Hack Mac - Forums: WPA Cracking - Hack Mac - Forums

Jump to content

Welcome to the HackMac.org forums. You are currently viewing the boards as a guest, which gives you limited access to the features of our site. If you want to have full access to our forums and be able to post new topics, private message other users, and much more, you can register for free. Join us today!
  • (2 Pages)
  • +
  • 1
  • 2
  • You cannot start a new topic
  • You cannot reply to this topic

WPA Cracking Sequel to "WEP Cracking"

Poll: WEP Wi-Fi Cracking (21 member(s) have cast votes)

Was this tutorial helpful?

  1. Yes! (21 votes [100.00%])

    Percentage of vote: 100.00%

  2. No. (0 votes [0.00%])

    Percentage of vote: 0.00%

  3. Too complicated... (0 votes [0.00%])

    Percentage of vote: 0.00%

Vote Guests cannot vote

#1 User is offline   Nick 

  • HackMac.org Regular
  • Posts: 205
  • Joined: 03-May 11

Posted 06 May 2011 - 07:21 AM

WPA Cracking: You have WPA, but are you still safe?

This is a follow up tutorial to my previous WEP security post regarding WEP encrypted Wi-Fi keys. If you haven’t read that yet, it can be found HERE. I highly recommend viewing it first as it describes the set up, and explains the cracking process in much more depth.

In this tutorial: Packet Injection, WPA Review, and WPA Cracking

Packet Injection
I did not cover this in the last tutorial simply because it is not necessary in the process of cracking WEP. Packet injection is a genius tool that we can use to help us crack a network. Regrettably, Apple’s Airport cards do NOT support packet injection. You must have an external USB Wi-Fi card. (They have a list of tested and compatible USB devices at KisMac’s website.) Packet Injection is sending packets to the AP, causing it to respond with more packets, creating traffic on the network, and allowing you to sniff more Unique IVs. This can greatly speed up the scanning process from taking hours, to ten minutes or less. However, external cards cost money, and are not necessary for the cracking. If indeed you have purchased or already have a USB device, you can configure it in the drivers section of “preferences.”
Remember to check the box “Primary injection device” as well.

WPA Review and Details
As I mentioned in the previous tutorial, WPA (Wi-Fi Protected Access) is the best security to have for your Wi-Fi. Unlike WEP, WPA does not use a static key, but instead uses what we call a “Temporal Key Integrity Protocol”, or TKIP. This changes keys with every data packet sent or received. In theory, there would be no way to crack the key. Unfortunately, this method still doesn’t completely secure a network. Most of the home network systems use a shared pass phrase, or a common key(similar to WEP). Hackers, using a “brute force dictionary attack,” can crack real word key.
For those of you who are even more interested, WPA was made to be "uncrackable", and can be configured that way. However, to achieve this level of security, one must set up a WPA RADIUS server, which will authenticate difference clients on the network. Having a different passkey for each client, makes it impossible to crack. This RADIUS server gets pricy, and as I mentioned before, most home networks just use the PSK (the passkey) set up. Also it is believed that 9/10 home networks use a passkey that is a dictionary word. –CRACKABLE
The final curveball that WPA throws us is the need for a “handshake.” A handshake occurs when the client authenticates itself to the AP. It is important because, to attempt a brute force attack, you(your BSSID) need to be authenticated by the primary master key, (PMK). The PMK is used to authenticate the client, similar to that of a WEP security set up. However, the handshake only occurs so often. Once we have the handshake packet, we can the find the word that is associated with it, and find the PMK, which would allow us access to the network. Note, if the password is a word, it is likely it can be cracked, if it is long and contains symbols; it is unlikely it can be cracked.

Cracking WPA
Note: I am assuming you already have installed KisMac if not see, WEP Cracking
Open KisMAC…

We need to configure our drivers (NICs) so that KisMac knows which one to use:
1. Click the “KisMac” tab, and then preferences
2. We must now select our driver, from the drop down menu
3. Choose Apple Airport Extreme Card (Passive)
4. Then select “All” channels, and “Keep Everything”
5. Lastly add the driver
6. You can close preferences

Begin Scanning/Get Handshake
1. Your networks will appear as before
2. But remember, we must find the handshake!
3. We can just sit back and let KisMAC
a. If you have an external USB device, then choose “Deauthenticate” from the “Network” tab, which should speed up the process
4. How do we know when we have found the handshake? Easy. The red dot on the farthest column to the right will turn green.
5. Now we can start our crack…

Crack
1. We have options, a wordlist, alphanumeric, etc.
2. But, we will go with our dictionary wordlist first, and hope
3. Navigate to “Network”, “Crack”, “Wordlist Attack”, “Against WPA”
a. Select your wordlist (wordlists can be downloaded online) i will upload one soon!
4. Wait and hope, if your lucky the WPA was using a real word PMK, and KisMac cracked it.
5. If not you can try other alphanumeric/lowercase attacks; however if you thought your wordlist took a while to process, think again.

