WPA/WPA2 Encryption. Wireless Encryption Attacks. Cain and Abel - sniffs packets and cracks passwords (may take longer). Cain and Abel (aka Cain) is a password recovery tool made to recover passwords from Microsoft Windows-based systems. It has numerous functionalities, and it can recover many kinds of passwords using hacking methods such as network packet sniffing, cracking password hashes, dictionary attacks, brute force, and cryptanalysis attacks. Cain and Abel is a powerful tool that does a great job in password cracking. It can crack almost all kinds of passwords, and it’s usually just a matter of time before you get it. Cain & Abel – MD5 and SHA-1 Hash generator – Top 10,000 most commonly used passwords –. (11) ★★★½ Cain and Abel (#6, 3) UNIX users often smugly assert that the best free security tools support their platform first, and Windows ports are often an afterthought. They are usually right, but Cain & Abel is a glaring exception.

1. Wpa2 Encryption Key
2. Wpa2 Encryption Type
3. Cain And Abel Wireless Password Cracker

Table of Contents

• 1. What is Password Cracking?
• 2. Cracking Ideas Overview
• 3. Some Well Known Cracking Tools
• 4. Password Cracking using Cloud Services
• 5. Lab Experiments on Passwords and Cracking

1 What is Password Cracking?

Given an 'encoded' (may be salted) password, (re-) construct its plaintext version. A login Trojan, a keyboard logger, un-encryptedcommunication with an ISP or website, …, can all get the plain textpassword. We (should) call this stealing – not cracking.

Prerequisite: ../Passwords/ hashes, salting, MD5, SHA512, Linux /etc/shadow

1.1 Caution

When you crack passwords, you could be breaking the law. Doit only in the context of our course.

1.2 Overview

1. Terminology: Lookup Tables, password lists, crack hashes.
2. https://haveibeenpwned.com/ Check if you have an account that hasbeen compromised in a data breach!
3. https://www.onlinehashcrack.com/ A password recovery serviceassisting pen-testers & security experts since 2008. Non-profit.
4. Penetration testing includes password audit.
5. https://www.kali.org/news/kali-linux-aws-cloud/ December 2016Kali Linux full images are free on the Amazon AWS marketplace.Make sure to fill out the Amazon penetration testing request form.
6. https://github.com/offensive-security/kali-cloud-build Kalibootstrapping script for Amazon Machine Images (AMI)
7. There are many other penetrations distros. Visithttp://distrowatch.com

2 Cracking Ideas Overview

2.1 Stealing the Passwords

A login Trojan, a keyboard logger, un-encrypted communication with anISP or website, …, can all get the plain text password. We (should)call this stealing – not cracking.

2.2 Social Engineering

1. [From 'The New Hacker's Dictionary' aka Jargon File] Socialengineering is a term used among crackers and samurai for stealing(cracking?) techniques that rely on weaknesses in wetware ratherthan software; the aim is to trick people into revealing passwordsor other information that compromises a target system's security.
2. Classic scams include phoning up a mark who has the requiredinformation and posing as a field service tech or a fellow employeewith an urgent access problem.

2.3 Causing a Password Reset

1. A now common stealing (cracking?) technique is to attempt to loginat a site, and cause a password reset request to be sent to theemail address on record, which the attacker has gathered throughother techniques. This email is then intercepted.

2.4 Fooling Finger Prints

Read smartphone fingerprint scanners are they secure?. Read also HowTo Fool a Fingerprint Security System athttp://www.instructables.com/. Does this really work? May be notalways. But, as can be seen, this is mostly a question of perfectingsuch techniques. Here is more advice: why you should not use the newsmartphone fingerprint readers.

