Andrew Whitaker is a Senior Instructor for both the InfoSec Institute and the Intense School. He is also a nationally recognized expert on information security. He has performed penetration tests on numerous financial institutions throughout the United States and has been a regular consultant to government agencies on cyber security.He is also the author of several best-selling security and networking books, including "Penetration Testing and Network Defense" (Cisco Press), "Cisco Router Configuration Handbook" (Cisco Press), and "Chained Exploits: Advanced Hacking Attacks From Start to Finish" (Addison-Wesley). He is also a frequent conference speaker and has given talks on ethical hacking at Defcon, Chicagocon, SecurePhilly, and TakeDownCon. Whitaker also holds a Master’s Degree in Computer Science. He has trained the military, government defense contractors, and intelligence agencies on cyber security, risk management, ethical hacking, reverse engineering and exploit development.
hi Andrew Whitaker,
My name is Chris.
This video is fine but the main thing i want to know how i can crack the WPA/WPA2 without a dic attack.
i tried to use the JTR with the switch INCREMENTAL pipe with jtr.i left it for 5 HOURS but no use.
whatelse i can do ? because the dic file dosnt work all the time but most of the time.
Can u Plz try to find something without dic attack.
cannt we brutforce wpa randomly?
one more thing , can you tell me where i can find the max table of rainbow table.i want to buy.
Andrew’s final comment in the video is “You can’t trust the security of WPA2”, a conclusion which he draws partly on the awful tendancy of users (and even administrators) to choose truly weak WPA/WPA2 passphrases, and more completely on the existence of rainbow tables.
There’s a nice article here http://www.renderlab.net/projects/WPA-tables/ about rainbow tables. In summary, there are available rainbow tables in the size of about 33GB which can be downloaded or purchased, and which contain tables for 1 million “words” pre-hashed over the top 1000 most common access point names. (There may be other, even larger and more complete rainbow tables available).
But, still, this relies on the confluence of a moderately common access point name and insufficiently strong passphrase.
I submit that it’s not that you can’t trust the security of WPA2, it’s that almost any security system can be used insecurely.
1. Choose something either random, or very unusual, for your access point name. e.g. “John&Fr3d’z !ccess_p[]1nt_” (I tried, and failed, to find an RFC describing the explicit rules for access point names, but it seems likely that a name could be chosen which is both descriptive and unlikely to appear in the rainbow tables)
2. Choose long, complex passphrases, preferably random, or again as above very unusual (and, due to rainbow tables, in this case “unusual” must go well beyond just “H8cker_sp3ak”).
.. or have the rainbow tables become so good and so available that there is, for practical purposes, no adequately secure combination of SSID and passphrase?
It is truly a great and useful piece of information. I’m satisfied that you simply shared this helpful info with us. Please keep us up to date like this. Thank you for sharing.
It’d be great if these programs could be run in Windows and/or if they could be entirely from an .exe file. I cracked a WEP key using Backtrack 4 and a Hawking usb wireless adapter, but that source has since left the building. I tried BT3 and BT5 but they didn’t play nice with my wireless adapter for some reason. It’s not like doing it is hard or anything, it’s just getting used to the command line, and knowing that one wrong character and you have to type the whole line over again. That’s annoying.
I don’t have a gpu accelerated cracking machine. I have tried some dictionary attacks but it didn’t work. If anyone would be willing to help me crack this WPA handshake? http://www.mediafire.com/?d5xjpi3857st2xo
meThanks in anticipation
Also you can use online GPU-accelerated services (http://www.gpuhash.com for example) for fast cracking. Tried this one last week and have one password revealed (from 3 handshakes, tough).
hai, may i ask how to crack wpa2/wpa with backtrack 4 -r1? because i cant capture the wpa handshake. Normally i do with tis step…
1.airmon-ng
2.airmon-ng start wlan
3.airodump-ng mon0
4.clear
5. airmon-ng stop mon0
6.airmon-ng start wlan0 1
7.clear
8.airodump-ng -c 1 –bssid d8:5d:4c:e6:f3:04 -w wpa mon0
9.aireplay-ng -0 3 -a d8:5d:4c:e6:f3:04 -c 04:48:4c:ff:ff:fe mon0
10.aircrack-ng -w mypass.txt wpa-01.cap
when i do the step between step 8 and 9 the handshake capture didnt appear, i hv wait for a long time about 4 hour but still no appear.
but i hv note tat the psk hv change to mgt after i do step 9.
can u help me see if my step is wrong?can give me ur step ?
hi Andrew Whitaker,
My name is Chris.
