Using Pyrit for WPA/WPA2 Wi-Fi Security Cracking (with examples)

Using Pyrit for WPA/WPA2 Wi-Fi Security Cracking (with examples)

1: Display system cracking speed

The Pyrit command pyrit benchmark is used to display the system’s cracking speed. This is useful to determine the performance of the system and to make sure it has enough computational power for the cracking process.

Example code:

pyrit benchmark

Motivation: By checking the system cracking speed, users can ensure that their hardware and software configuration is capable of efficiently performing WPA/WPA2 cracking. This information is crucial for optimizing the cracking process and estimating time required for successful cracking.

Explanation: The command pyrit benchmark does not require any additional arguments. It assesses and reports the system’s performance in terms of keys per second (k/s) to give users an idea of how fast their system can attempt different cryptographic computations involved in the cracking process. This information can help users determine if their system is powerful enough to perform the required number of calculations within a reasonable time frame.

Example output:

Computed 84.45 PMKs/s total.
#1: 'CUDA-Device #1 'GeForce GTX 1080'': 95.2 PMKs/s (RTT 3.0)

In this example, the system is capable of computing 84.45 pairwise master keys per second (PMKs/s) in total. The output also shows the specific device on the system (GeForce GTX 1080) and its corresponding performance (95.2 PMKs/s) along with the round trip time (RTT) of 3.0 seconds.

2: List available cores

The Pyrit command pyrit list_cores is used to list the available cores in the system. This can be helpful in identifying the number of parallel cores available for cracking, which can significantly speed up the cracking process.

Example code:

pyrit list_cores

Motivation: It is important to know the available cores in the system to optimize the cracking process and leverage parallel computing capabilities. By using all available cores efficiently, users can significantly reduce the time required to crack WPA/WPA2 security.

Explanation: The pyrit list_cores command provides information about the available cores in the system that can be used for parallel processing during the cracking process. It displays the number of available CPU cores and also provides information about the GPUs (Graphic Processing Units) that can be leveraged if present in the system.

Example output:

Cores:
#1: 'CPU-Core #1'
#2: 'CPU-Core #2'
#3: 'CPU-Core #3'
#4: 'CPU-Core #4'

GPUs:
#1: 'CUDA-Device #1 'GeForce GTX 1080''

The output shows four CPU cores available for parallel processing, labeled as “CPU-Core #1” to “CPU-Core #4”. Additionally, it also displays the presence of a GPU (“GeForce GTX 1080”) that can be utilized for faster cracking.

3: Set [e]SSID

The Pyrit command pyrit -e "ESSID" create_essid is used to set the extended SSID (ESSID) for the current database. The ESSID is a unique identifier assigned to a wireless network.

Example code:

pyrit -e "MyNetwork" create_essid

Motivation: By setting the ESSID, users can specify the wireless network that will be used for the cracking process. This is especially useful when users have multiple networks with different security settings in their vicinity.

Explanation: The -e option is used to specify the ESSID value, which is enclosed in double quotes. In this example, the ESSID is set to “MyNetwork”. The create_essid command is used to create an ESSID entry in the current Pyrit database, so that all subsequent operations are performed on this network.

Example output:

Added ESSID 'MyNetwork' with ID 1 to the current Pyrit database.

The output confirms that the ESSID ‘MyNetwork’ has been successfully added to the Pyrit database, and it has been assigned an ID of 1.

4: [r]ead and analyze a specific packet capture file

The Pyrit command pyrit -r path/to/file.cap|path/to/file.pcap analyze is used to read and analyze a specific packet capture file. This allows users to extract relevant information from the captured data and prepare it for the cracking process.

Example code:

pyrit -r mycapture.cap analyze

Motivation: By analyzing a packet capture file, users can gather important information about the captured wireless network, such as MAC addresses, ESSIDs, and encrypted handshakes. This information is necessary for performing successful WPA/WPA2 cracking.

Explanation: The -r option is used to specify the path to the packet capture file that needs to be analyzed. In this example, the file “mycapture.cap” is analyzed. The analyze command processes the specified capture file and extracts relevant information that can be used for subsequent cracking operations.

Example output:

Analyzing file 'mycapture.cap' (1/1)...
Parsing.......Finished!

Parsed 100 packets (100 802.11-packets), imported 1 packets (1 802.11-packets), got 1 handshake(s).

The output indicates that the specified capture file has been successfully analyzed. It shows the total number of packets parsed, imported, and the number of successfully obtained handshakes. This information is essential for ensuring that the captured data is valid and sufficient for the cracking process.

5: Read and [i]mport passwords to the current database

The Pyrit command pyrit -i path/to/file import_unique_passwords|unique_passwords|import_passwords is used to read and import passwords to the current Pyrit database. This allows users to include known or previously cracked passwords in the database for improved cracking efficiency.

