7
0C:51:01:E4:6A:5C PJ NETWORK No data - WEP or WPA
8
C4:EA:1D:D3:80:19 WPA
(
0
handshake
)
9
78:28:CA:09:8E:41 WPA
(
0
handshake
)
10
94:9F:3E:0F:1D:81 WPA
(
0
handshake
)
11
00:25:00:FF:94:73 None
(
0.0.0.0
)
12
70:3A:CB:4A:41:37 Unknown
13
EC:AA:A0:4D:31:A8 Unknown
Index number of target network ?
While three of the SSIDs
that were caught belong to me, others do
not. Since they belong to my neighbors, it would be impolite, not to
mention
unethical and illegal, to attempt to crack those networks.
Always make sure you are working against either your own systems
or systems that you have clear permission to test.
Once we run
aircrack-ng
, we’ll be asked which target network we want to crack. You
will see from
Example 7-8
that only one network has a handshake that was captured.
This is one of the BSSIDs associated with the SSID CasaChien. As such, this is the
only network we can select to be able to run a crack against.
Selecting the network we
want will start up the cracking attempt, as seen in
Example 7-9
.
Example 7-9. aircrack-ng cracking WPA password
Aircrack-ng 1.2 rc4
[
00:00:06
]
11852/9822768 keys tested
(
1926.91 k/s
)
Time left:
1
hour,
24
minutes,
53
seconds 0.12%
Current passphrase: redflame
Master Key : BD E9 D4
29
6F
15
D1 F9
76
52
F4 C2 FD
36
96
96
A4
74
83
42
CF
58
B6 C9 E3 FA
33
21
D6 7F
35
0E
Transient Key : 0B
04
D6 CA FF EE 7A B9 6E 6D
90
0F 9E 4F E5 64
5B AA C0
53
18
32
F7
54
DE
46
74
D1 4D D0
31
CF
BC
57
D7 8A 5C B4
30
DB FA A9 BD F8
20
0C C9 19
35
F7
89
F6 2F 8A
25
74
3A
83
FD
50
F7 E5 C3 9B
EAPOL HMAC :
50
66
38
C1
84
A1 DD BC 7C 2F
52
70
FD
48
04
9A
Using
Kali in a VM, you can see that it will take about an hour and a half to run
through fewer than 10 million passwords. Faster machines that may be dedicated to
this task may be able to do the cracking faster. Larger lists will take longer to crack.