The highest form of ignorance is when you reject something you don't know anything about.

Wayne Dyer (b 1940)

Cracking WPA with KisMAC

Cracking WPA with KisMAC

1) How To
2) Probabilities 
3) Energy Needed 
4) Size of Wordlist files

I have received a lot of questions in regards to cracking WPA with KisMAC, or any other "WPA cracker"
Alas, a lot of them showed deep signs of misunderstanding in regards to the basics of WPA. (Not WEP, WPA!)

If you are here for the dictionary attack files, you may want to consider this page HERE
You may make a small donation and receive a pack of State-Of-The-Art  WPA Dictionary Attack files or Wordlists

For the Top Used Passwords, it's here 
For Installing Aircrack-ng on your Mac, it's here  (10x recovery speed)
 
Otherwise, if you are on the cheap side, and before I start, I would suggest you to watch the following video. If you already know KisMAC jump directly to  05:14.
If you are not a KisMAC expert, watch it entirely. Take a pause. Repeat.
http://www.youtube.com/watch?v=Pyiz2Mct6dk



Few Things:
We are here, specifically talking about KisMAC &  Aircrack, Not "pro" rated dedicated hardware or large scale operations (Electronic Frontier, CIA, NSA, Botnet & Al.)

- WPA passwords have between 8 and 63 Characters
- The only known (as of Jan 2010) vulnerability to WPA is a Bruteforce attack.
- A Bruteforce Attack is simply to try password after password after password.... either precomputed or listed in a file.

The password or "Key" in a WPA is "Salted" and "hashed", Hence when KisMAC or Aircrack "read" a password in a Wordlist, it has to "de-hash" the password 4096 times before really trying it!
The precomputed solution involves rainbow tables, the downturn is that you have to stick to specific precomputed tables only working whit ONE specific SSID.  

A Bruteforce attack is:
a) Time consuming
b) The most "simplest" attack, hence the dumbest.
c) Time consuming
d) Not guaranteed to work
e) Time consuming

If you are in hurry, you can jump directly here and start downloading wordlists and dictionary files, but before you do, I would highly suggest reading the following or you may find yourself highly disappointed.

Tip #1  Having Aircrack-ng on hand and ready to run is a very good idea: It will make any recovery attempt about 10 times faster.  Even better, take a try at Pyrit-cuda.  Pyrit-CUDA is at least 2 times faster than Aircrack-ng. Sometimes, much much more...

Tip #2  A Wordlist is only as good as the password listed inside. You can find wordlists of about 30GB in size that contains 99% junk. It's useless! and you waste 99% of your time.
A good wordlist should be composed of known password used by real people, and sorted by most used first: It may shorten you recovery attempt by few hours ....Or days ....

This Dictionary is made only of real passwords, then all occurrences are counted and then sorted by the most used first.
Why?  humans are really bad at passwords, so they tend to use the sames ones.
When you generate your own wordlist, the generator often creates them in a alphanumerical order.

- Let's pretend that the password to crack is "123456789" and that you are generating a Wordlist made out of:
- Only numbers
- Between 8 and 10 Character long

First issue, the Wordlist is  14,560,526,225 characters long, and that translate to 14560 MB
Second issue, the password 123456789, will be, at best , on position 123,456,789 and it would have taken you about 114 hours to reach that position.
If you have a "smart" Wordlist, with the most used first, you're in for about 1 second.
(123456789 is one of the most used passwords)
So, it's your call: 114hours or 1 second?   Personally, I would take the shortcut 

Now, if you plan on all Alphanumerical characters,  8ch long,   it's 2 petabytes of size ...

You can create your own,  download them, or take the shortcut 

You can also read more about hacking Wireless: I personally highly recommend
the following book: Hacking Exposed Wireless, by Cache, Wright & Liu. Joshua Wright is the Author of the CoWPAtty software.
Everything is explained in detail, from the ground up. 



Back to business: Cracking WPA

Step 1: 
Capture the 4way Handshake
Before doing anything, you need to capture the handshake between the AP (Access Point) and the Client. The handshake is sent when a client connects to the AP.  This process of "listening" to the AP-Client can take some time. In order to speed up this process you can use a Deauthentication Attack.  The Deauthentication is a bit like a Ddos and will simulate a "kick out"and force the AP to respond.

Step 2:
Once the handshake has been captured (green gem), just use either:
KisMAC or Aircrack-ng.  Just for speed sake, I use Aircrack.  Aircrack is churning about 10 X faster than KisMAC when it comes to WPA.

