# Hacking WIFI



## evilmage93 (May 7, 2012)

I have cracked WIFI connections (mine, ofcourse ) using BT and an external router but recently i tried it using acer aspire one lappy with inbuilt wifi router and was unsuccessful. It doesnt show mine wifi device.

So i think i already know the ans but still, does BT works only with external wifi devices??


----------



## pratyush997 (May 7, 2012)

How did you Do that?? DID u used BT4 OS or any other cracking tool


----------



## Desmond (May 7, 2012)

In order to crack a WiFi network, you need an adapter which supports packet injection. Not all adapters support this feature.

How did you crack it via BT anyway?


----------



## techiemaharaj (May 7, 2012)

^^ Mostly all the Atheros adapters are supported...Mine even the netgear USB adapter works..


----------



## pratyush997 (May 7, 2012)

I Have a Teracom Type 2 Modem.Can I Experiment with it??


----------



## Sujeet (May 7, 2012)

One needs a Wifi Adaptor that supports Packet Injection/Aircracking for hacking WEP protected APN.


----------



## Desmond (May 7, 2012)

techiemaharaj said:


> ^^ Mostly all the Atheros adapters are supported...Mine even the netgear USB adapter works..



The Netgear adapter only works in Linux (Backtrack) AFAIK.

Here is a list of all compatible adapters for backtrack (Airhack)

compatibility_drivers [Aircrack-ng]


----------



## Sujeet (May 7, 2012)

BT Works with internal Adapters as well.


----------



## Gauravs90 (May 7, 2012)

will anyone will be able to hack if I use wep 2 security...


----------



## whitestar_999 (May 7, 2012)

you mean WPA2 & no unless backed by govt resources.


----------



## devx (May 7, 2012)

*@ Gauravs90 >>* YES BT and other tools does it very well


----------



## whitestar_999 (May 7, 2012)

@devx,assuming you are talking about WPA2 then you are wrong.try using BT to crack a 10 character alphanumeric WPA2 password on your desktop.


----------



## devx (May 7, 2012)

*@whitestar_999 >>* hahaha., i did it bro., it took almost 2 days on PENTIUM D and nothing is impossible, basically people have small dict. and end-up very quickly., as you know WPA-PSK networks are vulnerable to dictionary attacks, so let me tell you then 

- Dual-core would take almost 5 days with a large dict. and 4 core or above is recommended to capture the handshake that contains PSK passphrase.

- Brute-force would be very-very helpful if done with a large stream processors / cuda cores of GPU.

- Online services are also there provides dictionaries.

- Pro. always got a good collection of large dictionaries and hours of time too.


----------



## Sujeet (May 7, 2012)

Gauravs90 said:


> will anyone will be able to hack if I use wep 2 security...


WEP2 is doomed.It must be WPA2??


devx said:


> *@ Gauravs90 >>* YES BT and other tools does it very well


See what has been asked.
Which other tools are you talking about.
Try what whitestar has said.You will know.


----------



## whitestar_999 (May 8, 2012)

i know about dictionary attacks but i was talking about random combination since that is the real deal.brute forcing a 8 character alphanumeric(random) WPA password takes 1481 years using i5 2500k(5000 WPA password guesses per second).even assuming 1 Million WPA passwords/second using 400 CPU clusters on Amazon's EC2 cloud will take 7 years to crack a random 8 character alphanumeric WPA password.


----------



## Sujeet (May 8, 2012)

@devx
Try with a random 12 key passphrase.lol


----------



## dashing.sujay (May 8, 2012)

Cracking an alphanumeric 10-12 key pass-phrase with brute force attack can only be imagined. I'm telling an instance. Once I had forgot pass of an word file of which I had set 11 digit pass consisting only small caps + numerals. Problem was I had missed one digit while entering pass. Just to recover that one digit with brute force even when I had specified that all other characters, my P4 PC took 36 hrs.

Cracking a WPA2 pass is very very tough if you have zero idea about the pass.


----------



## evilmage93 (May 8, 2012)

U can crack WEP for sure and easily and its gonna take hours ( for me it took 3 hrs) but for WPA2 its simply depend on the wifi owner, if the guy is a newbie he will use password made up of max 2 or 3 dictionary word and u can crack that easily but if we are dealing with a veteran here he will have one of those 63 character long GRC one, then good luck cracking, ur kids will get married before ur halfway near.


----------



## evilmage93 (May 8, 2012)

pratyush997 said:


> How did you Do that?? DID u used BT4 OS or any other cracking tool



BT5 is more than enough, software wise, along with that get a wifi enabled computer or laptop, wifi router capable of packet injection and ur ready to hack ur neighbors wifi.

DONT TRY THIS AT HOME


----------



## devx (May 9, 2012)

*@ Sujeet >>* A desktop would never be able to crack complex 10 Alphanumeric keys., may be i cracked a less complex key combination + my dict. was large but procy of different machines on LAN can be used AND I'm talking about online tools / Premium tools available.

*www.wpacracker.com/

*@ whitestar_999 >>* Ethical hacker have options to use WPA Cracker which gives you access to a 400CPU cluster + 135 MILLION word dictionary created specially for WPA passwords., which on paying 17$ would crack at an average of 20 MINUTES.

