John the Ripper/WPA

From charlesreid1

Using John to Crack WPA

You can convert airodump-ng pcap files into a format that John can understand using the following steps [1]:

cap2hccap

First, you'll need to convert the pcap to a hashcat pcap (hccap) file, using cap2hccap tool: http://sourceforge.net/projects/cap2hccap/files/

Download it, and unzip it to a directory. Run make and it will make a tool called cap2hccap.bin, which you will then run as an executable.

Call the bin file, pass it your cap file, then tell it where to output the hccap file: 

$ ./cap2hccap.bin /path/to/my.cap my.hccap

hccap2john

Now you'll need to use hccap2john, a tool that comes with John the Ripper. if you don't have it (if you're using John the Ripper as part of a package manager, that doesn't build it), it's ok, you can just make a local build of John and use the tool from there.

Download John the Ripper, and make it. 

$ tar xzf john-1.7.9-jumbo-7.tar.gz
$ cd john*
$ cd src
$ ./configure
$ make linux-x86-64

Make sure you have LibSSL headers installed: 

$ apt-get install libssl-dev

Now that you've finished building everything, all your binary tools will be in the run directory: 

$ ls -l john-1.7.9-jumbo-7/run/
total 2880
-rw------- 1 root root  341064 Jul 10  2012 all.chr
-rw------- 1 root root  232158 Jul 10  2012 alnum.chr
-rw------- 1 root root  131549 Jul 10  2012 alpha.chr
-rwx------ 1 root root    3908 Jul 10  2012 benchmark-unify
-rwxr-xr-x 1 root root    8736 Aug 16 17:00 calc_stat
-rwx------ 1 root root     579 Jul 10  2012 cracf2john.py
-rw------- 1 root root    4099 Jul 10  2012 dictionary.rfc2865
-rw------- 1 root root   40391 Jul 10  2012 digits.chr
-rw------- 1 root root   42268 Sep 19  2012 dumb16.conf
-rw------- 1 root root   57177 Sep 19  2012 dumb32.conf
-rw------- 1 root root   11230 Sep 17  2012 dynamic.conf
-rwx------ 1 root root    1868 Jul 10  2012 genincstats.rb
-rwxr-xr-x 1 root root   23408 Aug 16 17:00 genmkvpwd
lrwxrwxrwx 1 root root       4 Aug 16 17:00 hccap2john -> john
-rwxr-xr-x 1 root root 1381216 Aug 16 17:00 john
-rw------- 1 root root   25902 Sep 17  2012 john.bash_completion
-rw------- 1 root root   41299 Sep 17  2012 john.conf
-rw-r--r-- 1 root root       0 Aug 16 17:00 john.local.conf
lrwxrwxrwx 1 root root       4 Aug 16 17:00 keepass2john -> john
lrwxrwxrwx 1 root root       4 Aug 16 17:00 keychain2john -> john
-rw------- 1 root root  215982 Jul 10  2012 lanman.chr
-rwx------ 1 root root     453 Jul 10  2012 ldif2john.pl
-rwx------ 1 root root     860 Jul 10  2012 lion2john-alt.pl
-rwx------ 1 root root     979 Jul 10  2012 lion2john.pl
-rwx------ 1 root root    1289 Jul 10  2012 mailer
-rwxr-xr-x 1 root root    7736 Aug 16 17:00 mkvcalcproba
-rwx------ 1 root root    9658 Jul 10  2012 netntlm.pl
-rwx------ 1 root root    5190 Jul 10  2012 netscreen.py
-rwx------ 1 root root    4078 Jul 10  2012 odf2john.py
-rwx------ 1 root root   94733 Sep 20  2012 pass_gen.pl
-rw------- 1 root root   26215 Jul 10  2012 password.lst
lrwxrwxrwx 1 root root       4 Aug 16 17:00 pdf2john -> john
lrwxrwxrwx 1 root root       4 Aug 16 17:00 pwsafe2john -> john
lrwxrwxrwx 1 root root       4 Aug 16 17:00 racf2john -> john
-rwx------ 1 root root    6660 Sep 17  2012 radius2john.pl
lrwxrwxrwx 1 root root       4 Aug 16 17:00 rar2john -> john
-rwxr-xr-x 1 root root    7576 Aug 16 17:00 raw2dyna
-rwx------ 1 root root    5943 Jul 10  2012 relbench
-rwx------ 1 root root    9032 Sep 17  2012 sap2john.pl
-rwx------ 1 root root     526 Jul 10  2012 sha-dump.pl
-rwx------ 1 root root     491 Jul 10  2012 sha-test.pl
-rwx------ 1 root root     633 Jul 10  2012 sipdump2john.py
lrwxrwxrwx 1 root root       4 Aug 16 17:00 ssh2john -> john
-rw------- 1 root root  107571 Jul 10  2012 stats
-rwxr-xr-x 1 root root    9080 Aug 16 17:00 tgtsnarf
lrwxrwxrwx 1 root root       4 Aug 16 17:00 unafs -> john
lrwxrwxrwx 1 root root       4 Aug 16 17:00 undrop -> john
lrwxrwxrwx 1 root root       4 Aug 16 17:00 unique -> john
lrwxrwxrwx 1 root root       4 Aug 16 17:00 unshadow -> john
lrwxrwxrwx 1 root root       4 Aug 16 17:00 zip2john -> john

We're interested in the hccap2john tool.

Call it as follows: 

$ ./hccap2john ./my.hccap

$WPAPSK$Walrus#k1xC0LKY57WA9vVgdLZS3uQhnqwwGeDNJX9BLVGPpRxBT.EG7gBNwlspasqW4AwOy03m5MkoPkJjbO9EBqITwJJoeXJdqLPAYkvN1k61.8w02wc.2..........0cWnD4jUVQVqAB4w3PtqWo1RZ5v3JR89pORZqn7ACqEwrNFylJLGeBKbNRgmH1hZEx7cS........................................I/huMokkg.aNsr/qbBolaxbAWal9ZvEBLiiR3vONMyyMB2NkH11csbvLqGIPBMWFjZ8K9XyZddJYVmQQhQ/K7T15qgPrH3N4T8CvvYHf3WUa......................................................................................................0w.....U...6OaRKi13gXzk8c2z29pCqc

Or, to dump it to a password file and then call John on it: 

$ ./hccap2john ./my.hccap > crackme

Crack with John

Now we have a password file that we can crack with John and a wordlist: 

john --wordlist=rockyou-10.txt --format=wpapsk crackme

See the John the Ripper page, and the links below, for the multitude of notes on John the Ripper.

Flag


Defcon.png
john the ripper
password generator and all-around cracking tool.


John the Ripper  · Category:John the Ripper


Installing John the Ripper on Kali 2.0: Kali 2.0/John the Ripper

Testing John: John the Ripper/Benchmarking

Using John on /etc/shadow files: John the Ripper/Shadow File

Password generation using rules and modes: John the Ripper/Password Generation

Installing some useful password rules: John the Ripper/Rules

Using John to feed password guesses to Aircrack: Aircrack and John the Ripper

John the Ripper on AWS: Ubuntu/Barebones to JtR

Getting Passwords from John: John the Ripper/Password Recovery


Category:Kali  · Category:Security  · Category:Passwords


Flags  · Template:JohnFlag  · e






Defcon.png
Wireless
all things wireless.

Wireless  · Category:Wireless


Networking:

Packet Analysis


Software:

Scapy  · Airpwn


Flags  · Template:WirelessFlag  · e



Retrieved from "https://charlesreid1.com/w/index.php?title=John_the_Ripper/WPA&oldid=13526"