As a repeat:
How to install Aircrack Native on Mac
Pyrit-CUDA on a Mac

Why is it so long to crack WPA? 

You may noted that I mentioned "Time Consuming" 3 times.
Here is why:
First, the shear number of possibilities is mind boggling! A WPA is between 8 and 63 characters long. (numbers, LETters and signs)

Second, a WPA password is "Hashed" and "Salted". No it does not mean "cooked"
it's the old trick of taking the character "H" and transforming it into a "Z" for example.
Now, if you do that on a table of 127 characters, multiple times in a row, it's getting complex to decipher.
Well, a WPA is hashed 4096 times ....
So, Aircrack-ng or KisMAC have to churn 4096 times before trying the password. Trying to decipher a Pairwise Master Key (PMK) is equivalent to pushing about 1MB of data trough your CPU.  1400 PMK/s is 1400 MB sec of data being computed.  This is why you'll see 99% resource used. The CPU is at full blast!
It slows down the process, and it's made for that purpose.  

One solution is to use your GPU to help the CPU crunching data. (CUDA) and the other is to pre-compute the PMKs.  Once precomputed, Pyrit will go trough it like soft butter.

It is widely recognized that, you have a chance to find the password before you run the all test. That chance is 50%.
Hence, you -theoretically- could find the password in half the time needed to run all the possibilities.
That was the good news.

Now,  the bad news:
Probabilities 
Energy Needed 
Size of Wordlist files


Let's assume that a "password" to be cracked is composed of 1 Character and only composed of numbers:   The possible solution is either : 0, 1, 2, 3, 4, 5, 6, 7, 8, 9
We then have 10 possibilities maximum.

Now, we move to a 2 characters password
The possible solution is either : 0, 1..., 11, 12, ....22, 23, 24....95, 96, 97, 98,  99
We then have 100 possibilities.
Adding a simple 1 character to the password made the possibilities jump from 10 to 100.
We understand now that it's not a multiplication, but the power of.
The issue?
We said previously "WPA is between 8 and 63 Characters"
Numbers : 10 Possibilities per digit
10^8 = 100,000,000.   That is 100 million possibilities
If the password is 63 Characters long:
10^63 = 1,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000

That's a vigintillion (!)

And this number is only for passwords made only of numbers.
Now, go get an Advil and come back after.

Picture that:  Each password has the size of grain of sand! very fine sand, about 0.15mm
ok? Pictured?
Now, you have Aircrack-ng installed, and run about 1750 passwords per second
Let's assume that you know that the password is made ONLY of letters, mixed Cap.
You also know that the password is 10Ch long, something like that:  "MyPassWord"

As you do not have any statisticaly sorted Wordlist, you'll try them one by one, starting at:"aaaaaaaaaa" and finishing at "ZZZZZZZZZZ"
So: "aaaaaaaaaa" "aaaaaaaab" "aaaaaaaaac" "aaaaaaaaad" etc etc

You now have an hourglass, and the sand flows at a rate of 1750 grain of sands per second....
So, your 10^52 possibilities translate by an hourglass of ?  size please?
Only 60 cubic miles! 
at the rate of 1750 grains/second, you will fill a inch cube in about 45min , or a cubic foot in a bit less than 54 days...
That is unless you have a statistically sorted Wordlist.

Possibilities by Character type:

Numbers only:                         10 per Ch.
Letters, lower case                   26 per Ch.
Letter, lower and upper case    52 per Ch
Numbers + Letters                   62 per Ch
Numbers + Letters + Shift       74 per Ch    !@#$%^&*()_+
Printable Characters                127 per Ch    (including "space")
Full ASCII                               255 per Ch   (including "space")


So, here we are.
A very stupid "average password" length of 9 Ch, composed of letters only, will run at:
2,779,905,883,635,710 possibilities.
If the "password creator" had the bad idea to use the full range:   4.55892E+21  possibilities.

So, as KisMAC runs at about 150 passwords per second, you can expect to crack a WPA using "blind bruteforce" in a bit less than ......

Take a guess...

6       Months?
13,7  Years?
900 Years?
131 Million Years?
Longer than the universe has existed?
10 times longer than the universe has existed?

And your answer is .... ?

Click here to find.

So....
Doubtful?

Okey, I know .... rainbow tables, precomputed tables, distributed attack and Moore's Law.
So, your dad is Bill Gates, and he buys you 100,000 computers running each at 1,000,000 passwords per second.
Still, a mere 23,611,832,414 years to go.... Still twice as old as the universe.