2.5 What Are Hashes?

1. What exactly are rainbow tables cannot be explained without firsttalking about crypto hashes, hash chains etc.
2. Hash functions are used in data bases, etc. Every hash functionmaps a large domain into a small range of numbers. Thus, therealways will be collisions, i.e., for two a, b, (hash) = hash(b).Note also that the inverse of a hash function is not a function.
3. Crypto-hash functions, chash, are used in storing passwords, etc.A few famous crypto hash functions are MD5, SHA1, SHA512. Everycrypto hash function is an ordinary hash function also.
4. The result r of chash(a) is known as a hash of a. The r is notconsidered an encryption of a.
5. The crypto hash functions are so carefully designed/ constructed/implemented that, until recently (?), there was no 'computationallyfeasible' algorithm that can be applied to the following problem.Because of this they are also called one-way.
6. Suppose we already know, chash(a) = y, where a is a plain textinput, and y was the result of a crypto-hash function chash.Discover a b so that: chash(b) = y.
7. For MD5 and SHA1, in the last few years, the above problem has beensolved.

2.6 Dictionary Attack

1. Brute force 'decryption'
2. Crackers obtain /etc/passwd and /etc/shadow files through othertechniques, and crack the encoded passwords on their own computersystems.
3. To speed up password cracking, a dictionary of words and well-knownpasswords are encoded using all possible salt values. These arecompared with the encoded passwords in the /etc/shadow file.These are compared with the encoded passwords in the /etc/shadowfile. Several machine-readable collections of dictionaries areavailable for various uses, including cracking.
4. An 8 character password encodes, with salt, to one of 4096 * 13character strings. So, a dictionary of say 2,000,000 common words,names, passwords, and simple variations would amount to some 20 GB.

2.7 Rainbow Tables

1. ./Rainbow-Tables What are Rainbow Tables? These use good amount ofdiscrete math.

2.8 Cracking Services

1. https://haveibeenpwned.com/ Check if you have an account that hasbeen compromised in a data breach!
2. https://www.onlinehashcrack.com/ 'Online Hash Crack is a passwordrecovery service assisting pen-testers & security experts since2008.' Non-profit.

3 Some Well Known Cracking Tools

1. Crack programs now use GPUs (visit e.g.,http://www.cryptohaze.com/) in parallelizing and can try billionsof hashes per second.
2. http://sectools.org/tag/pass-audit/ Password Audit tools. Rankedby votes.

3.1 John-the-Ripper

1. JTR is a password cracker. Linux/Unix, Windows. Command line.apt-get install john Installs john, unshadow, etc.https://github.com/magnumripper/JohnTheRipper
2. Suppose we have a file of salted and encoded passwords, such as/etc/shadow of Linux. John can try hard to crack these into plaintext. Can take hours.
3. Attempts (i) a dictionary attack, (ii) combined dictionary words,(iii) hybrid attack of dictionary words with special characters andnumbers, (iv) brute force.
4. John prints a status line when a key is pressed. John can createmultiple named sessions. http://www.openwall.com/john/doc fulldocs, including download links, etc.
5. http://rafaveguim.github.io/cracking/passwords/jtr/2016/05/05/jtr-research-lab/ Generate charts with --external=AutoStatus and chart_logs.py . 2016.

3.2 Hashcat

1. Hashcat is a 'password recovery' utility, using CPUs, GPUs, andother hardware accelerators on Linux, Windows, and OSX. Can dodistributed password cracking.

3.3 RainbowCrack

1. http://project-rainbowcrack.com/ RainbowCrack uses rainbow tablesto crack unsalted hashes. It differs from brute force hashcrackers. GPU acceleration is a key feature of RainbowCrack. Itcan offload most runtime computation to GPUs (NVIDIA/ AMD).
2. http://project-rainbowcrack.com/table.htm A List of RainbowTables. Key space of 13,759,005,997,841,642. Several TB ofgenerated rainbow tables for LM, NTLM, MD5 and SHA1 are listed.Not (all) free.
3. http://project-rainbowcrack.com/ has freely downloadableexecutables for all major OS:
   1. rtgen: generate rainbow tables,
   2. rsort: sort the rainbow table;
   3. rcrack: find the password.

