Posts Tagged ‘WPA’

Image result for password cracking nvidia

WPA algorithm is very secure, and to get the password usually we have only one way – to brute force it, which could take huge time if password is strong enough. But what if instead of using regular CPUs we would use a power of GPU? Amazon says, that we can use up to 1,536 CUDA cores on g2.2xlarge instance, which costs $0.65 (around 50p sterling) per hour. Sounds very promising, so let’s see how it can help us to speed up password brute force.

Below I will give step-by-step tutorial on how to deploy Amazon GPU instance and run pyrit (python tool) to crack password using GPU. In this article I assume that you are already familiar with aircrack-ng wi-fi cracking tools. And you’ve already captured handshake into .cap file.

Cracking WiFi Password with Pyrit and NVIDIA GPU on Amazon AWS

Go to Amazon EC2 panel and click Launch new instance

Select Ubuntu Server 14.04 LTS (HVM) 64 bit > GPU instances g2.2xlarge > Review and launch

SSH to your new instance

Now, Go to Nvidia website and download latest CUDA installer (choose runfile for Ubuntu 14.04). At the time of writing it is cuda_7.5.18

Install build tools

To avoid ERROR: Unable to load the kernel module ‘nvidia.ko’, install also

To avoid ERROR: The Nouveau kernel driver is currently in use by your system.

To avoid ERROR: Unable to find the kernel source tree for the currently running kernel:

Reboot Now!

Extract Nvidia installers

Run driver installation

Download and unzip pyrit and cpyrit-cuda:

Install additional libs

Install pyrit and cpyrit-cuda

Run pyrit list_cores and make sure CUDA cores are detected

Create file, modify chars variable which is our characters dictionary. In my case I’m cracking password containing only digits.

Run brute force to crack password from 8 to 12 characters length

I tried to brute force password with and without CUDA, and result is 4k pw/sec vs 30k pw/sec. I’m a bit disappointed, because I expected much faster results with CUDA. But anyway I got an experience of setting up CUDA driver on Amazon AWS. Hope this can help someone else to crack their wifi password with CUDA

This tutorial will require the use of Backtrack, get the latest version HERE and it is free.

Wireless technology comes at the price of security but at least WPA and WPA2 are safe right? Wrong. WPA and WPA2 are both crackable but the time it takes to crack depends on the strength of their password.

-Boot into BackTrack
-Open up Konsole which is a command line utility built into BackTrack. It is the Black Box in the Lower-Left Hand Corner (See Image).

We will now be entering the following commands into the command line noted by Bold as well as explanations as to what they do:

-The following commands stop the wireless interface so you can change your mac address, this is important because your mac address is a unique identifier so faking one is a good idea if you are accessing a network you don’t have permission to. (Which by the way I wholly condemn)

airmon-ng stop wlan0
ifconfig wlan0 down
macchanger –mac 00:11:22:33:44:55 wlan0
airmon-ng start wlan0

-Now we will put the airodump-ng tool into monitor mode, this will allow us to see all of the wireless networks around us.

airodump-ng mon0

Now choose the network you want to hack and take note of the BSSID, and the Channel it is one as well as the ESSID. The PWR has to be fairly high to be able to hack it, this is determined by how close you are to the wireless router. The closer you are, the better.

Once you have chosen the wireless network enter the following into the terminal:
This will write capture packets and put them into the “filename” file, we are trying to capture the handshake between the router and wireless connection which will give us the key we need to crack.

airodump-ng mon0 –channel * –bssid **:**:**:**:**:** -w filename

The following step is optional but is highly recommended as it will speed up the process a great deal.

Once “WPA handshake: **:**:**:**:**:**” appears in the top right-hand corner we can move on. If you are having trouble getting the WPA handshake to occur then do step 4.

aireplay-ng -0 1 -a **:**:**:**:**:** -c **:**:**:**:**:** mon0

What this step (4) does is it deauthorizes a wireless connection and trie to re-establish it so it will generate a new handshake to capture. This step ends once you have captured the handshake.

aircrack-ng –w wordlist.lst -b **:**:**:**:**:** filename.cap

Step 5 is now trying to crack the password in “filename.cap” using a list of words, here called “wordlist.lst” you can download a good 200 million word dictionary here (128MB but unzipped is 800MB). However if this wordlist becomes unavailable feel free to drop me a line and I’ll post a new one.

Your computer has to compute the hash value of every password in that list but a computer can go through those 200 million passwords in 6-12 hours.


If the password isn’t found in the dictionary you can try and brute-force the password with this command: (Note this could take a very long time depending on their password strength).

/pentest/password/jtr/john –stdout –incremental:all | aircrack-ng -b **:**:**:**:**:** -w – filename.cap

Note: If you would like some instructions on how to install Backtrack5 have a look at The Geek Net, they have produced a very simple yet very effective tutorial.