First of all, we need to understand a mathematical operation calledhashing Algorithm (hash),This is a non-inverse, you can not calculate the results of the original unknown is how much, and sometimes we need a different unknown by the algorithm after the results can not be the same, that is, you are unlikely to find two different values through the hash to get the same result. Hashing is a generic term for a class of algorithms, usually hashing algorithms are public, such as Md5,sha-1 and so on. The WPA password that we usually say is actually calledPSK (pre-shared key),The length is typically 8-63 bytes, and it adds the SSID through certain algorithms to get the PMK (pairwise master key).pmk=sha-1 (SSID,PSK), the PMK is fixed length and is 64 bytes long.because the process overhead of calculating PMK is relatively large, it is the key to solve the long time spent, so the use of the principle of space-time to generate the PMK in advance, this pre-generated table is often said hash table (the algorithm generating PMK is a hash), This work is done with the Airlib-ng tool, and our quick crack is the way it is.
The certification will generate aPTK (pairwise temporary), this is a set of keys, the details are not detailed, its generation method is also the use of the hash, parameters are connected to the client MAC address, AP Bssid, A-nonce, S-nonce, PMK, wherein A-nonce and s-nonce is two random number, Make sure that each connection generates a different PTK. The calculation of PTK is very small. PTK plus the message data using a certain algorithm (AES or TKIP), get the ciphertext, and will get a signature, calledMIC (Message integrality check),Tkip has been cracked and has a lot to do with this mic.。 9 N, b# r/y ' k& T (Z
what does the four-time handshake pack contain? The MAC address of the client, the bssid,a-nonce,s-none,mic of the AP, the most critical pmk and PTK are not included in the handshake package!
8 A2 M6 t&}) U2 J Authentication principle is that after obtaining all of the above parameters, the client calculates a mic, the original text together with the mic sent to the AP,AP using the same parameters and algorithms to calculate the mic, and the client sent over the comparison, if consistent, the certification passed, otherwise failed. # ^% L-n "b! T7 U4 e# ' 4]
The current method of cracking is that we get the handshake package, using Mr. Psk+ssid in our dictionary as a PMK (if there is a hash table), and then combine the handshake package (client Mac,ap bssid,a-nonce,s-nonce) to calculate PTK, Together with the original message data to calculate the mic and compare it to the mic sent by the AP, the PSK is the key if it is consistent. -u# {6 b& ^; [% H3 ~ |] A9 T
At present the most time-consuming is to calculate the PMK, is a crack bottleneck. Even if the computational problem is fixed, a huge amount of key storage is a problem (PMK is 64 bytes long)!
The most recent tkiptun-ng is simply the ability to unlock data packets encrypted with TKIP, not to say that the PMK or PSK can be calculated quickly. If you are interested, you can go to the bookstore to read the book about hashing, perhaps you have cracked the hash algorithm.
The Wpa_supplicant Kit has a gadget called Wpa_passphrase, which works almost like Airolib-ng and is used to generate PMK, which should be brought in backtrack. For example, there is an SSID of TP-LINK,PSK is 12345678, then the method of generating PMK is Wpa_passphrase tp-link 12345678, the result should be this: $ g5 ~ ' G ' m% y (^; H (_, F
network={ssid= "Tp-link"% u "y" A, j:p
#psk = "12345678"
Psk=1eecc652f354863e9f985a96d48545c4994e0d21b04955432b60c2600c0743da
Psk=1eecc652f354863e9f985a96d48545c4994e0d21b04955432b60c2600c0743da is actually the PMK, generally run on the computer to view the wireless password software is to get this, The 1eecc652f354863e9f985a96d48545c4994e0d21b04955432b60c2600c0743da directly into the wireless client can be connected to the SSID, the equivalent of 12345678 input, The process of generating the PMK is irreversible,that cannot be reversed by 1eecc652f354863e9f985a96d48545c4994e0d21b04955432b60c2600c0743da to get 12345678。 You can see that the same PSK is 12345678, and if the SSID name changes, then the PMK will change, which is why using Airolib-ng to build a table is only possible by SSID.
All the text of the tutorial to their own original
Reprint Please specify: Ouyang Bingfeng produced
This tutorial is designed to explore non-line security vulnerabilities, prohibited for illegal use, violators law (not my concern)
Get down to the chase.
First download "cdlinux-0.9.6.1 ISO wireless hack system"
HTTP://U.115.COM/FILE/F7650106DD Cdlinux_-0.9.6.1_iso wireless hack system. ISO
And then get ready for the virtual machine, I'm using the VM6
If you do not like the virtual machine to run, you can burn the CD directly to load the boot
But in order to facilitate the running of the package (brute force password), or in win under the virtual machine is more convenient
In terms of hardware, I use Carro, chip 8187
Everyone can arrange according to their own situation
First: Set up a virtual machine (CD-ROM can be directly passed through this part)
First install the VM (green version directly run) I am the green version
The following screen appears
1. First set up a virtual machine
Photo name: Then punch the next step directly
2. Continue to the next step
Photo Name: Then the next step
3, this is the default, direct next
Photo Name: Here the client operating system chooses Linux,
4, this is the choice of operating system and kernel, it is important, according to my choice on OK
5. Give him a name.
6, I will be the next step
Photo name: I give him 1g space
7, because CD capacity is very small, 130mb more files, you give him 200MB is enough! I'll give him 1g.
By now basically a virtual machine prototype was basically born
The next final step
And one of the most important steps.
Give him an ISO package.
8, give him a path, let him know where your ISO is! It's so simple.
Then you can start the virtual machine!
Next
Photo Name: Choose Chinese here, you should know?
System start, select the Language interface, here you choose Chinese, if you are a foreigner, choose a foreign language, I believe see here are Chinese?
Photo name: System start ing
Virtual machine start ing
It's an exciting time to start.
Hey
Next
Part II: Crack WEP/WPA2
Photo Name: System started successfully, desktop
1, the system started, this is the desktop! How? Are you familiar? Very much like Win's! It's easy to get started
2, then open the second row of the first software minidwep-gtk~~ this dialog box appears, direct point ok! It's gone.
3, look at the top left corner of the drop-down menu, find their own network card!!! Then the upper right corner!! Scanning!!! And then it started to get exciting! ~
4, enough excitement, right? Do you see it?
Sssid---is the MAC address of the scan to the wireless access point PWR: Signal strength Data: This is the so-called packet at the back of the Essid you know it? That's the name of the route you scanned! That makes sense, right? Of course, if there is no packet, you still save it! After all, it's cracked! No data packet represents the handshake package, can not grasp the handshake package how to crack it? So we still need the amount of data! And then grab the handshake bag and start cracking!
5, how? Hey, did you see that? The software has searched for the WPA2 encrypted way of the router! Of course, the software search method is a search, that is, WEP,WPA2 search together, see the software on the left column of the "Encryption" you choose WEP will show the WEP encrypted route, you choose WPA2 will show WPA2 way encrypted route, What we're talking about here is the way to hack the WPA2 encryption route! So WEP took a stroke! If it is to crack the route of WEP, the "Start" button on the right side of the bar, the rest is almost no automatic search password (if there is a packet Oh!). )
6, the next start grab handshake package, look at the last line of the picture, caught a handshake package, is waiting for certification, waiting for certification will give you a hint! Tell you that you have caught a handshake bag, and then you can crack it! (of course, grasping the handshake package is to be patient, sometimes the RP burst, can catch up, I grabbed more than 10 minutes to catch)
7, basically has been successful, the rest is cracked! Here begins to hack the first part, run the package and start the test password!
8. Next, contribute your dictionary to minidwep-gtk!. Hey, is this going to be all right? I gave him a default dictionary, which is the last wordlist.txt. You can choose the dictionary according to the situation, in fact, I hid a 3g dictionary! Hey, but this route is a weak password! So this dictionary is enough!
