How to Use the Command 'pyrit' for WPA/WPA2 Cracking (with examples)
- Linux
- December 17, 2024
Pyrit is a powerful tool designed to exploit the computational power of GPUs and multi-core CPUs to accelerate the process of cracking WPA/WPA2-PSK passwords. Its ability to handle large datasets and efficiently distribute the computing workload makes it an attractive choice for security researchers and network administrators looking to test the robustness of wireless network passwords. The command line interface of Pyrit provides various use cases which facilitate everything from analyzing system efficiency to cracking encrypted passwords.
Use case 1: Display System Cracking Speed
Code:
pyrit benchmark
Motivation: Understanding the cracking speed of your system is essential for making informed decisions regarding computational resource allocation and task prioritization. The benchmark feature in Pyrit provides insights into how quickly tasks will be processed, allowing you to gauge the effectiveness of your current hardware.
Explanation:
The benchmark
command in Pyrit performs a series of calculations to stress-test and evaluate the speed of your system’s processing units (CPUs, GPUs). It doesn’t require any specific input beyond the command itself, making it a straightforward way to assess system capability.
Example Output:
Pyrit 0.5.1 (C) 2008-2011 Lukas Lueg, 2011- Jürgen Kutscher
This code is distributed under the GNU General Public License v3+
Running benchmark (375.1 PMKs/s, 1.7 seconds)
Attained maximum speed of 375.1 PMKs/s
Use case 2: List Available Cores
Code:
pyrit list_cores
Motivation: Identifying the available processing units in your system assists in optimizing Pyrit’s performance. By knowing which cores are active and available, users can better manage their computational resources for high-efficiency tasks.
Explanation:
The list_cores
command scans the system for all available cores on the CPU and any compatible GPUs. It displays the status of each core, listing details such as vendor, device name, and type of core, which helps users understand their processing inventory.
Example Output:
Pyrit 0.5.1 (C) 2008-2011 Lukas Lueg, 2011- Jürgen Kutscher
This code is distributed under the GNU General Public License v3+
Available cores:
#1: 'CUDA-Device 'GeForce GTX 1070''
#2: 'Multicore CPU'
Use case 3: Set ESSID
Code:
pyrit -e "ESSID" create_essid
Motivation: Setting an ESSID is the preliminary step in configuring Pyrit for specific wireless networks. This prepares Pyrit to work with the relevant protocol settings and password databases associated with a specific network environment.
Explanation:
The -e
option requires the user to input the desired ESSID in quotation marks. This identifies the wireless network for which Pyrit will generate Pre-Shared Keys (PSK) and initiate cracking tasks, thereby creating a tailored approach to the WPA/WPA2 cracking process.
Example Output:
Pyrit 0.5.1 (C) 2008-2011 Lukas Lueg, 2011- Jürgen Kutscher
This code is distributed under the GNU General Public License v3+
Created new ESSID "MyNetwork"
Use case 4: Read and Analyze a Specific Packet Capture File
Code:
pyrit -r path/to/file.cap|path/to/file.pcap analyze
Motivation: Analyzing packet capture files is crucial for understanding the structure of traffic within a network. This helps in identifying if sufficient data has been captured to proceed with WEP/WPA key recovery.
Explanation:
The -r
option specifies the path to a packet capture file (.cap or .pcap) that you want Pyrit to analyze. The analyze
subcommand processes this data to assess which access points and clients are present, helping users ensure they’ve captured necessary handshake data for subsequent tasks.
Example Output:
Pyrit 0.5.1 (C) 2008-2011 Lukas Lueg, 2011- Jürgen Kutscher
This code is distributed under the GNU General Public License v3+
Parsing file 'example.cap' (1/1)...
AccessPoint 01:23:45:67:89:ab ('MyNetwork'):
#1 11/04 15:32:54 Client 23:45:67:89:ab:cd
Use case 5: Read and Import Passwords to the Current Database
Code:
pyrit -i path/to/file import_unique_passwords
Motivation: Combining a diverse set of passwords significantly increases the effectiveness of cracking attempts. This command allows users to enrich their password database with unique entries from an external file.
Explanation:
The -i
flag is used to specify the input file from which passwords should be imported. The import_unique_passwords
ensures that only non-duplicate passwords are added to Pyrit’s database, maintaining efficiency and resource management.
Example Output:
Pyrit 0.5.1 (C) 2008-2011 Lukas Lueg, 2011- Jürgen Kutscher
This code is distributed under the GNU General Public License v3+
Importing passwords from 'password-list.txt'...
Imported 150 words.
Use case 6: Export Passwords from Database to a Specific File
Code:
pyrit -o path/to/file export_passwords
Motivation: Exporting passwords from Pyrit’s database allows users to back up their work, share with team members, or use in other tools or environments. This ensures flexibility in managing password lists.
Explanation:
The -o
option is followed by a file path to save the exported passwords. The export_passwords
command outputs all current database passwords into the specified file, often for safekeeping or further analysis.
Example Output:
Pyrit 0.5.1 (C) 2008-2011 Lukas Lueg, 2011- Jürgen Kutscher
This code is distributed under the GNU General Public License v3+
Export passwords to 'exported-passwords.txt' done.
Use case 7: Translate Passwords with Precomputed Master Keys
Code:
pyrit batch
Motivation: By precomputing master keys, users can dramatically reduce the time required for subsequent password checks, optimizing the process when dealing with large networks or extensive password lists.
Explanation:
The batch
command iterates over all entries in Pyrit’s database, translating each password into precomputed Master Keys. This operation is computationally intensive but results in faster attack execution during future tasks.
Example Output:
Pyrit 0.5.1 (C) 2008-2011 Lukas Lueg, 2011- Jürgen Kutscher
This code is distributed under the GNU General Public License v3+
Precomputed 350 Master Keys.
Use case 8: Read the Capture File and Crack the Password
Code:
pyrit -r path/to/file attack_db
Motivation: Actually cracking a captured WPA/WPA2 handshake is the culmination of efforts when using Pyrit, reflecting its primary purpose. This command allows users to attempt to decrypt the password of a network using the precomputed database.
Explanation:
The -r
flag points to the capture file containing the handshake data. The attack_db
subcommand utilizes the database of PSKs and Master Keys to attempt to find the correct password, closing the loop in the cracking process.
Example Output:
Pyrit 0.5.1 (C) 2008-2011 Lukas Lueg, 2011- Jürgen Kutscher
This code is distributed under the GNU General Public License v3+
Reading capture file 'example.cap'
Using ESSID 'MyNetwork'
Master Key found: 01:23:45:67:89:ab:cd:ef:gh:ij:kl:mn:op:qr:st
Conclusion:
Pyrit is an essential tool for those involved in testing the security of WPA/WPA2 networks. Its capability to leverage substantial computational power makes it exceptionally efficient. From benchmarking your system’s speed to executing a full-fledged password attack, these examples illustrate how Pyrit functions as a comprehensive suite for wireless network security assessment. Understanding each command and its application broadens one’s ability to navigate the challenges of network security confidently and effectively.