This video is fine but the main thing i want to know how i can crack the WPA/WPA2 without a dic attack.
i tried to use the JTR with the switch INCREMENTAL pipe with jtr.i left it for 5 HOURS but no use.
whatelse i can do ? because the dic file dosnt work all the time but most of the time.
Can u Plz try to find something without dic attack.
cannt we brutforce wpa randomly?
one more thing , can you tell me where i can find the max table of rainbow table.i want to buy.
cheers
chris
Andrew’s final comment in the video is “You can’t trust the security of WPA2”, a conclusion which he draws partly on the awful tendancy of users (and even administrators) to choose truly weak WPA/WPA2 passphrases, and more completely on the existence of rainbow tables.
There’s a nice article here http://www.renderlab.net/projects/WPA-tables/ about rainbow tables. In summary, there are available rainbow tables in the size of about 33GB which can be downloaded or purchased, and which contain tables for 1 million “words” pre-hashed over the top 1000 most common access point names. (There may be other, even larger and more complete rainbow tables available).
But, still, this relies on the confluence of a moderately common access point name and insufficiently strong passphrase.
I submit that it’s not that you can’t trust the security of WPA2, it’s that almost any security system can be used insecurely.
1. Choose something either random, or very unusual, for your access point name. e.g. “John&Fr3d’z !ccess_p[]1nt_” (I tried, and failed, to find an RFC describing the explicit rules for access point names, but it seems likely that a name could be chosen which is both descriptive and unlikely to appear in the rainbow tables)
2. Choose long, complex passphrases, preferably random, or again as above very unusual (and, due to rainbow tables, in this case “unusual” must go well beyond just “H8cker_sp3ak”).
.. or have the rainbow tables become so good and so available that there is, for practical purposes, no adequately secure combination of SSID and passphrase?
It is truly a great and useful piece of information. I’m satisfied that you simply shared this helpful info with us. Please keep us up to date like this. Thank you for sharing.
It’d be great if these programs could be run in Windows and/or if they could be entirely from an .exe file. I cracked a WEP key using Backtrack 4 and a Hawking usb wireless adapter, but that source has since left the building. I tried BT3 and BT5 but they didn’t play nice with my wireless adapter for some reason. It’s not like doing it is hard or anything, it’s just getting used to the command line, and knowing that one wrong character and you have to type the whole line over again. That’s annoying.
I don’t have a gpu accelerated cracking machine. I have tried some dictionary attacks but it didn’t work. If anyone would be willing to help me crack this WPA handshake?
http://www.mediafire.com/?d5xjpi3857st2xo
meThanks in anticipation
My email id is http://www.google.com/recaptcha/mailhide/d?k=01qjEzTMSs43bbrpJYYqgQlQ==&c=6td13CjLr6kTmdcCz_k_-srrHf_T0AMEejqb9wOfY1Y=
Hey general,
I’d suggest grabbing the guide at http://www.majestysecurity.com – It covers basic and advanced attacks on all types of WIFI networks..
Also you can use online GPU-accelerated services (http://www.gpuhash.com for example) for fast cracking. Tried this one last week and have one password revealed (from 3 handshakes, tough).
where to download without CD
What if the password isn´t in any worlist or rainbow table? Is there a way to reverse engineer the handshake?
hai, may i ask how to crack wpa2/wpa with backtrack 4 -r1? because i cant capture the wpa handshake. Normally i do with tis step…
1.airmon-ng
2.airmon-ng start wlan
3.airodump-ng mon0
4.clear
5. airmon-ng stop mon0
6.airmon-ng start wlan0 1
7.clear
8.airodump-ng -c 1 –bssid d8:5d:4c:e6:f3:04 -w wpa mon0
9.aireplay-ng -0 3 -a d8:5d:4c:e6:f3:04 -c 04:48:4c:ff:ff:fe mon0
10.aircrack-ng -w mypass.txt wpa-01.cap
when i do the step between step 8 and 9 the handshake capture didnt appear, i hv wait for a long time about 4 hour but still no appear.
but i hv note tat the psk hv change to mgt after i do step 9.
can u help me see if my step is wrong?can give me ur step ?