mmusket33
2014-09-21, 10:27
Everyone has heard of a crunch-aircrack-ng passthru. The problem with crunch is that except for numeric strings most WPA passwords are based on an alteration of a real word. Here is a way to produce a constantly changing alteration of your basic password file using John the Ripper.
Go to:
http://www.lanmaster53.com/2011/02/creating-complex-password-lists-with-john-the-ripper/
Download their custom rule set by Mat Weir
http://sites.google.com/site/reusablesec/Home/john-the-ripper-files/john-the-ripper-sample-configs-1/john.conf?attredirects=0&d=1
The link above can be found halfway down the page
After the small download is complete you will have a john.conf file
In kali Go to:
etc/John/
Change the name of the existing john.conf file to john,conf.orig (ie john.conf original)
Now copy Mike Weirs john.conf file into the ect/john folder
To start the passthru enter the following. Alter your paths, ESSID and cap file to meet your situation. Notice the -w - (i.e dash w space dash).
john --wordlist=/root/wordlist --rules:modified_single --stdout | aircrack-ng -e "ESSID" -w - /root/Filename.cap
You can use the original john.conf file but the output will be smaller and the terminal command line is altered. Furthermore the original john.conf file must be in residence in the etc/John folder. The below command line uses the original john.conf file that comes with kali:
john --wordlist=/root/wordlist --rules --stdout | aircrack-ng -e "ESSID" -w - /root/Filename.cap
These crunch and john passthrus are not the tools of choice for cracking WPA in most cases for the following reasons. You cannot save your work in stages and most WPA attacks can go on for weeks if not months. Using the computer to generate words and then handing them to aircrack-ng slows the speed down as much as 50%. The tool of choice for actually cracking WPA is a dual vidocard 64 bit windows 7 or higher operating system with Elcomsoft Wireless Security Auditor Professional v5.0.252 or higher. However we have been in rural areas trying to get internet access and have successfully broken weak encryption using these crunch and john the ripper passthrus.
John the Ripper has a --restore session command but we have been unable to get it to function when running --rules to an aircrack-ng passthru.
We have taken 20 common password lists, removed all numeric only strings, joined the files then cleaned, sorted remove duplicates and kept only lengths 8 thru 63. This file is meant to be used with the John --rules | aircrack-ng passthru. We suggest you first run numeric only lengths 8 thru 10 with a crunch aircrack-ng passthru. Then turn to this John aircrack-ng passthru.
You can download this common password compilation at:
http://www.axifile.com/en/EC1334B7B0
MTeams
Go to:
http://www.lanmaster53.com/2011/02/creating-complex-password-lists-with-john-the-ripper/
Download their custom rule set by Mat Weir
http://sites.google.com/site/reusablesec/Home/john-the-ripper-files/john-the-ripper-sample-configs-1/john.conf?attredirects=0&d=1
The link above can be found halfway down the page
After the small download is complete you will have a john.conf file
In kali Go to:
etc/John/
Change the name of the existing john.conf file to john,conf.orig (ie john.conf original)
Now copy Mike Weirs john.conf file into the ect/john folder
To start the passthru enter the following. Alter your paths, ESSID and cap file to meet your situation. Notice the -w - (i.e dash w space dash).
john --wordlist=/root/wordlist --rules:modified_single --stdout | aircrack-ng -e "ESSID" -w - /root/Filename.cap
You can use the original john.conf file but the output will be smaller and the terminal command line is altered. Furthermore the original john.conf file must be in residence in the etc/John folder. The below command line uses the original john.conf file that comes with kali:
john --wordlist=/root/wordlist --rules --stdout | aircrack-ng -e "ESSID" -w - /root/Filename.cap
These crunch and john passthrus are not the tools of choice for cracking WPA in most cases for the following reasons. You cannot save your work in stages and most WPA attacks can go on for weeks if not months. Using the computer to generate words and then handing them to aircrack-ng slows the speed down as much as 50%. The tool of choice for actually cracking WPA is a dual vidocard 64 bit windows 7 or higher operating system with Elcomsoft Wireless Security Auditor Professional v5.0.252 or higher. However we have been in rural areas trying to get internet access and have successfully broken weak encryption using these crunch and john the ripper passthrus.
John the Ripper has a --restore session command but we have been unable to get it to function when running --rules to an aircrack-ng passthru.
We have taken 20 common password lists, removed all numeric only strings, joined the files then cleaned, sorted remove duplicates and kept only lengths 8 thru 63. This file is meant to be used with the John --rules | aircrack-ng passthru. We suggest you first run numeric only lengths 8 thru 10 with a crunch aircrack-ng passthru. Then turn to this John aircrack-ng passthru.
You can download this common password compilation at:
http://www.axifile.com/en/EC1334B7B0
MTeams