How to Capture a 4 way WPA handshake and Upload it to a Online WPA Cracker

[musket33]

This is directed to purehate from whom I gained much guidance, wisdom and clarity.

In cracking WPA we are working are an intigrated approach which employs both social engineering and remote viewing to obtain a basic understanding of any key. WPA is an excellant target cypher as the structure of the key is well defined.

At this time we suggest the following approach which has shown real results.

Those approaching the WPA problem should first crack as many WEP keys in the area to get an idea of how users select keys. We have found that in over 50% of the cases the key is derived from only one(1) source. This source is totally numeric and easily broken by a crunch-aircrack passthru in BT4R2. A hint of that source can be found below:

/pentest/passwords/crunch/crunch 10 10 "1234567890" -t 08@@@@@@@@ | aircrack-ng /root/hanshake.cap -e "bssid" -w -

When we applied this attack to 100% of the handshakes captured we cracked 50% in less then three hours using GTX360 video cards.

We are designing Remote Viewing sessions to directly attack cyphers. As the WPA structure is well known we are currently designing random pages to be employed in remote viewing sessions to obtain the basics of the bssid's WPA cypher key. From remote viewing you will obtain 1. the key length, 2. key types ie numeric, numeric-caps etc(12 variables) and 3. the first three(3) characters of the key. You can then decide whether a pass-thru in cruch or pyrite etc is practicable with the equipment you have available. For those interest turn to Ed Dames, learn rvcom. You will find methods to obtain three numbers in a lottery. We think the average person can employ stage three remote viewing to obtain the basics of a keys structure and then fine tune crunch to obtain the key.

I will be posting expansions to this theme in fiurther posts.

SRC - Up All Night

[TheFlyingDutchMan]

Last time I uploaded a handshake to wpacracker.com an invalid handshake was their conclusion, Aircrack reported: valid handshake, also wireless security auditor (windows) reported invalid handshake.
But uploaded same .cap to darkircop.org and they actually did retreive the passphrase for me. Also did wparecovery.com find the passphrase.Later decide to test this handshake in wireless security auditor and even the handshake was reported invalid, it did find the passphrase.
Maybe this helps someone.

[purehate]

This all has to do with the number of packets. My system needs all 4 eapol packets to crack a capture. Aircrack can crack a capture w/ only 2 eapol packets which is what darkicorp probably uses. A COMPLETE WPA capture should have all 4 eapol packets other wise the results can be unreliable.

[trueblu8]

Hmm. Interesting stuff guys.

Darkircop.com seems to be down. Maybe he's fixing it because it wasn't letting you upload anything.

Yeah I'm going to work on getting the complete 4 way handshake with all 4 eapol packets tonight. Then looking forward to running that on your system purehate.