3.4 CrackStation

1. https://crackstation.net/ CrackStation uses massive pre-computedlookup tables created by extracting every word from the Wikipediadatabases and adding with every public password list.
2. Buy crackstation-wordlist password-cracking dictionary. Theirlookup table implementation (PHP and C) is available athttps://github.com/defuse/crackstation-hashdb

3.5 Hydra

1. Attempting to visit http://www.thc.org/ may produce the ominousGoogle warning: 'The site ahead contains harmful programs'.Personally, I think, this site is safe to visit. But, go withyour own instincts.
2. 'Hydra is a parallelized login cracker which supports numerousprotocols to attack. It is very fast and flexible, and new modulesare easy to add. This tool makes it possible for researchers andsecurity consultants to show how easy it would be to gainunauthorized access to a system remotely.'
3. 'When you need to brute force crack a remote authenticationservice, Hydra is often the tool of choice. It can perform rapiddictionary attacks against more than 50 protocols, includingtelnet, ftp, http, https, smb, several databases, and muchmore. Like THC Amap this release is from the fine folks atTHC.' – http://sectools.org/tool/hydra/
4. apt-get install hydrahttps://www.thc.org/thc-hydra/ ;https://github.com/vanhauser-thc/thc-hydra;http://tools.kali.org/password-attacks/hydra
5. THC-Hydra http://sectools.org/tool/hydra/ 'When you need to bruteforce crack a remote authentication service, Hydra is often thetool of choice. It can perform rapid dictionary attacks againstmore than 50 protocols, including telnet, ftp, http, https, smb,several databases, and much more.' Multi platform.
6. Hydra can generate passwords.

   Read the manual for details.

7. Cracking hydra -l pmateti -P passwordhashes.txt 192.168.17.223 ssh

3.6 Brutus

1. Brutus https://github.com/mjosaarinen/brutus is an open sourceonline password cracking tool. For both Linux and Windows. HTTP,POP3, FTP, SMB, Telnet, IMAP, NNTP, NetBus, etc.

3.7 Medusa

1. apt-get install medusa
2. http://foofus.net/goons/jmk/medusa/medusa.html Medusa ParallelNetwork Login Auditor.

3.8 L0phtCrack/ Ophcrack

1. Ubuntu: apt-get install ophcrackhttp://ophcrack.sourceforge.net/
2. OphCrack is a free rainbow-table based password cracking tool forWindows, Linux and MacOS. It cracks LM and NTLM hashes. Free andpremium rainbow tables. It is among the most popular Windowspassword cracking tools (Cain and Abel is probably the mostpopular; see below).
3. L0phtCrack is an alternative to OphCrack. It attempts to crackWindows passwords. It also uses dictionary and brute force attacksfor generating and guessing passwords.
4. L0phtCrack was acquired by Symantec and they promptly discontinuedit in 2006. Later, L0phtCrack developers re-acquired this tool andre-released it in 2009.

3.9 PACK

1. http://thesprawl.org/projects/pack/ Password Analysis and CrackingKit (PACK) of Defcon 2010.

3.10 Cain-and-Able For Windows

1. http://www.oxid.it/ last release 2014; Cain and Abel is a password'recovery tool' for Windows. 'It allows easy recovery of variouskind of passwords by sniffing the network, cracking encryptedpasswords using Dictionary, Brute-Force and Cryptanalysis attacks,recording VoIP conversations, decoding scrambled passwords,recovering wireless network keys, revealing password boxes,uncovering cached passwords and analyzing routing protocols.'
2. 'Cain and Abel can crack passwords using a dictionary attack,rainbow attack, and brute force. … It is also a great ARPPoisoning and MiTM tool.'

3.11 Aircrack-Ng

1. http://www.aircrack-ng.org/ Aircrack-NG can crack WEP or WPA2passwords. It uses the FMS attack along with other useful attacktechniques for cracking password. For Linux and Windows. Capableof creating an Evil Twin, etc.

