BT4 Brute Force...
I am trying to crack a WPA-PSK key in my Basic Offensive Security Class using BackTrack 4 Beta Release. I have a dict file over 80MBs, but I STILL cant get the pass... The password might be something completely random like "aw91t@$l2".
The goal of the assignment is to use all available resources to get that pass, even if we haven't learned the techniques as yet. (We were basically instructed for 2 weeks on the basics, the popped with this for two test grades... T_T)
What should I do?
I am a noob too but i think bruteforce wont be the best way..
you could try this way: (but it will be a bad way too, it is just an idea i've never tried before)
-Kill the true AP with MDK3
-create a fake AP with the same BSSID and a fake WPA encryption (i dont remember if the fake encryption is possible)
-route the traffic through this new connection (victims will have an internet access)
-create a fake Router Home page (you must know the brand and model of this one) or a Provider home page and start it on the apache server
-dns spoofing and sniffing with ettercap to grab login and password to try to enter the router and read the wpa key
Second idea: (a remote keylogging)
create a trojan with the metasploit meterpreter and link it with a document or a file (where you ask the victim to go in the router and retype its security parameters or its wpa key). Send it to your victim. Start a keylogging to grab the wpa key....
with my two methods you will have 2 chances on 1 million to grab the wpa key but i really think "social engineering" will be easier.
You forgot something important... He can't access the router setup pages if he doesn't has the WPA key... So this method is worthless. A possible way would be:Originally Posted by murdock69
is it possible to know the model and the brand by a sniff with wireshark in promiscious mode and a filter on wifi headers to create a fake setup page?
Go read some more about networks, i think you're not understanding how it works.
It was just a question, not a method...
That's why i post in this area...But you're right there are lot of things to learn about networks and i have a lot of lacks. I know it is impossible to enter the victim's router without the Wpa Key on its network but i thought it was possible to redirect the victim on the Fake AP to a "fake router setup page".
............MDK3
..............|
Victim----X---WPA encryption-----router------"Setup page"
|
|
|
Fake AP---------Fake encryption------>Fake setup page(started on apache,dns spoofing ettercap)
(same essid)
(same bssid)
I do this method to create fake Hotspots(wpa encrypted) to grab passwords and logins and it works. In this case it is possible to know the manufacturer of the router with the router mac address (macchanger) and imagine a fake "error page" where the victim have to reenter login, password and WPA key to reset the network (the victim is on your network so you can grab them)
sorry my english....it is difficult for me to explain my idea
Yes there is an update in the aircrack suit that finds the psk without a dictionary/wordlist attack. Its just recently been added. This would likely be your best avenue.
Check out the link for details
bit-tech.net/news/2008/11/07/wpa-crackable-in-fifteen-minutes/1
wolf
That sounds like my solution, do you have any more info?
I will try also, last time I couldn't generate handshake
man tkiptun-ng
but i dont know if it is easy to use. there is a document to read on aircrack-ng website from the author
Posting Permissions
