Tuesday, 11 September 2012

Brute forcing WPA/WPA2 handshake with john the ripper

Please refer to this article for a tutorial on how to obtain a handshake.

How to crack WPA/WPA 2 with aircrack-ng (Backtrack 5) 

The limitation of a dictionary attack is that unless the password is in your dictionary file, your attack won't be successful. Another way to obtain the password is to brute force it with john the ripper. In theory it is possible to crack ANY password with this method, but it might take a million years to crack a full 128 ASCII characters password with your computer.

Ok, the command:

This was on Backtrack
/pentest/password/jtr/john --stdout --incremental:all | aircrack-ng -b (bssid) -w file.cap (wpa handshake file)

Debian
sudo apt-get install john
/usr/sbin/john --stdout --incremental:all | aircrack-ng -b (bssid) -w file.cap (wpa handshake file)


By default john will only try passwords with 8 characters or less. However, the minimum  pass-phrase length for WPA is 8.You need to edit the john.conf file to change the max length of the output.

"--inrecemtal:all" means that john will try all 128 ASCII characters, which will  take thousand of years to complete if the password has a proper lenght. You can also try -i:digits for numbers only or -i:alpha for a to z.

Good luck.

P.S.: You might be interested in this simple Linux dictionary password cracker written in python:  Article

Friday, 7 September 2012