3.12 Miscellaneous

1. http://wfuzz.org/ + https://github.com/xmendez/wfuzz Wfuzz is a Pythonbased flexible web application brute forcer which supports variousmethods and techniques to expose web application …
2. Crack programs now use GPUs (visit e.g.,http://www.cryptohaze.com/) in parallelizing and can try billionsof hashes per second.
3. Application Specific Crack tools
4. http://sectools.org/tag/pass-audit/ Password Audit tools. Rankedby votes.

4 Password Cracking using Cloud Services

4.1 CrackStation

https://crackstation.net/CrackStation uses massive pre-computed lookup tables to store amapping between the hash of a password, and the correct password forthat hash.

'The hash values are indexed so that it is possible to quickly searchthe database for a given hash. If the hash is present in the database,the password can be recovered in a fraction of a second. This onlyworks for 'unsalted' hashes. For information on password hashingsystems that are not vulnerable to pre-computed lookup tables, see ourhashing security page.'

Crackstation's lookup tables were created by extracting every wordfrom the Wikipedia databases and adding with every password list wecould find. We also applied intelligent word mangling (brute forcehybrid) to our wordlists to make them much more effective. For MD5 andSHA1 hashes, we have a 190GB, 15-billion-entry lookup table, and forother hashes, we have a 19GB 1.5-billion-entry lookup table.

4.2 Kali Linux on Cloud

1. https://www.kali.org/news/kali-linux-aws-cloud/ December 2, 2016'We’re happy to announce that we’ve once again listed our KaliLinux images on the Amazon AWS marketplace. You can now spin up anupdated Kali machine easily through your EC2 panel. Our currentimage is a “full” image, which contains all the standard toolsavailable in a full Kali release. Once your instance is running,connect to it with your SSH private key using the “ec2-user”account. Don’t forget to update your Kali instance to get thelatest packages and bug fixes. Type as root (or sudo): apt update&& apt dist-upgrade. We are “selling” these images on themarketplace for free, so other than the regular Amazon charges,there are no extras to pay. The Kali team would like to take thisopportunity to thank r0kh for his efforts of getting Kali back ontrack (no pun intended) and working flawlessly in AWS. If you planto use these Kali images for penetration testing in an AWSenvironment, make sure you check out the Amazon penetration testingrequest form.'
2. https://www.kali.org/news/azure-marketplace-weekly-iso-builds/ September 13, 2016
3. https://github.com/offensive-security/kali-cloud-build Kalibootstrapping script for Amazon Machine Images (AMI)

5 Lab Experiments on Passwords and Cracking

Objectives: To help you gauge the level of security offered by thetypical password systems. The goal is to crack as many passwords aspossible in the inputs described below. This can take hours on fastlaptops/ desktops in 2017, if you do not take advantage of multiplecores or GPU. Our goal in cloud computing is to crack as fast aspossible.

Record how many pass words can be cracked and how fast. Try John theRipper and one other of your own choice.

The following summarizes./password-labs.html

5.1 Example Inputs

1. You may want to construct your own examples of the passwd andshadow files, where you know the passwords you used.
2. Design a password that is not crackable by any of the tools.

5.1.1 Example #1 Three User Names and Passwords

1. MD5 examples shown from machine M1 in the /etc/shadow fileformat. Just three entries.

5.1.2 Example #2 from a Real Linux Machine Setup

1. ./Linux/etc/shadow file is taken from one of our lab accounts froma previous term. Uses salted MD5.

