Difference between revisions of "WPA Attack"
From ivc wiki
Jump to navigationJump to search
| Line 44: | Line 44: | ||
* [http://www.outpost9.com/files/WordLists.html Outpost9.com] ([http://www.outpost9.com/files/wordlists/dic-0294.zip direct]) - dic-0294 (8.04 MB) ([http://forums.remote-exploit.org/bt4beta-howtos/20095-pyrit-cuda-nvidia-tutorial-nvidia-overclock-instructions.html reference]) | * [http://www.outpost9.com/files/WordLists.html Outpost9.com] ([http://www.outpost9.com/files/wordlists/dic-0294.zip direct]) - dic-0294 (8.04 MB) ([http://forums.remote-exploit.org/bt4beta-howtos/20095-pyrit-cuda-nvidia-tutorial-nvidia-overclock-instructions.html reference]) | ||
* [http://www.openwall.com/wordlists/ Openwall wordlists] - Multiple languages, small fee | * [http://www.openwall.com/wordlists/ Openwall wordlists] - Multiple languages, small fee | ||
* [http://www.theargon.com/achilles/wordlists/ The Argon various wordlists] - There are WPA versions of these lists | * [http://www.theargon.com/achilles/wordlists/ The Argon various wordlists] - There are WPA versions of these lists, see Xploitz below | ||
* [http://forums.remote-exploit.org/general-discussion/11875-xploitz-2-master-password-collections.html Xploitz Master Password Collection] | * [http://forums.remote-exploit.org/general-discussion/11875-xploitz-2-master-password-collections.html Xploitz Master Password Collection] | ||
Revision as of 20:54, 29 August 2009
WPA is the precursor to WEP and filled a need as a replacement for the fully disclosed and unsecure WEP encryption.
Background
For an excellent explaination, see the Airolib-ng manual.
Tools
- pyrit blog - Reference manual - Code details
- Like coWPatty and Airolib-ng
- Pre-compute PMK keys
- Internal database over precomputed ESSID and PMK combinations
- Can export to *.cow (coWPAtty) and *.db (Airolib-ng)
- GPGPU acceleration
- Strip out 4-way handshake from capture file
- coWPAtty Main page - coWPAtty project page - Readme
- Like Pyrite and Airolib-ng
- WPA-PSK attack on specific ESSID and captured 4-way handshake dump
- Passthrough from Pyrite possible (GPGPU acceleration)
- Pre-computed PMK tables supported
- genpmk:
- Generate "Pairwise Master Key" table for a specific ESSID, PMK tables
- Table-file name should end with *.cow
- Airolib-nb
- Like coWPatty and Pyrit
- Precompute TMK keys and attack WPA/WPA2 handshake captures
- Internal SQLite3 database
- Can export and import coWPAtty files
Extra:
- Church of Wifi wpa-psk rainbow tables
- Pre-computed TMK key tables, 1 million words computed for the top 1000 SSID's
- 7 and 33 GB torrents
- Hak5 single tables downloads
Word lists
These are compiled word lists and readily available.
- Church of Wifi wordlists - passwords2 (2.1 MB) and 9-final-wordlist (11 MB)
- Outpost9.com (direct) - dic-0294 (8.04 MB) (reference)
- Openwall wordlists - Multiple languages, small fee
- The Argon various wordlists - There are WPA versions of these lists, see Xploitz below
- Xploitz Master Password Collection
Following simple guidelines, a good word-list can be generated. Consider the following:
- Most people use easy to remember passwords, in this case it has to be 8 characters or over in length
- Append 0-9 to the word, i.e. (word)1, (word)2, (word)3, ..
- Sequence of numbers are often used, e.g. 123, 321, 999, ..
- First letter is often upper-case
- Short words (under 8 characters) are stringed in series of two, e.g. googlegoogle, hellohello, openopen, ..
- Forename and surname often used
