Using Pyrit for WPA/WPA2 Wi-Fi Security Cracking (with examples)
- Linux
- November 5, 2023
1: Display system cracking speed
The Pyrit command pyrit benchmark
is used to display the system’s cracking speed. This is useful to determine the performance of the system and to make sure it has enough computational power for the cracking process.
Example code:
pyrit benchmark
Motivation: By checking the system cracking speed, users can ensure that their hardware and software configuration is capable of efficiently performing WPA/WPA2 cracking. This information is crucial for optimizing the cracking process and estimating time required for successful cracking.
Explanation: The command pyrit benchmark
does not require any additional arguments. It assesses and reports the system’s performance in terms of keys per second (k/s) to give users an idea of how fast their system can attempt different cryptographic computations involved in the cracking process. This information can help users determine if their system is powerful enough to perform the required number of calculations within a reasonable time frame.
Example output:
Computed 84.45 PMKs/s total.
#1: 'CUDA-Device #1 'GeForce GTX 1080'': 95.2 PMKs/s (RTT 3.0)
In this example, the system is capable of computing 84.45 pairwise master keys per second (PMKs/s) in total. The output also shows the specific device on the system (GeForce GTX 1080) and its corresponding performance (95.2 PMKs/s) along with the round trip time (RTT) of 3.0 seconds.
2: List available cores
The Pyrit command pyrit list_cores
is used to list the available cores in the system. This can be helpful in identifying the number of parallel cores available for cracking, which can significantly speed up the cracking process.
Example code:
pyrit list_cores
Motivation: It is important to know the available cores in the system to optimize the cracking process and leverage parallel computing capabilities. By using all available cores efficiently, users can significantly reduce the time required to crack WPA/WPA2 security.
Explanation: The pyrit list_cores
command provides information about the available cores in the system that can be used for parallel processing during the cracking process. It displays the number of available CPU cores and also provides information about the GPUs (Graphic Processing Units) that can be leveraged if present in the system.
Example output:
Cores:
#1: 'CPU-Core #1'
#2: 'CPU-Core #2'
#3: 'CPU-Core #3'
#4: 'CPU-Core #4'
GPUs:
#1: 'CUDA-Device #1 'GeForce GTX 1080''
The output shows four CPU cores available for parallel processing, labeled as “CPU-Core #1” to “CPU-Core #4”. Additionally, it also displays the presence of a GPU (“GeForce GTX 1080”) that can be utilized for faster cracking.
3: Set [e]SSID
The Pyrit command pyrit -e "ESSID" create_essid
is used to set the extended SSID (ESSID) for the current database. The ESSID is a unique identifier assigned to a wireless network.
Example code:
pyrit -e "MyNetwork" create_essid
Motivation: By setting the ESSID, users can specify the wireless network that will be used for the cracking process. This is especially useful when users have multiple networks with different security settings in their vicinity.
Explanation: The -e
option is used to specify the ESSID value, which is enclosed in double quotes. In this example, the ESSID is set to “MyNetwork”. The create_essid
command is used to create an ESSID entry in the current Pyrit database, so that all subsequent operations are performed on this network.
Example output:
Added ESSID 'MyNetwork' with ID 1 to the current Pyrit database.
The output confirms that the ESSID ‘MyNetwork’ has been successfully added to the Pyrit database, and it has been assigned an ID of 1.
4: [r]ead and analyze a specific packet capture file
The Pyrit command pyrit -r path/to/file.cap|path/to/file.pcap analyze
is used to read and analyze a specific packet capture file. This allows users to extract relevant information from the captured data and prepare it for the cracking process.
Example code:
pyrit -r mycapture.cap analyze
Motivation: By analyzing a packet capture file, users can gather important information about the captured wireless network, such as MAC addresses, ESSIDs, and encrypted handshakes. This information is necessary for performing successful WPA/WPA2 cracking.
Explanation: The -r
option is used to specify the path to the packet capture file that needs to be analyzed. In this example, the file “mycapture.cap” is analyzed. The analyze
command processes the specified capture file and extracts relevant information that can be used for subsequent cracking operations.
Example output:
Analyzing file 'mycapture.cap' (1/1)...
Parsing.......Finished!
Parsed 100 packets (100 802.11-packets), imported 1 packets (1 802.11-packets), got 1 handshake(s).
The output indicates that the specified capture file has been successfully analyzed. It shows the total number of packets parsed, imported, and the number of successfully obtained handshakes. This information is essential for ensuring that the captured data is valid and sufficient for the cracking process.