5.1.3 Example #3: SHA512 Password Hashes

1. Since MD5 is considered 'broken', Linux distributions have moved tousing salted SHA512 password hashes (crypt id 6, i.e., $6$),which are several orders of magnitude more difficult to brute-forceor generate rainbow tables for. Example lines from machine M2:
2. The lines below are the same as above but split into muliple linesfor readability:

5.2 Password Cracking Word Lists

1. The following are readily available 'word lists' in the context ofchoosing good passwords. This is obviously not an exhaustivelist. Note also that some files are populated at multiple sites.These are collections of broken password databases.
2. /usr/share/wordlists/* of the Kali Linux distribution.
3. ./500-worst-passwords.txt Worst passwords that were actually in use.
4. http://weakpass.com/lists More of the above kind. A largecollection. Totaling in the GB range.
5. https://github.com/danielmiessler/SecLists/ is the securitytester's companion. It is a collection of multiple types of listsused during security assessments. List types include usernames,passwords, URLs, sensitive data grep strings, fuzzing payloads, andmany more. It includes a collection of password lists. Itincludes the RockYou lists.
6. http://contest-2010.korelogic.com/wordlists.html wordlists used in'Crack Me If You Can' contest of DEFCON 2010.
7. https://wiki.skullsecurity.org/Passwords Passwords that were leakedor stolen from sites.
8. http://www.justpain.com/ut_maps/wordlists/ Not just passwords.Words tokenized from books, etc.
9. http://www.adeptus-mechanicus.com/codex/hashpass/hashpass.php Hashdumps and Passwords 2014
10. http://www.openwall.com/wordlists/ 'This wordlists collection is aresult of processing many hundreds of public domain wordlistfiles.' Full version is not free. The reduced freely downloadableversion is available at https://download.openwall.net/pub/.
11. Mark Burnett, Today I Am Releasing Ten Million Passwords, 2015.'This is completely absurd that I have to write an entire articlejustifying the release of this data out of fear of prosecution.'

5.3 Cracking Tools

1. Download (or find/ discover in Kali/ BT5) at least two passwordcracking programs. You can find several by searching the web.
2. Depending on the tools downloaded, you will need to builddifferently. Do this as an ordinary user, not as root, unlessimpossible. You may also need to download 'dictionaries' for useby the tools.
3. John the Ripper (john) is a fast password cracker.

6 References

1. http://fsecurify.com/using-ordered-markov-chains-and-user-information-to-speed-up-password-cracking/ Reference
2. http://www.admin-magazine.com/Articles/John-the-Ripper CheckingPassword Complexity with John the Ripper, 2013? Recommended Reading
3. https://labs.mwrinfosecurity.com/blog/a-practical-guide-to-cracking-password-hashes/ Recommended Reading
4. http://rafaveguim.github.io/cracking/passwords/jtr/2016/05/05/jtr-research-lab/ Uses hashcat, hashcat utils and PACK. Reference

7 End

If you’re trying to use the internet but you’ve got no data, then you’ll need to connect to a wireless network. However, not everyone has access to wifi at their home or when they’re out in public.

One way that you can get access to a wifi router is by hacking into it and getting it’s password. Doing this you can gain access to the internet, but you have to know how to do this properly. But how exactly do you do this? Well, let’s look at how it can be done.

How to Hack Wifi Passwords

If you’re trying to hack into a wifi network, then you’ll need to be able to gain access to it’s password. The best way for you to do this if you haven’t accessed this network before it by using a cracking software, like Cain and Abel. This can help you gain access to another wifi network by cracking their password hashes.

However, if you’ve already accessed a wifi network before, then this is going to be much easier for you. So, let’s start with how to find the password of a wifi router that you’ve already logged into before. Then, we’ll look at hacking into a router you’ve not accessed before.

Wpa2 Encryption Key

How to Hack Wifi You’ve Already Signed Into

If you’ve already signed into a wifi router in the past, then this is going to make it much easier for you to hack into the network again. This is because you can see the wifi password by simply using the command function.

Wpa2 Encryption Type

The first thing that you’re going to want to do is to get the wifi password from your past connections. This can allow you to log into the wifi very easily, just by entering the name or SSID of the router.

Cain And Abel Wireless Password Cracker

If you’re on a Mac, then you’ll want to go ahead and open Terminal. You can do this via the Finder. Then, all you’ll want to do is enter this into terminal;