Use hashcat to crack WPA2 PSK (Pre-Shared Key) passwords!
The goal of this project is to automate the process of capturing packets on a WPA2 protected wireless network, and crack their PSK (pre-shared keys). We know that WPA3 is coming, but most didn't know that WPA2 was as susceptible to being broken as it is with this recently released Hashcat method.
EXAMPLE: to install all software requirements in Debian Linux, Ubuntu Linux, or Kali Linux:
sudo apt-get -y install libcurl4-openssl-dev libssl-dev zlib1g-dev libpcap-dev libgmp3-dev
TODO: include package list for other Linux distros. LMK if you figure any out!
Supported adapters (strict)
USB ID 148f:7601 Ralink Technology, Corp. MT7601U Wireless Adapter
USB ID 148f:3070 Ralink Technology, Corp. RT2870/RT3070 Wireless Adapter
USB ID 148f:5370 Ralink Technology, Corp. RT5370 Wireless Adapter
USB ID 0bda:8187 Realtek Semiconductor Corp. RTL8187 Wireless Adapter
USB ID 0bda:8189 Realtek Semiconductor Corp. RTL8187B Wireless 802.11g 54Mbps Network Adapter
For development and testing, I used the Ralink RT5370 USB wireless plugged into my Mac Book Air (6,1) laptop. The output from lusb
is:
$ lsusb | grep Ralink
Bus 001 Device 039: ID 148f:5370 Ralink Technology, Corp. RT5370 Wireless Adapter
hashcat-legacy
uses the CPU to try and crack hashes, but that code is over 3 years old, and is going to be far too slow to crack what we're capturing here. I might provide it as an option, but it's really more of a POC that you could used in canned environments with very simple passwords. To really get the ball rolling you can should use hashcat
with the OpenCL headers (we pull those down as part of the build), and that requires a system with a compatible GPU.TODO: give examples of how this works, with specfic drivers
After resolving the requirements and understanding the gotchas:
./wpa2own
NOTICE (8/14/2018) currently, once the scan is complete, your output file is saved in the out/
dir, ready to run against hashcat
on a system with GPU processors. I'm working to get this bit automated so it will scp
the file to a GPU enabled rig, run it there and give you the results. This is a WIP, working to have complete by next week!
This software is for educational purposes, in order to learn about vulnurable systems to better be able to protect yourself. I'm a big believer in ethical hacking, so do not use this software to break any laws. Don't misuse this script, or information gathered from it to gain unauthorised access to any networks or hardware. Also, be aware, performing hack attempts without permission on computers that you do not own is illegal.
TODO flesh this out, make it more official, looking to eff.org for help here