If ALL the people on earth had a laptop and were doing it simultaneously, it would still take 2.2 billion years to crack a random password type:  -M ^7$:@é

The mythical googol number 1 and 100 zeros is reached at 42 characters ASCII password: 1.1876E+101
So, the odd of cracking a 42 ch at the first try is equivalent to tossing 333 coins in the air and having all of them landing on the head.

But here comes the funny part....
Supraconductor CPUs  are not invented yet .... hence, you consume energy and produce heat ...

My MacbookPro, as per Apple,  can consume up to 263 Watts and produce up to 800 BTU/h on intensive use. Password cracking is very intensive.
Where i am, a kWh is about $0.20

So, what could be the cost of running a Bruteforce attack on a 9 ch long password, full ASCII?
Very simple ... time x power needed  =   4.98681901 × 1016 gigawatts
In short, you'll need more electricity than the world produced in 2006. About 3 times more.
The electrical bill would bankrupt the USA, and you'll produce a heat wave able to boil an ocean.
BTUs speaking, it's equivalent of burning:  1,196,836,561 Billion of gallons of gasoline
or just 7,978,910,409,456,55,000 Cords of wood  (a Cord is 3.6 cubic meter (for you metric adorateurs)

The cost of the joke, as of 2010, would be $ 9.9 Trillions of Trillions of Dollars.

So when I hear, or see, people pretending cracking WPA in 75% of instance in less than 2 hours... I have some doubts ... I seriously would like to see that with my own eyes.
All demos on YouTube are showing either: Password known by the demonstrator or pseudo test made with 2 ch left to find.   

In my humble opinion, cracking in "Blind mode" is just pure waste of time and electricity. You have greater chances to win the lottery than to crack a random 15 Ch in your lifetime. (with our actual possibilities)

The third reason why I don't try in "Blind Mode" is the shear size of the Wordlist(s).
Let's take a look and assume that you know that a password is only composed of numbers, and Oh! luck! it's JUST 8 Characters. In Short a baby WPA password.
As you do not know any of the numbers of the password, you decide to create a wordlist with a generator
Starting at  00000000 and finishing at 999999999  (all permutations)
the result will create a dictionary file (.txt) of 954 megabytes

For the Geek of it , look at the following table
Numbers Only
8 Ch       954 megabytes
10 Ch     114,688  megabytes
15 Ch    16,106,127,360 megabytes or just a bit more than 31,500  500GB hard drive.
As for letters, lower case only
8 Ch       2,097,152 megabytes
10 Ch     2,147,483,648 megabytes
etc etc ...Got space?

You have now grasped the issue: Running a Bruteforce Attack on blind mode is highly inefficient
 


If you go "pro", yes,  you could:  Very large distributed attack can run about 90,000,000,000 tests per seconds, and consume enough electricity to sustain a small town...
I suppose now you understand why Phishing was invented, ditto for Keyloggers.


Nevertheless, you'll be (-may be-) able to crack if you use your brain before.
  • Test with known passwords first and develop from there.
  • Use appropriate dictionary files (the Russian one will not help you if you are Japan)
  • Use your brain 
  • Precompute when possible, If possible
  • Look for existing data on password occurrence (what is the average password length, most used characters, least used , language, etc )
  • If you NEED a connection, just ask your neighbor (politely) 
  • Use a 6 or 12 pack as lubricant. 
  • USE Flowers or chocolate if your neighbor is a "she". You may get more than one connection.

You may have heard of the Yahoo! password heist.
10,000 passwords and emails listed on the web, plus another 30,000 accounts of Gmail and Comcast compromised.
According to serious sources, the list was a possible snippet of 250,000 emails and passwords for resale.
Email? not a big deal, huh? who cares? they just need to read your emails, go to your online banking, and reset the password. They will get the message. You won't ....
I could not access the list on time*, but the excellent Reusable Security Blog did
Here is his (Matt Weir) analysis about what you use

