Cracking WPA - WPA2 For Non-Dictionary Passphrase - ClubHACK Magazine

10/1/2016
CrackingWPA/WPA2forNonDictionaryPassphraseClubHACKMagazine
CLUBHACK (HTTP://WWW.CLUBHACK.COM/)
ABOUT (HTTP://WWW.CHMAG.IN/ABOUT-US/)
CONTACT US (HTTP://WWW.CHMAG.IN/CONTACT-PAGE/)
SUBSCRIBE (HTTP://WWW.CHMAG.IN/SUBSCRIBE-PAGE/)
Home (Https://Www.Chmag.In) Toolgyan (Https://Www.Chmag.In/Category/Toolgyan/) Cracking WPA/WPA2 for NonDictionary Passphrase
Cracking WPA/WPA2 for Non-Dictionary

Passphrase
By chmag (https://www.chmag.in/author/chmag/) September 17, 2012
WPA/WPA2 password can be cracked simply by capturing WPA handshake and then apply dictionary. And if passphrase is in
dictionary then password will be cracked. But what if password is not in dictionary? Are there other ways to crack the nondictionary passphrases? Lets see them
First we will look the basics of WPA/2 crackingSTEP 1: Start wireless monitor mode.
STEP2: Then capture the WPA handshake.
https://www.chmag.in/crackingwpawpa2fornondictionarypassphrase/
1/16
10/1/2016
STEP3: And then apply dictionary
STEP4: Provide .cap file to aircrack-ng with darkc0de.lst dictionary.
Here we cracked the passphrase in around 9 mins.

If client are already connected, and not getting handshake, then use:
aireplayngdeauth10a<bssid><interface>
But even aer all the steps followed, if the passphrase in not in dictionary then you will get message as: passphrase not in
dictionary
2/16
10/1/2016
And the other interesting note while keeping WPA passphrase is:
The basic idea while cracking any passphrase comes is Brute-Force attack. So why not brute force the .cap file?
We can do the same by piping the crunch output with aircrack-ng tool as shown below:-
It cracked the password in about~ 23 mins.
3/16
10/1/2016
But you can clearly see that I have provided only 6 small letters as input. What if you provided all alphabets?
With my single lapy I have to wait till 11 years! And again the passphrase may contain numbers, digits and special symbols too
So brute-force would not be e ective way with single system.

So here we will do something interesting
WPS:- As per Wiki, Wi-Fi Protected Setup (WPS; originally Wi-Fi Simple Config) is a computing standard that attempts to allow
easy establishment of a secure wireless home network. By default this is enabled in most of routers.
Reaver is fantastic tool to crack this WPS pin written by Craig He ner. It performs a brute force attack against the AP,
attempting every possible combination in order to guess the AP's 8 digit pin number. Since the pin numbers are all numeric,
there are 10^8 (100,000,000) possible values for any given pin number. However, because the last digit of the pin is a
checksum value which can be calculated based on the previous 7 digits, that key space is reduced to 10^7 (10,000,000)
possible values.
The key space is reduced even further due to the fact that the WPS authentication protocol cuts the pin in half and validates
each half individually.
4/16
10/1/2016
Reaver brute forces the first half of the pin and then the second half of the pin, meaning that the entire key space for the WPS
pin number can be exhausted in 11,000 attempts.
Here I am giving screenshot of my Dlink DIR-615 router.
Above screenshot is of default setting in the router. Here the pin is: 65020920
So here key concept is that we can brute-force that pin, and can get all the credentials kept for Access Point which can be any
combination of digits, special symbols (simply no matter ) .
STEP1: Scan the air for these WPS systems with wash
So here two access points are available. We will go with first one.
5/16
10/1/2016
Aer 23864 seconds
Passphrase R0ck$t@R was cracked along with pin: 65020920

