Saturday, 2 July 2011

Cracking WPA using pyrit and aircrack

Hi all,

This is the follow on post to the pyrit set-up.
Once its been set-up you are able to test the strength of your WPA encrypted router.

There are a few important points to note when cracking WPA.
Firstly it has to be your own router or you must have permission from the administrator.
Secondly the key that your cracking has to be inside the list or dictionary file.
If the password isn't in the dictionary file, the key will not be cracked.
Note that 'insecurepass' is different to 'Insecsurepass'.
Finally their access point has to have a client connected because during the process of capturing a handshake, the client is de-authenticated allowing the handshake to be recaptured.

The method behind WPA cracking is different to that of WEP. WEP is cracked by repetition of the IV packets. WPA is cracked by firstly capturing the handshake, where the client connects to the AP, then brute forced using a dictionary or word list.

The commands:
airmon-ng start wlan0
airodump-ng mon0
airodump-ng -c 11 -w output --bssid mon0
aireplay --deauth 0 -a bssid -c client mon0

Ctrl + C to cancel the deauth and capture

pyrit eval 
pyrit -i pass.lst import_passwords
pyrit -e j2neonAP create_essid
pyrit eval
pyrit batch
pyrit verify
pyrit -o wpadb export_hashdb

aircrack -r wpadb output01.cap
Commands will differ for each WPA crack and access point. Firstly the -c is the channel of the AP, mines on 11. -w is simply the name of the text file and each bssid is different.
In the pyrit section pass.lst is a simple list that I created for the purpose of this vid and contains a few keys. This should be replaced with a decent word list or password list.
j2neonAP is my essid and again this is different for each, this is also used as a salt during the batch process.

Videos: link:
Cracking WPA using pyrit and aircrack

YouTube link:
Cracking WPA using pyrit and aircrack YouTube

Sorry again, for the square mouse camtasia, VB and BT5 don't play together nicely.


Friday, 1 July 2011

Installing pyrit into BT5

Hey all,

It's been a while again since the last video. I have spent some serious time doing boot to roots and the metasploit unleashed tut. Anyway this is a two part post; the first being the setup and the second being WPA cracking using pyrit.

That having been said, I'll get on with it!

Pyrit is used to create hash tables, this can be used to crack WPA and test how secure the wireless key is. In this post the primary object is to download and install all of the nessasary components for pyrit.

Pyrit also supports GPU processing, therefore as I have an Nvidia card, I will be setting up pyrit to run using CUDA. This step is optional and will be different if you are using AMD/ATi.

Also it's a good idea to run pyrit list_cores to make sure that it's all working correctly and if you want to see the speed of the cores, run the benchmark.


These commands are taken from another thread on the backtrack forum, as they are the best way to install it and have come up in posts multiple times.

svn checkout pyrit_svn

apt-get install libssl-dev scapy python-dev
cd /pyrit_svn/pyrit
python build
python install
CUDA/Nvidia only!

Then download the nvidia-toolkit from:

Download the CUDA Toolkit for Ubuntu Linux 10.04, it doesn't matter if you already have the graphics drivers as you will need this anyway as it has the compilers. Also, if you accidentally download the dev drivers you won't be able to install pyrit as you need this tool-kit!
cd /pyrit_svn/cpyrit_cuda 
python build
python install

pyrit list_cores
pyrit benchmark

Installing pyrit into BT5 YouTube
Installing pyrit into BT5