Author Topic: Can you crack an idle WPA's password? (Read 1277 times)

Vithonil · « **on:** November 10, 2015, 08:39:20 pm »

Alright, you've guessed it right: This question comes from a noob (and I can already feel the downvotes coming, because somehow I think this is a stupid question to ask, but I was wondering and google failed me)

I've been reading a bit about hacking into Wifi networks (sry for the bad translation from German to English) and I have stumbled upon a method using Kali Linux and the well-known Aircrack -ng. And as far as I'm informed, you get the password by catching packets that are being sent between a client who is logged into the Wifi and the router itself, right? (please correct me if I'm wrong, I'm here to learn after all) So, if the network is idle and not used by anybody, you cannot crack it open with Aircrack? I mean, I tried to look it up on Google, but found no useable results, so I thought to give it a shot and ask you guys here.
If you consider this a stupid question, just tell me and I'll know

(Yes, I have read the sticky about posting good questions, but I just had to try and ask you this)
Thanks already

0pt1musPr1m3 · « **Reply #1 on:** November 10, 2015, 08:50:47 pm »

Yes you can. Search for reaver and pixiewps. There is a tutorial on the forum here by Itphoenix

To correct you - the password hash is intercepted with aircrack not the password itself.

iTpHo3NiX · « **Reply #2 on:** November 10, 2015, 09:02:46 pm »

With WPA2 you have to get what's called a 4-way-handshake. This handshake is obtained using airodump-ng. This method requires clients to be authenticated to the target access point and you deauth then and capture their handshake packets when they go to reauthenticate. Pixiewps/Reaver would be possible assuming they have WPS enabled and their router vulnerable. Also trying to crack a WPA2 handshake is a whole other matter with a low success rate.

Vithonil · « **Reply #3 on:** November 10, 2015, 09:06:28 pm »

well at least I was right about the cookies getting taken away from me

gray-fox · « **Reply #4 on:** November 10, 2015, 09:09:37 pm »

Quote from: Vithonil on November 10, 2015, 08:39:20 pm

And as far as I'm informed, you get the password by catching packets that are being sent between a client who is logged into the Wifi and the router itself, right?

You might have got this right but said it bit wrong(or my knowledge of english is failing me), but no you can't sniff password hashes from clients that are logged in already, instead important think is the point where client is logging in to wireless network and so called handshake is happening (read: http://www.aircrack-ng.org/doku.php?id=cracking_wpa). You can force already logged in clients out from network which makes them to re-authenticate(Read: http://www.aircrack-ng.org/doku.php?id=deauthentication) so you don't necessarily just need to wait for someone to login.

Edit: I was bit slow but you should read those links anyway.

Vithonil · « **Reply #5 on:** November 10, 2015, 09:17:41 pm »

But if nobody is logged in this won't work, right?

zenith · « **Reply #6 on:** November 10, 2015, 09:54:31 pm »

Quote from: Vithonil on November 10, 2015, 09:17:41 pm

But if nobody is logged in this won't work, right?

You got it. Aircrack doesn't work that way, but you can check out Reaver as per the previous comments.

Vithonil · « **Reply #7 on:** November 10, 2015, 10:00:14 pm »

Now with a real life example:
Our school has Wfi intended for students, but nobody ever uses it because they keep the password a secret. So it would be impossible to crack with Aircrack, but possible with Reaver?

zenith · « **Reply #8 on:** November 10, 2015, 10:17:26 pm »

Well, the password being secret wouldn't make the difference (that's the point of a password, right?). It's because Aircrack needs to either capture packets (for WPA encryption) or a 4 way handshake (in the case of a WPA2 encyption). If there's no traffic on the network or clients connected to it, you're not going to get any of that. Reaver would be the more reliable method if their router uses WPS and is vulnerable.

Here's a list of device models that would/wouldn't be susceptible:
https://docs.google.com/spreadsheets/d/1uJE5YYSP-wHUu5-smIMTmJNu84XAviw-yyTmHyVGmT0/edit?pli=1#gid=0

white-knight · « **Reply #9 on:** November 10, 2015, 10:19:30 pm »

Here is a nice free course to help you if you want to learn more about wifi hacking http://www.securitytube.net/groups?operation=view&groupId=9

0E 800 · « **Reply #10 on:** November 10, 2015, 11:14:24 pm »

Easy peezy https://github.com/SilentGhostX/HT-WPS-Breaker

Takes all the copy-pasting and typing out of it.

Now all you need is a wireless network adapter capable of supporting packet injection. Maybe your lucky and your laptop has an atheros based chipset.

BTW - pretty sure it was covered, but no you cant capture a handshake without a client connected to the access point.

EvilZone

News:

Author Topic: Can you crack an idle WPA's password? (Read 1277 times)

Vithonil

Can you crack an idle WPA's password?

0pt1musPr1m3

Re: Can you crack an idle WPA's password?

iTpHo3NiX

Re: Can you crack an idle WPA's password?

Vithonil

Re: Can you crack an idle WPA's password?

gray-fox

Re: Can you crack an idle WPA's password?

Vithonil

Re: Can you crack an idle WPA's password?

zenith

Re: Can you crack an idle WPA's password?

Vithonil

Re: Can you crack an idle WPA's password?

zenith

Re: Can you crack an idle WPA's password?

white-knight

Re: Can you crack an idle WPA's password?

0E 800

Re: Can you crack an idle WPA's password?