Page 1 of 3 123 LastLast
Results 1 to 10 of 22

Thread: Cracking my WPA AP

  1. #1
    Junior Member
    Join Date
    Aug 2006
    Posts
    29

    Default Cracking my WPA AP

    Hi all,

    I have been testing a lot lately on my Linksys AP. WEP 128 bit and 64 bit is no problem anymore. But now I wanted to focus on WPA encryption. I have read some information on it, but still some things are not clear yet.

    I have switched my encryption to WPA on my router with a Pre shared key. I have put a phrase in it. Not a standard phrase, so you won't find it in any dictionaries.

    But now i'm stuck. I wan't to learn how to crack my own AP with the WPA protection. But how? I can't find any good tutorials on this subject. I have found some videos, but they all think the keyphrase is in the dictionary.

    Is it possible to crack my WPA key when the keyphrase is not in the dictionary by brute forcing it? Who got the right tutorial for this?

    Maybe it's just me and i'm a bad user of the search function, but I can't find it here or on google.

  2. #2
    Moderator theprez98's Avatar
    Join Date
    Jan 2010
    Location
    Maryland
    Posts
    2,533

    Default

    Quote Originally Posted by damocles View Post
    Is it possible to crack my WPA key when the keyphrase is not in the dictionary by brute forcing it?
    Nope. No-can-do. The passphrase is salted with the SSID.
    "\x74\x68\x65\x70\x72\x65\x7a\x39\x38";

  3. #3
    Developer balding_parrot's Avatar
    Join Date
    May 2007
    Posts
    3,399

    Default

    you need to search for john the ripper and cowpatty and how to use them in conjunction with each other. Also search for how to capture the 4 way handshake.

    you will also need alot of time, cpu cycles or a cluster if you have chosen any kind of descent passphrase.

    Also rainbow tables may be worth looking into

  4. #4
    Moderator theprez98's Avatar
    Join Date
    Jan 2010
    Location
    Maryland
    Posts
    2,533

    Default

    Quote Originally Posted by balding_parrot View Post
    Also rainbow tables may be worth looking into
    If you already know the SSID, genpmk will generate your own tables. Only if the SSID is already in a pre-computed set of tables, will those tables help at all...and only then if the passphrase was in the dictionary used to create the tables.

    Lastly, you need an already-authenticated client.
    "\x74\x68\x65\x70\x72\x65\x7a\x39\x38";

  5. #5
    Senior Member PrairieFire's Avatar
    Join Date
    Apr 2007
    Posts
    705

    Default

    This should tell you about how long it would take.

  6. #6
    Junior Member
    Join Date
    Aug 2006
    Posts
    29

    Default

    Ok, so whenever I think of something that is not in the dictionary file, it won't be able to find it? That's what I make out of the answers. But for WEP there are all clear tuts on what to do and what not to do. There is no clear WPA tutorial which take you through it step by step? I could go and try things out like I have been doing, but that's not really working right now haha

  7. #7
    Moderator theprez98's Avatar
    Join Date
    Jan 2010
    Location
    Maryland
    Posts
    2,533

    Default

    FYI, both coWPAtty and Aircrack use dictionary attacks which are not strictly brute force attacks.
    "\x74\x68\x65\x70\x72\x65\x7a\x39\x38";

  8. #8
    Moderator theprez98's Avatar
    Join Date
    Jan 2010
    Location
    Maryland
    Posts
    2,533

    Default

    Quote Originally Posted by damocles View Post
    Ok, so whenever I think of something that is not in the dictionary file, it won't be able to find it?
    This is correct. Your best bet to crack WPA is a good dictionary file and a weak passphrase.
    "\x74\x68\x65\x70\x72\x65\x7a\x39\x38";

  9. #9
    Senior Member PrairieFire's Avatar
    Join Date
    Apr 2007
    Posts
    705

    Default

    Google Search time: 0.27 seconds
    tutorial How to Crack WPA

  10. #10
    Developer balding_parrot's Avatar
    Join Date
    May 2007
    Posts
    3,399

    Default

    Quote Originally Posted by theprez98 View Post
    If you already know the SSID, genpmk will generate your own tables. Only if the SSID is already in a pre-computed set of tables, will those tables help at all...and only then if the passphrase was in the dictionary used to create the tables.

    Lastly, you need an already-authenticated client.
    This is why I said "may"

    The intention was only a point in the right direction for research, which if done properly would show just how impractical given a good passphrase this can be.

Page 1 of 3 123 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •