Tuesday, 11 September 2012

Brute forcing WPA/WPA2 handshake with john the ripper

Please refer to this article for a tutorial on how to obtain a handshake.

How to crack WPA/WPA 2 with aircrack-ng (Backtrack 5) 

The limitation of a dictionary attack is that unless the password is in your dictionary file, your attack won't be successful. Another way to obtain the password is to brute force it with john the ripper. In theory it is possible to crack ANY password with this method, but it might take a million years to crack a full 128 ASCII characters password with your computer.

Ok, the command:

This was on Backtrack
/pentest/password/jtr/john --stdout --incremental:all | aircrack-ng -b (bssid) -w file.cap (wpa handshake file)

Debian
sudo apt-get install john
/usr/sbin/john --stdout --incremental:all | aircrack-ng -b (bssid) -w file.cap (wpa handshake file)
By default john will only try passwords with 8 characters or less. However, the minimum  pass-phrase length for WPA is 8.You need to edit the john.conf file to change the max length of the output.

"--inrecemtal:all" means that john will try all 128 ASCII characters, which will  take thousand of years to complete if the password has a proper lenght. You can also try -i:digits for numbers only or -i:alpha for a to z.

Good luck.

P.S.: You might be interested in this simple Linux dictionary password cracker written in python:  Article
at
Labels: , , , ,

3 comments:

  1. Anonymous18 April 2013 at 10:44

    i edited the john.conf file to bruteforce 8 characters and more but when executing the command it returns with error

    "MaxLen = 10 exceeds the compile-time limit of 8

    There are several good reasons why you probably don't need to raise it:
    - many hash types don't support passwords (or password halves) longer than
    7 or 8 characters;
    - you probably don't have sufficient statistical information to generate a
    charset file for lengths beyond 8;
    - the limitation applies to incremental mode only."

    ReplyDelete
  2. Algo12 April 2014 at 16:21

    Can this be done with THC Hydra (its imho much better)

    ReplyDelete
  3. rerokoa9 November 2015 at 21:29

    it works .. for me ..
    but this command doesn't working
    "--incremental:all" you either type "incremental=" leave it blank or use one of the incremental types you fin in /etc/john/jon.conf
    the question is if i leave it blank or if i use "ASCII"
    will this include uppercase and special characters ?

    ReplyDelete

Subscribe to: Post Comments (Atom)

How to download a portion of Youtube Video with youtube-dl

First make you have both youtube-dl and ffmpeg installed: sudo apt install youtube-dl ffmpeg Then download a portion of your desired...