WPA2 HalfHandshake Crack 1.0

Capture enough of a handshake with a user from a fake AP to crack a WPA2 network without 4way

Watchers:
This resource is being watched by 278 members.
  1. Mr. Penguin
    Conventional WPA2 attacks work by listening for a handshake between client and Access Point. This full fourway handshake is then used in a dictonary attack. This tool is a Proof of Concept to show it is not necessary to have the Access Point present. A person can simply listen for WPA2 probes from any client withen range, and then throw up an Access Point with that SSID. Though the authentication will fail, there is enough information in the failed handshake to run a dictionary attack against the failed handshake.

    Installation
    Code:
    Select All
    sudo python setup.py install
    Sample Code
    Code:
    Select All
    $ python halfHandshake.py -r sampleHalfHandshake.cap -m 48d224f0d128 -s "no place like 127.0.0.1"
    Command Flags
    • -r Where to read input pcap file with half handshake (works with full handshakes too)
    • -m AP mac address (From the 'fake' access point that was used during the capture)
    • -s AP SSID
    • -d (optional) Where to read dictionary from
    Capture Half Handshakes
    Code:
    Select All
    sudo airmon-ng start wlan0 sudo airodump-ng mon0
    You should begin to see device probes with BSSID set as (not associated) appearing at the bottom. If WPA2 SSIDs pop up for these probes, these devices can be targeted
    Setup a WPA2 wifi network with an SSID the same as the desired device probe. The passphrase can be anything

    In ubuntu this can be done here
    http://ubuntuhandbook.org/index.php/2014/09/3-ways-create-wifi-hotspot-ubuntu/
    Capture traffic on this interface.

    In linux this can be achived with TCPdump
    Code:
    Select All
    sudo tcpdump -i wlan0 -s 65535 -w file.cap
    (optional) Deauthenticate clients from nearby WiFi networks to increase probes

    If there are not enough unassociated clients, the aircrack suite can be used to deauthenticate clients off nearby networks http://www.aircrack-ng.org/doku.php?id=deauthentication
  • About Us

    We are a community mixed with professionals and beginners with an interest in wireless security, auditing and pentesting. Feel free to check out and upload resources.


    You can also find us on: Twitter and Facebook

  • Donate to Us

    Did you find our forums useful? Feel free to donate Bitcoin to us using the form below. Those who donate the equivlent of $10 USD or more will be upgraded to VIP membership. Don't have Bitcoin? Use your credit card to GO VIP here. Don't want to fork out some coin? There are other ways to GO VIP. Bitcoin: 1LMTGSoTyJWXuy2mQkHfgMzD7ez74x1Z8K