Remember there is always the chance that the WPA is simply not crackable.
I recommend you make yours uncrackable as well, by using WPA, and using longer, alphanumeric passwords with numbers. If you are on WEP, do the same and make a long alphanumeric password with numbers.
4

#2 User is offline   Evan Savage 

  • Staff
  • Posts: 154
  • Joined: 19-April 11

Posted 06 May 2011 - 10:05 AM

Once again, you're awesome, Nick. Great tutorial, easy to follow. Thanks so much!
0

#3 User is offline   dynamo 

  • Newbie
  • Pip
  • Posts: 6
  • Joined: 24-April 11

Posted 08 May 2011 - 01:28 AM

These two tutorials are amazing. Great job, Nick. I hope you keep posting around here, I think I could learn a lot from you!
0

#4 User is offline   computerkid14 

  • Newbie
  • Pip
  • Posts: 8
  • Joined: 03-May 11

Posted 10 May 2011 - 09:06 PM

whenever I start scanning I get an error saying it could not connect to kismet servers. What did I do wrong?
0

#5 User is offline   Nick 

  • HackMac.org Regular
  • Posts: 205
  • Joined: 03-May 11

Posted 02 June 2011 - 04:18 AM

does the error say kismet 'localhost:2501'?
0

#6 User is offline   Terreras 

  • Advanced Member
  • PipPipPip
  • Posts: 35
  • Joined: 02-May 11

Posted 24 June 2011 - 06:15 AM

Thanks for the tutorial! Great job!
0

#7 User is offline   Martho 

  • Newbie
  • Pip
  • Posts: 4
  • Joined: 08-September 11

Posted 08 September 2011 - 01:48 AM

Thankyou much this is a great tut
0

#8 User is offline   Martho 

  • Newbie
  • Pip
  • Posts: 4
  • Joined: 08-September 11

Posted 08 September 2011 - 03:13 AM

This may be a silly question but will kismac work for wpa2?

Thank you for your help in advance.
1

#9 User is offline   apollo 

  • Newbie
  • Pip
  • Posts: 5
  • Joined: 18-January 12

Posted 10 February 2012 - 04:28 AM

Can anyone please suggest a USB device that will work with Packet Injection on a Macbook Pro (2011 model)?
Thanks
Apollo
0

#10 User is offline   L3monShark 

  • HackMac.org Regular
  • Posts: 437
  • Joined: 18-February 12

Posted 05 March 2012 - 12:08 AM

Hmm this was working before but KisMAC will freeze when I change the preferences...

Also, I'm not getting any Unique IV's but I get tons of Data packets.
Why do we hackers freely give out information that even the total beginner may use as a two-edged sword of cyberspace power? We do this "to turn over to mankind at large the greatest possible power to control the world and deal with it according to its lights and values." -- Robert J. Oppenheimer, head of the Manhattan Project, which created the world's first nuclear weapons.

FEDS <3 L3MONSHARK
0

#11 User is offline   forumhero 

  • HackMac.org Regular
  • PipPipPipPip
  • Posts: 178
  • Joined: 20-October 11

Posted 26 March 2012 - 12:55 AM

my 2 cents

i use kismac 99% of the time since it's very easy to start capturing handshakes from APs but the cracking engine is dated and thus slow. i'd recommend offloading the password cracking part to a 3rd party tool like jtr, hashcat-plus (gpu), pyrit (gpu), aircrack, etc.
0

#12 User is offline   HellsBadAss 

  • HackMac.org Regular
  • PipPipPipPip
  • Posts: 458
  • Joined: 26-January 12

Posted 05 April 2012 - 02:43 AM

How to offload forumhero?
0

#13 User is offline   forumhero 

  • HackMac.org Regular
  • PipPipPipPip
  • Posts: 178
  • Joined: 20-October 11

Posted 06 April 2012 - 01:37 AM

in the "crack" section instead of using kismac to do the attack, skip all that and use the other tools i mentioned. hashcat-plus with AMD GPUs are the fastest combo
0