5: Read and [i]mport passwords to the current database
The Pyrit command pyrit -i path/to/file import_unique_passwords|unique_passwords|import_passwords
is used to read and import passwords to the current Pyrit database. This allows users to include known or previously cracked passwords in the database for improved cracking efficiency.
Example code:
pyrit -i passwords.txt import_unique_passwords
Motivation: By importing known passwords or previously cracked passwords into the Pyrit database, users can improve the overall efficiency of the cracking process. This ensures that the cracking algorithm prioritizes these passwords, potentially reducing the time required to crack the WPA/WPA2 security.
Explanation: The -i
option is used to specify the path to the file containing the passwords that need to be imported. In this example, the file “passwords.txt” is imported. The import_unique_passwords
command is used to import only the unique passwords from the file, ensuring that no duplicates are entered in the database.
Example output:
Importing 5 unique passwords from file 'passwords.txt' to the current Pyrit database.
The output confirms that the specified passwords have been successfully imported from the file and added to the Pyrit database. It also mentions the number of unique passwords that were imported.
6: Exp[o]rt passwords from database to a specific file
The Pyrit command pyrit -o path/to/file export_passwords
is used to export passwords from the Pyrit database to a specific file. This enables users to save and share the cracking results or use them for further analysis.
Example code:
pyrit -o recovered_passwords.txt export_passwords
Motivation: Exporting the cracked passwords to a file allows users to preserve the cracking results, store them securely, or share them with others. It facilitates better record keeping and enables further analysis of the cracked network security.
Explanation: The -o
option is used to specify the path to the file where the exported passwords should be saved. In this example, the file “recovered_passwords.txt” is used. The export_passwords
command extracts the cracked passwords from the Pyrit database and writes them to the specified file.
Example output:
Exported 10 passwords from the current Pyrit database to file 'recovered_passwords.txt'.
The output confirms that the specified number of passwords (10 in this example) has been successfully exported from the Pyrit database and saved to the specified file.
7: Translate passwords with Pired Master Keys
The Pyrit command pyrit batch
is used to translate passwords with Pired Master Keys. This feature helps users to convert plaintext passwords into their corresponding Pyrit Master Key representation, which is used during the cracking process.
Example code:
pyrit batch
Motivation: Translating passwords with Pyrit Master Keys allows users to convert a large number of passwords at once. This can be useful when users have a list of plaintext passwords that need to be converted into Pyrit Master Key format for efficient comparison with captured handshakes.
Explanation: The batch
command does not require any additional arguments. It reads passwords from standard input or from a file and outputs the corresponding Pyrit Master Keys for those passwords.
Example output:
ExamplePassword1: d74ae00dd5dbd5b9013e17c6b638c56e4e8d38511d1768a7a361abcc09250518
ExamplePassword2: cd4fe044c84fd75fc8125cb100aa18fcdc2c80c4c029a976b8a770fb9f03fb44
...
The output shows the translation of the example passwords “ExamplePassword1” and “ExamplePassword2” into their respective Pyrit Master Key representations. Each password is followed by a colon (:) and its corresponding Pyrit Master Key, represented as a hexadecimal string. This output can be further processed or saved for future reference or analysis.
8: [r]ead the capture file and crack the password
The Pyrit command pyrit -r path/to/file attack_db
is used to read a specific capture file and initiate the cracking process. This combines the analysis of the capture file with the actual passphrase cracking, leveraging the captured data to recover the Wi-Fi network password.
Example code:
pyrit -r mycapture.cap attack_db
Motivation: By reading the capture file and initiating the password cracking process, users can attempt to recover the Wi-Fi network password based on the captured handshake data. This command combines the steps of analyzing the capture file and initiating the cracking process into a single command.
Explanation: The -r
option is used to specify the path to the capture file that needs to be analyzed. In this example, the file “mycapture.cap” is used. The attack_db
command starts the password cracking process using the captured handshake data and any other relevant information extracted during the analysis phase.
Example output:
Attacking handshake in capture file 'mycapture.cap'...
Index | ESSID | KEY
----------------------------------------------------------------
00:11:22:33:44:55 (0.33) | MyNetwork | ThePassword
The output indicates that the cracking process is in progress. It displays the identified ESSID (“MyNetwork”) and the recovered Wi-Fi network password (“ThePassword”) associated with the captured handshake. This output confirms the successful recovery of the network password from the provided capture file.