Difference between revisions of "WPA Attack"

WPA is the precursor to WEP and filled a need as a replacement for the fully disclosed and unsecure WEP encryption.

Background

For an excellent explaination, see the Airolib-ng manual.

• The twilight of Wi-Fi Protected Access
• IEEE 802.11i Wikipedia page

Tools

• pyrit blog - Reference manual - Code details
  • Like coWPatty and Airolib-ng
  • Pre-compute PMK keys
  • Internal database over precomputed ESSID and PMK combinations
  • Can export to *.cow (coWPAtty) and *.db (Airolib-ng)
  • GPGPU acceleration

• coWPAtty Main page - coWPAtty project page - Readme
  • Like Pyrite and Airolib-ng
  • WPA-PSK attack on specific ESSID and captured 4-way handshake dump
  • Passthrough from Pyrite possible (GPGPU acceleration)
  • Pre-computed PMK tables supported
  • genpmk:
    • Generate "Pairwise Master Key" table for a specific ESSID, PMK tables
    • Table-file name should end with *.cow

• Airolib-nb
  • Like coWPatty and Pyrit
  • Precompute TMK keys and attack WPA/WPA2 handshake captures
  • Internal SQLite3 database
  • Can export and import coWPAtty files

Extra:

• Church of Wifi wpa-psk rainbow tables
  • Pre-computed TMK key tables, 1 million words computed for the top 1000 SSID's
  • 7 and 33 GB torrents
  • Hak5 single tables downloads

Word lists

These are compiled word lists and readily available.

• Church of Wifi wordlists - passwords2 (2.1 MB) and 9-final-wordlist (11 MB)
• Outpost9.com (direct) - dic-0294 (8.04 MB) (reference)
• Openwall wordlists - Multiple languages, small fee
• The Argon various wordlists - There are WPA versions of these lists
• Xploitz Master Password Collection

References

• Cracking WPA FAST with video cards
• Remote-Exploit forums - Great community and resource
• Creating Custom Password Lists
• pyrit CUDA nvidia Tutorial + Nvidia overclock instructions
• BT4 (pre)final ATI guide