Local Tech Repair: WPA password testing - Pyrit

Sunday, April 3, 2011

WPA password testing - Pyrit

Today I am going to talk to you about what type of password you have for your wireless connection at home. Many of us know that WEP encryption for your wireless connection is all but compromised and does not work. You are able to find video after video showing you how to crack a WEP password in less than 5 mins. Even we here at Local Tech Repair have written an article on how WEP is cracked and how easy it is. If you have not checked that out check it out here.
If you are wanting to find out how secure your password for your Wireless connection truly is well then lets take a look in to the world of WPA PSK cracking

For those that don't know WPA is short for WiFi Protected Access. This Started to be implemented when research started coming out about how insecure WEP (Wired Equivalent Privacy) was and in 2003 was passed by WPA because WEP was to insecure. Though many routers still present WEP as the first choice for setting up your wireless network.

So now that we have a little history lets start testing it. So far no Major hole has been found in the WPA encryption algorithm like WEP has. Though that does not mean that WPA does not have some holes that can not be exploited to help a hacker gain access to your network.  The problem with most routers is that they mostly all rely on PSK or Pre shared keys. This allows hackers to pre complie an hashes for your router to test them at a much faster rate later. A great techy explanation can be found here: http://pyrit.wordpress.com/the-twilight-of-wi-fi-protected-access/

So are you secure. lets check some basics first. If you are using a word for your password like a Hollywood actors name or your favorite football player then yes you are extremely vulnerable.
If you are using WEP well then yes we know someone can get on your network in 5 mins.
IF your password is a phone number then your password can be cracked in less than a day by a modern laptop(with GPU) of all things.  if you use a common ESSID for your network name. like "linksys"
for top 1000 list of already made rainbow tables for Essid names check here:
so how does someone go about testing.

first thing we will need is a to capture a WPA handshake you can do this by using the WepCrack gui

once you done that you will need to install Pyrit.

you can test to make sure that pyrit is working by doing

pyrit benchmark
if you don't have CUDA or the ATI equivalent your pyrit will be very slow. you need a GPU (Dedicated graphics card) to be able to crack a WPA password fast. For instance my 2.6 Ghz dual core processor can brute force at 500 pmks  per second but with a cheap graphics card in the laptop it runs at 4000 PMKs per second. This is a cheap graphics card also the higher end ones on desktops do 60,000 PMKs per second.

but thats a different topic.  so basically to help save time it is easy to find password list online to help you with your problem to speed up the process. for instance a collection of password lists to add would be from this link
this is a list of different common passwords from a respectable  and educated hacker/cracker.
also for a more random list if it is not a word check out

both of those can go in to your pyrit database to be compiled to help crack your essid.

so we first need to add your essid to the database
pyrit -e your_essid create_essid
then we need to upload your wordlist to the database
pyrit -i dict.gz import_passwords
then we need to crunch the numbers for the database (this will take a long time)
pyrit batch
then we can go through and test the handshake we found
pyrit -r your_essid.dump.gz attack_db
this will check your database if there the password is in the database. this should go fairly fast.

The advantage of using pyrit to do all this is that for the batch process your able to share the work load across as many different computers you want across the network as you want. this greatly reduces the batch processing time.

I hope this helps you start looking in to using strong passwords that are long. I would suggest passwords greater than 20 characters. remember you only really have to type the password in to your computer once and most computers remember the password. this greatly secures your wireless and less likely for your personal information to be stolen or cost you money.

thanks for reading.
Admin Local Tech Repair

legal: this is for educational purposes and we do not take any responsibility with what you do with your new found knowledge or any of your knowledge.

if you have a comment please post bellow