ziadomran
I've been working for months on hacking networks with WEP security type. It's easy, so any noob can do it... And I'm a noob...
I was using Backtrack 4 R2 in cracking WEP keys. I searched for cracking WPA and WPA2 security type networks, and I always find some kind of passwordlist.txt needed. However, I have to move the .txt file to Backtrack and I don't know how to do it..
If anyone can help me; tell me how to move it, tell me another way to crack the networks.. I will be thankful.
P.S:
• I use Backtrack 4 R2 on a bootable USB, so I run BT from the USB when i turn it on.
• I don't hack networks to harm my neighbors or something... It's kind of fun.
Plus, I want to try sniffing packets..
So as you can see, my dream is being a hacker. (Ethical hacker you can say)
shant
well im not sure if im allowed to help, but... what kind of router are you using and did you had to replace drivers? LOL
ziadomran
I'm using Linksys, but I don't know what kind of router my neighbors use..
Now I'm active on a Blink network, so I guess it's Blink.. Maybe?
yasamoka
Isn't WPA2 uncrackable by other than brute force?
Kassem
yasamoka wroteIsn't WPA2 uncrackable by other than brute force?
WPA2 uses AES as its encryption algorithm. I doubt you can crack it using brute force. I actually doubt you can crack it in the first place. But I could be wrong...
ziadomran
We can't even crack WPA?
m0ei
You can crack WPA/WPA2 with Bruteforce or Dictionary attack.
You can make a dictionary file using JTR (John the Reaper) available as a tool on any Pentesting OS.
Also to crack a WPA/WPA2 you need a catch a 4 way handshake, to know what i mean is to use Wireshark and sniff the air, if you catch the 4 EAPOL packets that means you got the handshake. Actually if you're using Aircrack-ng tool, you will see on the top right that a handshake has been captured.
You can also speed up the WPA/WPA2 PSK cracking (using GPU, you can reach around 50000 PMKs/s) and you can crack the WPA/WPA2-PSK passwords with just the Client.
m0ei
Kassem wroteyasamoka wroteIsn't WPA2 uncrackable by other than brute force?
WPA2 uses AES as its encryption algorithm. I doubt you can crack it using brute force. I actually doubt you can crack it in the first place. But I could be wrong...
Actually WPA/WPA2 AES, can be cracked as the others.
rolf
Well I don't want to get in your way, but are you sure you want to spend you time on that?
In any case I didn't welcome you here, so... welcome :)
If you really want to do this, then good luck :). I think WPA2 is hard to crack. I wish nuclearcat could tell you what he thinks about it, but he's not posting very often lately. And if he does, then I hope you will understand what he's trying to explain!
I know almost nothing about cracking WPA2, so I'm curious too.
ziadomran
Thanks m0ei for your help, although it's not so helpful! But I appreciate it anyway, and I will give it a try on Monday; cause right now, I'm kind of sleepy! :-P
And rolf, I spent months searching the best way to crack WEP! So I would gladly wait till nuclearcat post anything here, or even someone else help me..
I forgot to thank you for your welcome! I'm not a geek, but I want to become one..
And you are welcome here, whenever I can help, I'm ready.. No matter how little..
m0ei
Actually i didn't read your first post, so i see that you still have a very log way to go.
First, you don't know how to copy/move files from/to BT ?
Your using a BT live cd.
Lets say that you have the dictionary files (txt files) on another USB. You need to mount it first.
1) make a directory, in /mnt.
command: mkdir /mnt/usb1 (usb1 for example)
to make sure that the directory has been created, just use the "ls" command.
2) You need to mount your USB flash drive, but you need to know which one is your drive.
you can use " fdisk -l", it will list all the flash and hard drives connected. So check the size of yor usb flash drive and choose the one with the same size. You will see " /dev/sda1.... or /dev/sdb1... "
3) Now mount your usb flash drive in the directory you made in step 1.
command: mount /dev/sda1 /mnt/usb1 (sda1 could be sda3 for you, just an example)
Second, Do you know how wep cracking works on a packet level ? or just memorizing the steps ?
battikh
I don't think a dictionary file downloaded from the internet will be very efficient to do a dictionary attack on WPA in Lebanon. People would usually use their names, family names, address, ... which are usually in arabic, and wont be available in most dictionaries you will find online.
