Cracking WPA-PSK/WPA2-PSK with John the Ripper

John is able to crack WPA-PSK and WPA2-PSK passwords. Recent changes have improved performance when there are multiple hashes in the input file, that have the same SSID (the routers 'name' string).

The input format is a printable hash, which can either be directly created with john's tool “wpapcap2john” (ships with jumbo) from a packet capture in pcap format as produced by tcpdump, wireshark or airodump-ng; or by doing an intermediate conversion to Hashcat's hccap format as described below.

You can convert airodump's .cap file to .hccap in one of the following ways:

When you have hccap file you need to convert it to john's input format using “hccap2john” program shipped with recent jumbo versions. It encodes hccap file to “$WPAPSK$essid#b64encoded hccap”

Example testcase you can get from http://wiki.wireshark.org/SampleCaptures?action=AttachFile&do=view&target=wpa-Induction.pcap or wpa-Induction.tar.gz

From that point you can use john as you always do. The format comes in three flavours:

  • -format=“wpapsk” (currently OpenSSL or SSE2 and is OMP capable)
  • -format=“wpapsk-cuda” (for nvidia GPUs)
  • -format=“wpapsk-opencl” (for any OpenCL GPU or CPUs)

Example usage:

  • $hccap2john wpa-Induction.hccap > crackme
  • $./john -w:password.lst -fo=wpapsk-cuda crackme

If “Induction” is in your (by default it is not) password.lst file, john will crack it.

If you are interested in how it works visit this page

john/WPA-PSK.txt · Last modified: 2017/10/13 18:14 by rofl
 
Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution-Noncommercial-Share Alike 3.0 Unported
Recent changes RSS feed Donate to DokuWiki Powered by PHP Valid XHTML 1.0 Valid CSS Driven by DokuWiki Powered by OpenVZ Powered by Openwall GNU/*/Linux Bookmark and Share