#14 User is offline   mezzanaccio 

  • Newbie
  • Pip
  • Posts: 1
  • Joined: 14-July 12

Posted 14 July 2012 - 07:03 PM

Hi everyone,
I don't know why but when I try to scan the networks KisMAC crashes...
any hint?

i have MacOSX 10.7.4.
0

#15 User is offline   3li 

  • Newbie
  • Pip
  • Posts: 1
  • Joined: 12-August 12

Posted 12 August 2012 - 09:20 AM

I have the same issue in 10.8, I am guessing it can't be run on lion / mountain lion.


View Postmezzanaccio, on 14 July 2012 - 07:03 PM, said:

Hi everyone,
I don't know why but when I try to scan the networks KisMAC crashes...
any hint?

i have MacOSX 10.7.4.

0

#16 User is offline   L3monShark 

  • HackMac.org Regular
  • Posts: 437
  • Joined: 18-February 12

Posted 12 August 2012 - 06:23 PM

View Postmezzanaccio, on 14 July 2012 - 07:03 PM, said:

Hi everyone,
I don't know why but when I try to scan the networks KisMAC crashes...
any hint?

i have MacOSX 10.7.4.


In the "Drivers" preferences, turn off channels 12, 13, and 14. That should fix your problem.
Why do we hackers freely give out information that even the total beginner may use as a two-edged sword of cyberspace power? We do this "to turn over to mankind at large the greatest possible power to control the world and deal with it according to its lights and values." -- Robert J. Oppenheimer, head of the Manhattan Project, which created the world's first nuclear weapons.

FEDS <3 L3MONSHARK
0

#17 User is offline   iPower- 

  • Newbie
  • Pip
  • Posts: 1
  • Joined: 06-October 12

Posted 06 October 2012 - 08:14 PM

hello, i have kismac and i have followed the tutorial and Clicked the “KisMac” tab, and then preferences
i have selected the driver, from the drop down menu Chose Apple Airport Extreme Card (Passive) Then selected “All” channels, and “Keep Everything”
Lastly added the driver. then i pressed start scan and it crashed
what do i have to do i have i have MacOSX 10.8.1
0

#18 User is offline   Extravanganza.gomez 

  • Newbie
  • Pip
  • Posts: 1
  • Joined: 15-October 12

Posted 15 October 2012 - 09:36 PM

View PostNick, on 06 May 2011 - 07:21 AM, said:

WPA Cracking: You have WPA, but are you still safe?

This is a follow up tutorial to my previous WEP security post regarding WEP encrypted Wi-Fi keys. If you haven’t read that yet, it can be found HERE. I highly recommend viewing it first as it describes the set up, and explains the cracking process in much more depth.

In this tutorial: Packet Injection, WPA Review, and WPA Cracking

Packet Injection
I did not cover this in the last tutorial simply because it is not necessary in the process of cracking WEP. Packet injection is a genius tool that we can use to help us crack a network. Regrettably, Apple’s Airport cards do NOT support packet injection. You must have an external USB Wi-Fi card. (They have a list of tested and compatible USB devices at KisMac’s website.) Packet Injection is sending packets to the AP, causing it to respond with more packets, creating traffic on the network, and allowing you to sniff more Unique IVs. This can greatly speed up the scanning process from taking hours, to ten minutes or less. However, external cards cost money, and are not necessary for the cracking. If indeed you have purchased or already have a USB device, you can configure it in the drivers section of “preferences.”
Remember to check the box “Primary injection device” as well.