But this is not the end. What if victim gets suspected on suddenly decrease in bandwidth, and changed the passphrase. So
again do we need to brute-force for 6-10 hours?
The answer is simply No
As along with passphrase we have also received the pin.
So from now apply pin and get the passphrase as below:
Aer only 3 seconds
6/16
10/1/2016
Passphrase: N0nec@nh@ckthis1
At first glance one may think that as I mentioned Dlink DIR-615 router but what about others?
So I scanned the air, and got Belkin!
So, most of the new routers are with this WPS facility. And WPS is enabled by default. So no matter which password you kept
it can be cracked.
Countermeasures
1. Disable WPS
2. Keep non-dictionary passphrase with any combinations!
Ex: R0ck$t@R
References
1. SecuritytubeWlan security Megaprimer
2. Tactical Network Solutions articles
7/16
10/1/2016
About LatestPosts
Chmag (Https://Www.Chmag.In/Author/Chmag/)
(https://www.chmag.in/author/chmag/)
Share this article with:
(https://facebook.com/sharer/sharer.php?u=https://www.chmag.in/cracking-wpawpa2-for-non-dictionary-
passphrase/)
(https://twitter.com/share?url=https://www.chmag.in/cracking-wpawpa2-for-non-dictionary-
passphrase/&text=Cracking WPA/WPA2 for Non-Dictionary Passphrase)
url=https://www.chmag.in/cracking-wpawpa2-for-non-dictionary-passphrase/)
(https://plus.google.com/share?
(https://www.linkedin.com/shareArticle?url=https://www.chmag.in/cracking-wpawpa2-for-non-dictionarypassphrase/)
PREVIOUS ARTICLE
Issue 31, August 2012 (https://www.chmag.in/issue-31-august-2012/)

NEXT ARTICLE
Swaroop D. Yermalkar (https://www.chmag.in/swaroop-d-yermalkar/)
Articles you may like
(https://www.chmag.in/android-security-apps/)
8/16
10/1/2016
TOOLGYAN (https://www.chmag.in/category/toolgyan/)
Android Security Apps (https://www.chmag.in/android-security-apps/)

By chmag (https://www.chmag.in/author/chmag/)
(https://www.chmag.in/truecrypt/)
TrueCrypt (https://www.chmag.in/truecrypt/)
(https://www.chmag.in/detecting-and-exploiting-xss-with-xenotix-xss-exploit-framework/)
Detecting and Exploiting XSS with Xenotix XSS Exploit Framework (https://www.chmag.in/detecting-and-exploitingxss-with-xenotix-xss-exploit-framework/)
9/16
10/1/2016
(https://www.chmag.in/firecat/)
FireCAT (https://www.chmag.in/firecat/)
(https://www.chmag.in/malwarebytes-to-remove-fake-antivirus/)
Malwarebytes to remove Fake Antivirus (https://www.chmag.in/malwarebytes-to-remove-fake-antivirus/)

10/16
10/1/2016
(https://www.chmag.in/owasp-dirbuster-bruteforcing-the-web/)
(https://www.chmag.in/microso-baseline-security-analyzer/)
OWASP DirBuster Bruteforcing the Web (https://www.chmag.in/owasp-dirbuster-bruteforcing-the-web/)
Microso Baseline Security Analyzer (https://www.chmag.in/microso-baseline-security-analyzer/)
(https://www.chmag.in/kautilya/)
AUTHOR (https://www.chmag.in/category/author/) TOOLGYAN (https://www.chmag.in/category/toolgyan/)
Kautilya (https://www.chmag.in/kautilya/)
11/16
10/1/2016
(https://www.chmag.in/scapy-primer/)
Scapy Primer (https://www.chmag.in/scapy-primer/)

