Difference between revisions of "WPA Attack"

From ivc wiki
Jump to navigationJump to search
Line 44: Line 44:
* [http://www.outpost9.com/files/WordLists.html Outpost9.com] ([http://www.outpost9.com/files/wordlists/dic-0294.zip direct]) - dic-0294 (8.04 MB) ([http://forums.remote-exploit.org/bt4beta-howtos/20095-pyrit-cuda-nvidia-tutorial-nvidia-overclock-instructions.html reference])
* [http://www.outpost9.com/files/WordLists.html Outpost9.com] ([http://www.outpost9.com/files/wordlists/dic-0294.zip direct]) - dic-0294 (8.04 MB) ([http://forums.remote-exploit.org/bt4beta-howtos/20095-pyrit-cuda-nvidia-tutorial-nvidia-overclock-instructions.html reference])
* [http://www.openwall.com/wordlists/ Openwall wordlists] - Multiple languages, small fee
* [http://www.openwall.com/wordlists/ Openwall wordlists] - Multiple languages, small fee
* [http://www.theargon.com/achilles/wordlists/ The Argon various wordlists] - There are WPA versions of these lists
* [http://www.theargon.com/achilles/wordlists/ The Argon various wordlists] - There are WPA versions of these lists, see Xploitz below
* [http://forums.remote-exploit.org/general-discussion/11875-xploitz-2-master-password-collections.html Xploitz Master Password Collection]
* [http://forums.remote-exploit.org/general-discussion/11875-xploitz-2-master-password-collections.html Xploitz Master Password Collection]



Revision as of 19:54, 29 August 2009

WPA is the precursor to WEP and filled a need as a replacement for the fully disclosed and unsecure WEP encryption.

Background

For an excellent explaination, see the Airolib-ng manual.

Tools

  • pyrit blog - Reference manual - Code details
    • Like coWPatty and Airolib-ng
    • Pre-compute PMK keys
    • Internal database over precomputed ESSID and PMK combinations
    • Can export to *.cow (coWPAtty) and *.db (Airolib-ng)
    • GPGPU acceleration
    • Strip out 4-way handshake from capture file
  • coWPAtty Main page - coWPAtty project page - Readme
    • Like Pyrite and Airolib-ng
    • WPA-PSK attack on specific ESSID and captured 4-way handshake dump
    • Passthrough from Pyrite possible (GPGPU acceleration)
    • Pre-computed PMK tables supported
    • genpmk:
      • Generate "Pairwise Master Key" table for a specific ESSID, PMK tables
      • Table-file name should end with *.cow
  • Airolib-nb
    • Like coWPatty and Pyrit
    • Precompute TMK keys and attack WPA/WPA2 handshake captures
    • Internal SQLite3 database
    • Can export and import coWPAtty files

Extra:

Word lists

These are compiled word lists and readily available.

Following simple guidelines, a good word-list can be generated. Consider the following:

  • Most people use easy to remember passwords, in this case it has to be 8 characters or over in length
  • Append 0-9 to the word, i.e. (word)1, (word)2, (word)3, ..
  • Sequence of numbers are often used, e.g. 123, 321, 999, ..
  • First letter is often upper-case
  • Short words (under 8 characters) are stringed in series of two, e.g. googlegoogle, hellohello, openopen, ..
  • Forename and surname often used

References