Forum

  • A very useful 10-page security analysis on WPA/WPA2 PSKs - very useful for study purposes. Not only does it demonstrate a WPA2 PSK being cracked using the OG150, it discusses the mechanics behind the PSK cracking process and more....

    http://www.og150.com/tutorials.php
    Go to: Wireless Pre-Shared Key Cracking (WPA, WPA2)

  • Thanks for posting this.

  • Excellent Article! Tried it out on my limited setup using 2 Linux boxes (First one as AP, another operating in Monitor/Attacker Mode) and one STA(using WZC / XP). Few interesting observations as under:
    1. The only thing noteworthy here is that the crack works for so long as the PSK is a dictionary word. Tried using the default linux dictionary (w/o any mods) for that matter.
     
    2. In the event of an uncommon(aka non-dictionary) word/string being set as PSK, then it requires the same to be added into the dictionary file.

    3. The 4-way handshake may not get captured always and so trick around by forcing fake De-Auth (from the attacking machine) and chances are high to get the 4-way handshake captured

    4. May not work in a MIMO setup that uses spatial streaming. (At least not working for me currently)
       Hope this helps. Once again thank you Darren.
    Regards

  • Hi there, glad you found it useful! My comments below: 1) This is correct, you must have the PSK in a dictionary (or alternatively try and brute force). 2) As per the above, this is correct. You could try and brute force or pre-compute raindow-tables to try and 'find' the PSK. 3) You will also find that you don't actually need all 4 packets in the WPA 4-way handshake. From memory, you can crack with 2 packets - feel free to test. 4) I wasn't aware of this limitation??? Thanks Darren

Page 1 of 1
  • 1