If you like my videos please consider donating BTC to 1 Gv Wr JSLNafra26j Dwp Sc Y5bq Yc Q6 BDh PW Hi again guys, In this video I will show you how to use Kali Linux.
Hello reader and welcome to part 2 from chapter 5 of the Wi Fi Security and Pentesting Series. If you remember in the previous part, we learned Speeding up WPA/2 Cracking Using Pre-generated PMKs. Which certainly uses CPU as the primary part for the calculations of the PMKs. It surely gives us speed for cracking as while using PMKs for cracking we are not performing actual calculations in real-time. This brings us to some drawbacks of using PMKs, as follows: SSID Specific. You cannot use PMKs generated for SSID, say “rootsh3ll” for another SSID like “ Belkin“. Case- Sensitive. Cannot be used even a single letter is up/lower case. Ex: Won’t work for “ Rootsh3ll“ if PMKs are created for “rootsh3ll“. Time used is the same. As processing power of CPU is same in both cases, the time required for creating PMKs are equal even if you crack using Aircrack or creating PMKs(with Gen PMK). Huge HD Space required. As we are pre-calculating the PMKs and storing them on HD, it requires a lot of space on your HD and that too for a specific SSID. Which is not an option all the time. Less helpful in today’s scenario. Nowadays routers are being shipped with unique SSID. Ex: Belkin_04 A2 for preventing routers from these kind of attacks or atleast delay the cracking duration. You might be thinking now that If this is so, then why would I even consider PMKs for cracking? Well, as I said above this is Less helpful, that means in some cases. Cases like: Simple SSIDs. Ex: MTNL, Airtel, Linksys etc Before trying any complex task to crack the PSK, if you have PMKs already stored. Give them a shot Mobile numbers are still very common passwords. Still, even if this gives us speed this method is a bit slow. You don’t always have a friend ready to give you a pre-generated PMK file for a specific SSID just when you have captured the handshake, right? yeah, it’s very rare! Here is when you need to stop.
ocl Hashcat accepts the WPA/ WPA2 hashes in it's own “hccap” file. Assuming you already captured a 4-way handshake using airodump-ng, Wireshark or tcpdump, the next step will be converting the.cap file to a format ocl Hashcat will understand. The easiest way is to go to one of these sites for converting: Upload your.cap and get a.hccap file. The problem with that is that you upload some sensitive data to a strange place. If you dont mind go for it. Otherwise here is what they do (in this order Convert it with “aircrack-ng” using the - J option To convert your.cap files manually in Backtrack. Download and install the latest Aircrack build here. The list of builds is upside down so the latest can be found at the bottom of the page. Example working code for wpaclean. wpaclean Please note that the wpaclean options are the wrong way round. instead of which may cause some confusion. Example working code aircrack.cap conversion to.hccap aircrack-ng - J Note the - J is a capitol J not lower case j. A script is provided here to automate this process. Preparation Dictionary attack Grab some wordlist, like Rockyou. Put it into ocl Hashcat folder. Rename your converted capture file “capture.hccap”. Create a batch file “attack.bat”. Open it with a text editor, and paste the following: ocl Hashcat64.exe -m 2500 capture.hccap rockyou.txt pause NOTE: If your OS is 32 bit, then replace 64 with 32 in the binary name. Execute the attack using the batch file, which should be changed to suit your needs. Brute- Force Attack Rename your converted capture file “capture.hccap”. Create a batch file “attack.bat”. Open it with a text editor and paste the following: ocl Hashcat64.exe -m 2500 -a3 capture.hccap?d?d?d?d?d?d?d?d pause This will pipe len8 digits only to ocl Hashcat, replace the.
Download Now