WPA Review and Details
As I mentioned in the previous tutorial, WPA (Wi-Fi Protected Access) is the best security to have for your Wi-Fi. Unlike WEP, WPA does not use a static key, but instead uses what we call a “Temporal Key Integrity Protocol”, or TKIP. This changes keys with every data packet sent or received. In theory, there would be no way to crack the key. Unfortunately, this method still doesn’t completely secure a network. Most of the home network systems use a shared pass phrase, or a common key(similar to WEP). Hackers, using a “brute force dictionary attack,” can crack real word key.
For those of you who are even more interested, WPA was made to be "uncrackable", and can be configured that way. However, to achieve this level of security, one must set up a WPA RADIUS server, which will authenticate difference clients on the network. Having a different passkey for each client, makes it impossible to crack. This RADIUS server gets pricy, and as I mentioned before, most home networks just use the PSK (the passkey) set up. Also it is believed that 9/10 home networks use a passkey that is a dictionary word. –CRACKABLE
The final curveball that WPA throws us is the need for a “handshake.” A handshake occurs when the client authenticates itself to the AP. It is important because, to attempt a brute force attack, you(your BSSID) need to be authenticated by the primary master key, (PMK). The PMK is used to authenticate the client, similar to that of a WEP security set up. However, the handshake only occurs so often. Once we have the handshake packet, we can the find the word that is associated with it, and find the PMK, which would allow us access to the network. Note, if the password is a word, it is likely it can be cracked, if it is long and contains symbols; it is unlikely it can be cracked.

Cracking WPA
Note: I am assuming you already have installed KisMac if not see, WEP Cracking
Open KisMAC…

We need to configure our drivers (NICs) so that KisMac knows which one to use:
1. Click the “KisMac” tab, and then preferences
2. We must now select our driver, from the drop down menu
3. Choose Apple Airport Extreme Card (Passive)
4. Then select “All” channels, and “Keep Everything”
5. Lastly add the driver
6. You can close preferences

Begin Scanning/Get Handshake
1. Your networks will appear as before
2. But remember, we must find the handshake!
3. We can just sit back and let KisMAC
a. If you have an external USB device, then choose “Deauthenticate” from the “Network” tab, which should speed up the process
4. How do we know when we have found the handshake? Easy. The red dot on the farthest column to the right will turn green.
5. Now we can start our crack…

Crack
1. We have options, a wordlist, alphanumeric, etc.
2. But, we will go with our dictionary wordlist first, and hope
3. Navigate to “Network”, “Crack”, “Wordlist Attack”, “Against WPA”
a. Select your wordlist (wordlists can be downloaded online) i will upload one soon!
4. Wait and hope, if your lucky the WPA was using a real word PMK, and KisMac cracked it.
5. If not you can try other alphanumeric/lowercase attacks; however if you thought your wordlist took a while to process, think again.

Remember there is always the chance that the WPA is simply not crackable.
I recommend you make yours uncrackable as well, by using WPA, and using longer, alphanumeric passwords with numbers. If you are on WEP, do the same and make a long alphanumeric password with numbers.


What "Wordlist" is better on can i download on the internet that will work well with you tutorial and KisMac?
0

#19 User is offline   giu989 

  • Newbie
  • Pip
  • Posts: 1
  • Joined: 07-February 13

Posted 09 February 2013 - 11:45 AM

Hello, thank you very much for the tutorial, but however I still have a problem with hacking wpa2. I am trying to crack my own network, so far, with no success. I manage, after a while, to get a green light, potentially allowing me to make an attack. I go on network, crack, world list, against wpa. I then select my txt file and nothing happens. The select folder option just disappears and the cracking options become 'whited out' (no longer selectable). Not even an error, nothing. I have done everything in the tut as said but with no luck. Is there any way to resolve this? A reply would be greatly appreciated Thanks in advance!

Ps: I have read the specifications for the dictionary files in the help support, but do you have to put a blank line at the start if the file, and is there supposed to be a space between the words? Thanks once more!

Hardware and software info: mac book pro 2011 (late)
OSX 10.8.2
Kismac 0.3.4 (beta. For the official release would crash whenever I put passive mode)
Apple AirPort Extreme with wpa2 encryption
0

#20 User is offline   joulka 

  • Newbie
  • Pip
  • Posts: 5
  • Joined: 22-May 13

Posted 16 July 2013 - 05:53 AM

 L3monShark, on 05 March 2012 - 12:08 AM, said:

Hmm this was working before but KisMAC will freeze when I change the preferences...

Also, I'm not getting any Unique IV's but I get tons of Data packets.


You can get kismac 0.3.4 beta, which works for me. Download link: https://s3.amazonaws...ac2/KisMac2.zip
Recipe of one of my day:
•1-5 hacks/computer tricks
•2-6 key-logging check
•some Skype trolling
•5-15 minutes of remote desk topping school admins
0

Share this topic:


  • (2 Pages)
  • +
  • 1
  • 2
  • You cannot start a new topic
  • You cannot reply to this topic

2 User(s) are reading this topic
0 members, 2 guests, 0 anonymous users