0Comments
http://www.chmag.in/
Recommend
Share
Login
SortbyBest
Startthediscussion
Bethefirsttocomment.
Subscribe d AddDisqustoyoursiteAddDisqusAdd
Privacy
Latest Comic
12/16
10/1/2016
(https://www.chmag.in/comic/wanna-use-password-everywhere/)
Wanna Use the Same Password Everywhere? (https://www.chmag.in/comic/wanna-use-passwordeverywhere/)
Newsletter
Join a mailing list to recieve or participate in its discussions via email
First Name*
Last Name*
Email
CHMag Newsletter
ClubHack Comics
ClubHack Updates
SUBMIT
Facebook
13/16
10/1/2016
ClubHack
9,661likes
LikePage
UseApp
Bethefirstofyourfriendstolikethis
Twitter
14/16
10/1/2016
clubhack@clubhack
[Comic]Wannausethesamepasswordeverywhere?chmag.in/comic/wannaus#infosec
10Jul
clubhack@clubhack
Weareproudtobeassociatedwith@_c0c0n_happeningonAug19202016atKeralais
ra.org/c0c0n/#infosec
Join the conversation (https://twitter.com/clubhackmag)
2016 ClubHack Magzine

Contact Us (http://www.chmag.in/contact-page/)
Subscribe (http://www.chmag.in/subscribe-page/)
15/16
10/1/2016
CHMag News App available for download on

(https://play.google.com/store/apps/details?id=ch.news)
mag/id985508289?mt=8)
(https://itunes.apple.com/us/app/clubhack-
(https://www.microso.com/en-us/store/apps/chmag/9nblggh1mk47)
(https://chrome.google.com/webstore/detail/chmag-news/imgjjcoeegpaejmaacagaofgkkobjjek)
(https://addons.mozilla.org/en-US/firefox/addon/chmag/)
(http://app.chmag.in/download/chmagnews_1.0.0.safariextz)
(http://app.chmag.in/)
16/16

Cracking WPA - WPA2 For Non-Dictionary Passphrase - ClubHACK Magazine

Încărcat de

Informații document

Titlu original

Drepturi de autor

Formate disponibile

Partajați acest document

Partajați sau inserați document

Opțiuni de partajare

Vi se pare util acest document?

Este necorespunzător acest conținut?

Drepturi de autor:

Formate disponibile

Cracking WPA - WPA2 For Non-Dictionary Passphrase - ClubHACK Magazine

Încărcat de

Drepturi de autor:

Formate disponibile

10/1/2016

Home (Https://Www.Chmag.In) Toolgyan (Https://Www.Chmag.In/Category/Toolgyan/) Cracking WPA/WPA2 for NonDictionary Passphrase

Cracking WPA/WPA2 for Non-Dictionary

STEP2: Then capture the WPA handshake.

STEP3: And then apply dictionary

STEP4: Provide .cap file to aircrack-ng with darkc0de.lst dictionary.

Here we cracked the passphrase in around 9 mins.

It cracked the password in about~ 23 mins.

So brute-force would not be e ective way with single system.

Aer 23864 seconds

Passphrase R0ck$t@R was cracked along with pin: 65020920

Aer only 3 seconds

Share this article with:

passphrase/&text=Cracking WPA/WPA2 for Non-Dictionary Passphrase)

Issue 31, August 2012 (https://www.chmag.in/issue-31-august-2012/)

Swaroop D. Yermalkar (https://www.chmag.in/swaroop-d-yermalkar/)

Articles you may like

Android Security Apps (https://www.chmag.in/android-security-apps/)

Malwarebytes to remove Fake Antivirus (https://www.chmag.in/malwarebytes-to-remove-fake-antivirus/)

AUTHOR (https://www.chmag.in/category/author/) TOOLGYAN (https://www.chmag.in/category/toolgyan/)

Scapy Primer (https://www.chmag.in/scapy-primer/)

Wanna Use the Same Password Everywhere? (https://www.chmag.in/comic/wanna-use-passwordeverywhere/)

Join the conversation (https://twitter.com/clubhackmag)

2016 ClubHack Magzine

CHMag News App available for download on

S-ar putea să vă placă și