Cracking WPA-PSK/WPA2-PSK with John the Ripper

John is able to crack WPA-PSK and WPA2-PSK passwords. Recent changes have improved performance when there are multiple hashes in the input file, that have the same SSID (the routers 'name' string).

Input format is exactly the same as oclHashcat's hccap file described here but need one more step of conversion, with the “hccap2john” tool supplied with John up to 1.7.9-Jumbo-7. In latest git trees (and any released version newer than 1.7.9-Jumbo-7) there is a new tool “wpapcap2john”, that will convert a raw pcap (.cap) file directly into JtR wpapsk input hashes, omitting the hccap step.

You can convert airodump's .cap file to .hccap in one of the following ways:

When you have hccap file you need to convert it to john's input format using hccap2john program. It encodes hccap file to “$WPAPSK$essid#b64encoded hccap”

Example testcase you can get from http://wiki.wireshark.org/SampleCaptures?action=AttachFile&do=view&target=wpa-Induction.pcap or wpa-Induction.tar.gz

From that point you can use john as you always do. The format comes in three flavours:

  • -format=“wpapsk” (currently OpenSSL or SSE2 and is OMP capable)
  • -format=“wpapsk-cuda” (for nvidia GPUs)
  • -format=“wpapsk-opencl” (for any OpenCL GPU or CPUs)

Example usage:

  • $hccap2john wpa-Induction.hccap > crackme
  • $./john -w:password.lst -fo=wpapsk-cuda crackme

If “Induction” is in your (by default it is not) password.lst file, john will crack it.

If you are interested in how it works visit this page

john/WPA-PSK.txt · Last modified: 2013/06/13 14:39 by magnum
 
Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution-Noncommercial-Share Alike 3.0 Unported
Recent changes RSS feed Donate to DokuWiki Powered by PHP Valid XHTML 1.0 Valid CSS Driven by DokuWiki Powered by OpenVZ Powered by Openwall GNU/*/Linux Bookmark and Share