How To Crack WPA / WPA2

thiggins · #1 09-24-2008, 02:07 PM

Wireless networks secured by WPA / WPA2 can be cracked. But it's not as easy as cracking WEP. [article link]

#2 09-24-2008, 06:02 PM

im a newbie to this hackin lark really. its them live help vids that got me successful at the WEP crack. with the permition of my neighbour, i had a go of there WEP network and succeeded. Now im tryna do the dreaded WPA network and i cant seem to get it off the ground. i cant even get the 'handshake' thing. Does that only happen when the user is logging on or can it work if there online, period? or doesnt it matter? and how do i know in the program kismet/airodump that they are; going online/online already/not online? ive tried doin the dictionary thing aswell by puttin a text file in root directory called dictionary, filled it up with 5,200 words, one word per start line, used it in the commands and it just says: 'no such directory'. Its doin me nut in! what am i doin wrong? email me @ ash_lee_g@hotmail.com or reply to this thread if u can help. thanx alot...

Ash-Lee

jdabbs · #3 09-24-2008, 06:26 PM

Set up a network of your own and play around with the tools. A hour or two to familiarize yourself will help you understand what's going on in the background.

Esurnir · #4 09-30-2008, 11:15 AM

The original handshake will happen when one of the users connect to the wifi network (typically, when he start his computer or after a connection loss).

You can check if you captured an handshake by going in wireshark opening the dump files and using the filter eapol.

#5 10-13-2008, 06:50 PM

Erm, call me silly but

"..poor little laptop can only crunch about 35 hashes a second.."

is commented at one point, and then:

"..testing 3740 keys took 35 seconds.."

One's 35, the other is 100... So which is correct?

ronnald smith · #6 11-22-2008, 10:44 AM

hi,crack wpa very difficult to me because want read the password very long time.1 time i read 12hour around 8million key but fail.
now i just focus for wep.very simple to get the key.
i use vmware in windows+usb wifi..no need type command.just type 1,2,3,4 and finish..i can crack around 3 minute..
for newbie can find here Tutorial WEP Cracking In 3 Minute

can someone help me what the best software to read the handshake very fast?i use aircrack but just 200key/second.take long time to read the hankshake.i use dual core processor and aircrack make my notebook cpu 100% usage..helpp...

jdabbs · #7 11-23-2008, 01:17 PM

Deauthing a client is a fast way to force an EAPOL handshake.
If by "read" you meant "crack," the fastest method is the Church of WiFi's WPA hash tables, located here. The tables are precomputed hashes of one million passwords, for a thousand of the most common SSIDs.

If your target network isn't one of the thousand SSIDs in the hash tables, you'd have to manually compute the hashes, which is what it sounds like you're doing now. The recently-introduced Pyrit allows hash computation to be performed by CUDA-supporting GPUs (newer Nvidia cards). The current top of the line card, the GTX 280 (~$450), can break 11k keys/second.

#8 11-27-2008, 03:16 AM

I've followed the instructions for cracking WPA w/ no clients;
airmon-ng stop...start ....
airodump-ng ....
aireplay-ng -0 5 -a"" ath0
aircrack-ng -w ....

I've never gotten a handshake can someone please help me through the steps.

Thanks

jdabbs · #9 11-29-2008, 05:45 PM

Reread the tutorial; you won't find a clientless technique as the handshake is conducted between the client and the AP.
You won't get very far without a client.

#10 12-18-2008, 09:34 PM

im very new at this, and I dont actually have any of this stuff running...but once a client authenticates, how do you capture the handshake into the .dump file? or does it do it automatically?