Example code:

pyrit -i passwords.txt import_unique_passwords

Motivation: By importing known passwords or previously cracked passwords into the Pyrit database, users can improve the overall efficiency of the cracking process. This ensures that the cracking algorithm prioritizes these passwords, potentially reducing the time required to crack the WPA/WPA2 security.

Explanation: The -i option is used to specify the path to the file containing the passwords that need to be imported. In this example, the file “passwords.txt” is imported. The import_unique_passwords command is used to import only the unique passwords from the file, ensuring that no duplicates are entered in the database.

Example output:

Importing 5 unique passwords from file 'passwords.txt' to the current Pyrit database.

The output confirms that the specified passwords have been successfully imported from the file and added to the Pyrit database. It also mentions the number of unique passwords that were imported.

6: Exp[o]rt passwords from database to a specific file

The Pyrit command pyrit -o path/to/file export_passwords is used to export passwords from the Pyrit database to a specific file. This enables users to save and share the cracking results or use them for further analysis.

Example code:

pyrit -o recovered_passwords.txt export_passwords

Motivation: Exporting the cracked passwords to a file allows users to preserve the cracking results, store them securely, or share them with others. It facilitates better record keeping and enables further analysis of the cracked network security.

Explanation: The -o option is used to specify the path to the file where the exported passwords should be saved. In this example, the file “recovered_passwords.txt” is used. The export_passwords command extracts the cracked passwords from the Pyrit database and writes them to the specified file.

Example output:

Exported 10 passwords from the current Pyrit database to file 'recovered_passwords.txt'.

The output confirms that the specified number of passwords (10 in this example) has been successfully exported from the Pyrit database and saved to the specified file.

7: Translate passwords with Pired Master Keys

The Pyrit command pyrit batch is used to translate passwords with Pired Master Keys. This feature helps users to convert plaintext passwords into their corresponding Pyrit Master Key representation, which is used during the cracking process.

Example code:

pyrit batch

Motivation: Translating passwords with Pyrit Master Keys allows users to convert a large number of passwords at once. This can be useful when users have a list of plaintext passwords that need to be converted into Pyrit Master Key format for efficient comparison with captured handshakes.

Explanation: The batch command does not require any additional arguments. It reads passwords from standard input or from a file and outputs the corresponding Pyrit Master Keys for those passwords.

Example output:

ExamplePassword1: d74ae00dd5dbd5b9013e17c6b638c56e4e8d38511d1768a7a361abcc09250518
ExamplePassword2: cd4fe044c84fd75fc8125cb100aa18fcdc2c80c4c029a976b8a770fb9f03fb44
...

The output shows the translation of the example passwords “ExamplePassword1” and “ExamplePassword2” into their respective Pyrit Master Key representations. Each password is followed by a colon (:) and its corresponding Pyrit Master Key, represented as a hexadecimal string. This output can be further processed or saved for future reference or analysis.

8: [r]ead the capture file and crack the password

The Pyrit command pyrit -r path/to/file attack_db is used to read a specific capture file and initiate the cracking process. This combines the analysis of the capture file with the actual passphrase cracking, leveraging the captured data to recover the Wi-Fi network password.

Example code:

pyrit -r mycapture.cap attack_db

Motivation: By reading the capture file and initiating the password cracking process, users can attempt to recover the Wi-Fi network password based on the captured handshake data. This command combines the steps of analyzing the capture file and initiating the cracking process into a single command.

Explanation: The -r option is used to specify the path to the capture file that needs to be analyzed. In this example, the file “mycapture.cap” is used. The attack_db command starts the password cracking process using the captured handshake data and any other relevant information extracted during the analysis phase.

Example output:

Attacking handshake in capture file 'mycapture.cap'...

Index                       | ESSID                 | KEY
----------------------------------------------------------------
00:11:22:33:44:55 (0.33)    | MyNetwork             | ThePassword

The output indicates that the cracking process is in progress. It displays the identified ESSID (“MyNetwork”) and the recovered Wi-Fi network password (“ThePassword”) associated with the captured handshake. This output confirms the successful recovery of the network password from the provided capture file.

Related Posts

How to use the command 'influx' (with examples)

How to use the command 'influx' (with examples)

The ‘influx’ command is a command-line client for InfluxDB, a time series database.

Read More
How to use the command `kubectl replace` (with examples)

How to use the command `kubectl replace` (with examples)

kubectl replace is a command-line tool used in Kubernetes to replace a resource by file or stdin.

Read More
How to Use the Command diskonaut (with examples)

How to Use the Command diskonaut (with examples)

Diskonaut is a terminal disk space navigator written in Rust. It provides a visual representation of the disk usage of a directory and its subdirectories.

Read More