One thing to consider trying is bruteforcing with just numbers, as many people use their phone numbers as WPA pre shared keys, and which shouldn't take more than a minute to complete, so it's worth it. (combinations with 961, 00961 and +961 should also be tried).
But anyways, if you're truly trying it just for learning purposes, then set up your own wireless network, set a WPA preshared key that would be available in the dictionary file (or even just generate your own with just few words, again, it's just for testing/experimenting), and then try to crack it and see if you succeed.
The-MMMs
what wificard or adapter are you using ?
I always found troubles with backtrack in general, specifically with my card, and the Wiki was no help to me much (well to me at least)
mind linking to any guides you followed ?
battikh
For compatible wireless cards:
http://www.backtrack-linux.org/wiki/index.php/Wireless_Drivers
I have personally used a D-Link dongle, but I don't have the exact model number with me.
For guides, Youtube is filled with them:
http://www.youtube.com/results?search_query=wpa+cracking+backtrack
But again, it's much more important and interesting to understand the concept behind it than just blindly copy pasting commands.
AVOlio
Hey guys, i once did a research about cracking wireless signals and open their internet. i came to a solution that only Wep security types are crackable nothing else.
Anyhow,i red some of your posts in this topic and may i ask. Do i need a router to crack the wireless signals? i do not get it, or i just run the program Backtrack on my laptop and get the password of the signal and then start using the internet (and running backtrack with all its details,i know its not just click and crack program)
Well anyway if anyone of you guys know how to crack Wep keys and has done it before and started using their neighboors internet please share us the experience, its all WEP keys here in my neighberhood !!!
AvoK95
forget about cracking WPA and WPA2 encryption
it takes too long and it may not even work
Joe
This quote comes from the people who came the closest to effectively crack AES.
"To put this into perspective: on a trillion machines, that each could test a billion keys per second, it would take more than two billion years to recover an AES-128 key," the Leuven University researcher added. "Because of these huge complexities, the attack has no practical implications on the security of user data."
source
Cracking WPA is probably more difficult than climbing Mount Everest, walking on your hands. If you want to have fun and impress your friends, stick to cracking WEP. In any case, it's still way too commonly used, so you won't have any troubles finding WEP encrypted signals.
Georges
m0ei wroteKassem wroteyasamoka wroteIsn't WPA2 uncrackable by other than brute force?
WPA2 uses AES as its encryption algorithm. I doubt you can crack it using brute force. I actually doubt you can crack it in the first place. But I could be wrong...
Actually WPA/WPA2 AES, can be cracked as the others.
Everything can be cracked. It's just a matter of time.
It all depends on the password. And the stupidity of the person setting up this password.
Short and non-complex passwords can be cracked. Long and more complex passwords require more time.
Stronger passwords
m0ei
Most Lebanese use their phone numbers as a WPA/WPA2 pass, that takes couple of minutes to be cracked.
But the best way to crack the passes in a fast way is to use the GPU, you only need to configure your nVidia card with CUDA under Linux.
Georges
m0ei wroteMost Lebanese use their phone numbers as a WPA/WPA2 pass, that takes couple of minutes to be cracked.
But the best way to crack the passes in a fast way is to use the GPU, you only need to configure your nVidia card with CUDA under Linux.
*winks*
http://www.golubev.com/hashgpu.htm *winks*....
I tested this btw. Pretty amazing speeds.
From the above page wroteStarting from [aaaa]
Hash type: MD5, Hash: cbe1d6d5800ec1e03a5f2a64882a0d41
We're running at ATI and NVIDIA GPUs simultaneously. It isn't that common situation, so some issues possible.
Device #0: [RV830] 850.00 Mhz 800 SP
Device #1: [RV7x0] 750.00 Mhz 640 SP
Device #2: [GeForce 8600 GT] 1188.00 Mhz 32 SP
Hardware monitoring disabled.
CURPWD: 66owsnc DONE: 51.02% ETA: 13s CURSPD: 2756.0M=1646.0M+1017.4M+92.6M
Found password: [roger15], HEX: 72 6f 67 65 72 31 35
Processed 42 228 252 672 passwords in 16s.
Thus, 2 731 452 307 password(s) per second in average.