*I  did later, Including the amazing RockYou heist : 32,600,000 passwords

So on to the analysis:
  • Total Passwords: 9,845 - This number excludes all the e-mail addresses that had blank passwords
  • Average Password Length: 8.7 characters long
  • Percentage that contained an UPPERCASE letter: 7.2%
  • Percentage that contained a special, (aka !@#$), character: 5.2%
  • Percentage that contained a digit: 51.7%
  • Percentage that only contained lowercase letters: 43.3%
  • Percentage that only contained digits: 17.6%
  • Percentage the started with a digit, (aka '1password'): 25.0%
  • Percentage that ended with a digit, (aka 'password1'): 44.1%
  • Percentage that started with a special character: 0.5%
  • Percentage that ended with a special character: 2.2%
  • Percentage that started with an uppercase letter: 6.1%
Overall letter frequency analysis:
aeoi1r0ln2st9mc83765u4dbpghyvfkjAzEIOxRLwSNq.MTC_DB-UP*G@H/ZYF+VJK,\$&X!Q=W?'#")(%^][}< {`>
First character, letter frequency analysis:
a1mbc2sp0lterdjfgn3hi6k759vo48yAwMzBSCuqPLExJRTFDGNV*HOZYKI\W@/-+(.$U&?Q^[,#
Last character, letter frequency analysis:
aos01326e57849nrilydzmtuAhbO.gck*SxpfE@+LvjNRw_-I?/$q!ZX)YKH"UPMDCB#GF'&%}T,]\VJ(
As a repeat, the previous is from Matt Weir, from Reusable Security
         

              Last but not least:
             GOOD LUCK !

    Dictionary files & Passwords lists

           

     

     
     

    14 comments:

    1. hey man. i start the capture and i just get a kernel error. haft to restart my comp.

      ReplyDelete
    2. Hi, I've been scanning for nearly 12 hours now, and I still haven't captured any handshakes. I'm using Alfa AWUSO36H on Mac 10.6.8. No drivers installed, I've tried deauthenticating and I'm on the AP channel. I'm not sure what I'm doing wrong. Thanks for any help.

      ReplyDelete
    3. Akiko,
      Many things can go wrong. if it's your AP, try to re-connect with Airport, that will re-send the 4w EAPOL
      I would need much more details to know what's really going on.

      ReplyDelete
    4. I've tried your suggestion, and it didn't work. What other details would you need? Thanks

      ReplyDelete
    5. Akiko, before sending it all, try the following:

      Try a Flood and dehauth.
      second, with KisMAC on, turn the router off/on

      Do you have the make and model of the router? some of them are "deauth" proof

      ReplyDelete
    6. can i try crack wpa without the handshakes?

      "Capture the 4way Handshake"

      (i know i can TRY, but, it works?)

      after all, the attempt is a bruteforce.

      for what you used the handshake?

      ReplyDelete
    7. "can i try crack wpa without the handshakes?"
      No. Period.

      "for what you used the handshake?, after all, the attempt is a bruteforce. "

      4 way EAPOL. you need to bruteforce something, no?

      ReplyDelete
    8. yeah...i think i couldnt express myself in english right! =/

      as I would have had someone with your knowledge and good will as you and who speaks my language! lol
      ---
      bruteforce is nothing more than trying all possible combinations of passwords to get through a login
      up to here everything is fine =D

      but, if im going to use bruteforce on kismac to crack a wpa, why i need to get the handshakes? what que utilities of them?

      Another possibility, and worst
      if the network can´t give me the handshakes? what you should do instead?

      Sorry to be boring, but really could not understand what the handshake helps in bruteforce

      and why i cant try de bruteforce without the handshakes!
      after all, the brutefoce will try all combination, with or without the handshakes, no?

      I hope I was clearer this time lol

      thanks

      ReplyDelete
    9. Hello, sorry. I have a problem with kismac wpa 2 craking. When i get the 'green light' I select my file, but then nothing happens. Not even an error, just nothing. I have tried several times with the same result. I am using kismac 0.3.4 (beta for the 0.3.3 doen't work at all). I am using an airport card in passive mode. I have looked at many tutorials and i seem to be doing everything right. Is there anything that I may be doing wrong? Thank you very much.

      ReplyDelete
      Replies
      1. "When i get the 'green light' I select my file"
        -- what file? please rephrase or explain.
        -- I am not aware of a KisMAC 0.3.4 , only a 0.3.3 trunk R407
        I am ether not understanding your question, or you must be very confused: If you have a green gem on a WPA network, it indicates that the handshake has been captured. All you need to do is run a dictionary attack.

        Delete
    10. Hi. Macbook. 10.8.4. KisMac 0.3.4 Alpha1. 1) It keeps finding the same networks over and over -- I've got over 1000 in my network list. Fix? 2) When I select "encryption" and search for WEP, it clears the screen -- doesn't find anything. When no search in place, I see WEP nets. Fix? Thanks!

      ReplyDelete
      Replies
      1. What is Alpha 1.?
        You should not see 1000's of networks , they may be Ad-Hoc. Something is obviously wrong.
        Try with KisMAC2

        Delete
    11. Replies
      1. Most likely an ID 10 t error

        $ sudo RTFM & STFW

        Delete