPA2 password that is up to 8 characters in length and contains uppercase, lowercase and numbers.

You should research the default passwords for the router being pentested; the above mask should be amended to match initially. For example, if you knew the password was 5 letters and 4 numbers, you could use;


-1 ?l?u -2 ?d ?1?1?1?1?1?2?2?2?2

 

Note the above is a brute-force example, you should exhaust your password files first, such as rockyou, via a dictionary attack;


oclHashCat.exe –m 2500 HASHES.txt DICTIONARY.txt

 

I go in this order;

  1. Dictionary attacks, using the smallest/quickest dictionary first and the slowest last
  2. Mask attack using likely default password layout
  3. Mask attack using incremental lowercase letters, uppercase letters and numbers, up to 12 digits
  4. Anything past this usually takes too long, so if the above fails, I tend to stop there and admit defeat. You can judge this based on your rig.

you went further than I. I normally just run a wordlist and call it a day. If I get it cool, if not I move on.  

Share this post


Link to post
Share on other sites

THANKS.

i try your combination, but i think my graphic card is not too powerful for mask-attack, so i try again by using a word-list that i modified and it's works.

so my conclusion is :

1- if you have a good graphic card mast-attack is better and avoid you to think to hard to custom a word list.

2- with a good recon and luck, word list gives you a good crack but you have to repeat the test

 

3. my interface of hashcat

 

int 1.PNG

int 2.PNG

Share this post


Link to post
Share on other sites

I run a GTX 1050 and it worked great.  It is a budget card I got for around $100-125 ish.

Share this post


Link to post
Share on other sites
1 hour ago, b0N3z said:

I run a GTX 1050 and it worked great.  It is a budget card I got for around $100-125 ish.

for mask-attack ??

i have to change my graphic card , i have gtx 660 2gb, so i plan to get 1050 gtx

Share this post


Link to post
Share on other sites

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...