- MASSIVE CPU power is not enough., a very huge collection dict. is required too.

*@ Sujeet >> *Hey man., i could have cracked it if got an access to big servers and i'm not a pro in hacking., but i have spent almost 3 years on creating a LARGE DICT. and if you don't believe that long keys can't be cracked pay some for few services and watch the results.


*NOTE:* It's not a everyday playgame  to crack such a long keys on desktop, who perform it in real is PEN. TESTERS [Experts to bypass/breach firewalls of vulnerable networks and use there crunching power] [I KNOW IT MAY SOUND LIL. FILMY BUT a group of hackers can perform]


----------



## whitestar_999 (May 9, 2012)

@devx,i think you are misunderstanding here.no one is denying the efficiency of dictionary attack *but we are talking about RANDOM pass phrases not crackable using dictionary attack.*simple permutation combination will tell you a 10 character password with upper & lower case alphabets+numbers has 62^10 possible ways of arrangement which is much much larger than 135 million.


----------



## devx (May 9, 2012)

Apology for being offensive 

*@ whitestar_999 >>* I admit i lil. bit stuck on the crackable part but 8 randomized alphanumeric keys are crackable only by the pro. cloud services by using LT/NTLM dict. and for more long characters crypt (SHA-512) dict. and Now, to my knowledge, even a simple 10-character alphanumeric passphrase would be quite secure for _only everyday use_.



> crypt (SHA-512) Dictionaries
> These dictionaries are available for the modern SHA-512 variation of the salted crypt() format, used in Unix-based password storage. This is a salted format with a high iteration count and a relatively expensive compression function, resulting in computational overhead that demands cloud-scale resources and critically accurate dictionaries.
> 
> These hashes are formatted the following way, note the identifying "$6$" sequence to start:
> $6$<salt (up to 16 characters)>$<hash (86 characters)>


----------



## whitestar_999 (May 9, 2012)

WPA2 uses AES encryption which is far more stronger than LM/NTLM(used by windows) & SHA512(used in linux/unix & is a hash function not encryption).cracking a truly random 10 character alphanumeic AES encrypted password is still not possible within reasonable time even using cloud resources.
How secure is AES against brute force attacks?


----------



## ico (May 9, 2012)

@whitestar99

AMD GPU clusters to the rescue. 

Haven't tried out Pyrit and CoWPAtty, but in basic MD5 brute-forcing, my i5-2500k got owned by an E-350's HD 6310.


----------



## whitestar_999 (May 9, 2012)

gpu is always better than cpu for such tasks but still i don't think anyone providing a 400gpu(top end) cluster to break passwords anytime soon & even then i doubt a 14-15 character random password containing entire keyboard character types breaking within reasonable time.


----------



## ico (May 9, 2012)

^ true.

I'll run WPA cracking benchmarks some day.

Check this out meanwhile - *www.thinkdigit.com/forum/1526859-post1.html


----------



## whitestar_999 (May 9, 2012)

try this to see AES cracking benchmarks
Parallel RAR Password Recovery - multi-core, GPU, distributed solution


----------



## Sujeet (May 9, 2012)

^^
Can you provide a proper link for an efficient dictionary for the above link.


----------



## whitestar_999 (May 9, 2012)

^^i don't think AES based dictionaries are available to download or if there is even a point in creating one.AES has not been broken till now(brute force is not counted in definition of "breaking" an encryption) & very little chance of it in near future too.


----------



## Sujeet (May 9, 2012)

^^
But iam talking about Bruteforcing a Password protected RAR.Not breaking the encryption used to pass-protect it.


----------



## whitestar_999 (May 9, 2012)

^^same thing.RAR by default uses AES encryption unless you change it.bruteforcing an encrypted winrar file is same as bruteforcing AES algorithm.


----------



## samiryadav (May 14, 2012)

hi,
out of curiosity,
i want to know if it is possible to hack a 13 character alphanumeric WPA2-PSK with AES encryption ?
if yes....what is the average time to do so.

and is it possible to WPA2-ENTERPRISE ?

and also what is the effect of WPS on WPA2-PSK.

suppose...WPA2-PSK is rated 5 in security...

what will be drop in rating when using WPS with WPA2-PSk?


----------



## whitestar_999 (May 14, 2012)

^^forget about it.anything above 6 alphanumeric character with AES encryption & you are out of luck.


----------



## patkim (Jun 14, 2012)

This query is out of curiousity, have no much knowledge here..
does this as well break the MAC id authentication if set over and above password.


----------



## criztle (Jul 31, 2012)

help 
i have downloaded bt5r2 kde 32 for vmware....so i wanted to install on it...but after extracting there no iso file ....but a over 2 gb .squashfs file....plz tell me how to install this in vmware

my config
P4 2.60 GHz  32 bit
1.5 gb ram

(sorry for this stupid question but i am just a beginner)


----------



## evilmage93 (Aug 6, 2012)

Squashfs, a read-only file system software for Linux; stores the file system data in a highly compressed read-only format; supports files, inodes, and directories; optimized for archiving and read-only file system use.

SQUASHFS files are sometimes found within Linux installation packages.

You can use the 7-zip software to open the .squashfs file then see if u can locate the .iso file within it.


----------