9, this is decrypted, success!!! Hey, haha!!! See wpakey:0123456789 This is the code! This code, Bull cunt? Retarded enough?! Ha ha haha
10, yesterday wrote the hasty, forgot to tell everyone, the virtual machine running CD is not support the internal network card, so need to set up a bit! Very simple, I will not! After opening the VM, look at the above menu bar there is a "virtual machine" and then come down to see "mobile device", then see your USB card, and then hit the check on the OK! It's simple! Hey
Hey, comrades don't shoot bricks, don't scold! Cracking WPA is not a joke! The key is whether your machine is tough enough! Dictionary is not enough!!!
If your machine is tough enough, run the bag and run to hundreds of thousands of! Dictionary collection Hundreds of G, it is estimated that you can not crack the password is not much! There are a lot of "heroes" told me that can not be cracked, said I lied! Later asked, how old are your dictionary? People said, my dictionary super-cool!!! There is a 3m TXT file as a dictionary!!!! Comrades, Ah!!! Do you think he can crack this "hero"?
I've seen the names! Feel the benefit of the reply to a sudden! Hey! Ha ha!
The software used in this tutorial
http://u.115.com/file/f7d949c203
Vmware6.0.rar (software used in this tutorial)
http://u.115.com/file/f758c8914b
VMware7.0 green version. rar
http://u.115.com/file/f77cd2c61e
Ewsa.rar
Http://u.115.com/file/f7650106dd
Cdlinux_-0.9.6.1_iso wireless hack system. ISO
The legendary bottle
Http://u.115.com/file/f7a4c507ed
Beini-1.2.1 Integrated 500W password-enhanced version. ISO
Attached to my favorite dictionary: compressed after 80 MB, uncompressed after 3g space!
Http://u.115.com/file/f7d8f179da
WPA2 cracked dictionary (extracted after 3g file). rar
Http://u.115.com/file/f716661ca0
All_birth (VIP). rar
http://u.115.com/file/f73b4d2345
A new dictionary in beini-1.1_. rar
http://u.115.com/file/f760ed169e
14365003.rar
http://u.115.com/file/f742663269
142183.rar
http://u.115.com/file/f7bc03925f
133127.rar
http://u.115.com/file/f7533611f
0-9.8-bit pure number password. rar
http://u.115.com/file/f7d077303a
3+sr.rar
Http://u.115.com/file/f76a7b09c8
Birthday 1980-2010. rar
Http://u.115.com/file/f74d658ab6
Weak password set. rar
Http://u.115.com/file/f7cd77abab
Super dictionary. rar
http://u.115.com/file/f7e9e85619
WPA English Dictionary. rar
http://u.115.com/file/f720ee3656
Wordlist.rar
Http://u.115.com/file/f7a42521bf
10-bit number. rar
Two lossless albums included
Http://u.115.com/file/f7efda8dec
"A network feeling Deep" Up-dts.rar
Http://u.115.com/file/f787c8ea04
ABC album "The Voice of the West"-The King of the Horn-German version. rar
Http://u.115.com/file/f73be0d0ce
Invincible • Love song. rar
http://u.115.com/file/f7f0082592
Shi-The car lover Dsd.rar
about cracking dictionaries
In fact, crack is the simplest but also the most complex, simple is only a few steps to set up after the violence can be cracked, complex is the need for excellent patience and luck to crack success, the higher the machine configuration, the more the dictionary, the faster you run the package, you crack the higher the probability, so don't ask me how long I can crack a WPA2 , I can not answer, because there are many factors to crack it! Let's start by telling you how to run a bag under win!
First need to prepare the software: EWSA (the usual, lazy to download the back of the message, I sent) a number of dictionaries
First Open the EWSA
And then import the handshake package you caught.
Then create a new dictionary option
Then add the path to your dictionary
Then OK to start attacking the handshake package to crack
Want to get a video tutorial, do not know which screen video to use, who recommend all of a sudden ah? Have the address to me to reply in the back! Thank you.
I especially despise those who do not reply to the direct reprint does not cherish my labor results! May these people xxxxxx ~ ~ Oh, God.
5 minute hack WPA2 password (GO)