Password cracking for WiFi networks is one of the hacking activities that most interest beginner researchers, cybersecurity experts and sporadic users alike and, although it is possible to find information about it online, sometimes this is unclear and may not be aimed at the right audience.

That is why the experts of the cybersecurity course of the International Institute of Cyber Security (IICS) how to complete these tasks relatively easily and in just a few steps. To do this, we will use the utility known as coWPAtty, which simplifies and accelerates conventional dictionary attacks.

Before continuing, we remind you as usual that this article was prepared for informational purposes only and should not be taken as a call to action. IICS is not responsible for the misuse that may occur to the information contained herein.

Step 1: Find coWPAtty

The utility is included by default in the Kali Linux software package, although it is not in the /pentest/wireless directory. According to the experts of the cybersecurity course, the application resides in the /usr/local/bin folder, which we will open below.

Let’s run the following code:

cd /usr/local/bin

Since the utility is in the /usr/local/bin directory, it can be launched from any folder on Kali Linux.

Step 2: Use the coWPAtty help screen

For a brief description of the available options, the cybersecurity course experts recommend only typing the following command:

cowpatty

Then, Kali Linux will display a small help screen. Remember that coWPAtty requires some data to work properly:

• Word list
• File with password hashing
• Access point SSID to hack

Step 3: Switch the wireless adapter to monitor mode

Like other hacking tools, coWPAtty requires changing the WiFi adapter to monitor mode to get the password, mention the experts of the cybersecurity course.

Let’s run the following code:

airmon-ng start wlan0

Step 4: Create a file to intercept

Next, we need to create a file to store the password intercepted during the 4-way handshake. To do this, we will use the following code:

airodump-ng --bssid 00: 25: 9C: 97: 4F: 48 -c 9 -w cowpatty mon0

The above command will dump the selected access point (00:25:9C:97:4F:48), the specified channel (-c 9) and save the hash in a file called cowcrack, say the experts of the cybersecurity course.

Step 5: Handshake Interception

Now we just have to wait for someone to connect to the compromised access point, which will allow us to intercept the hashing. Cybersecurity course experts recommend using Airodump-ng to receive a notification when someone connects to the target network.

Step 6: Run the utility

After getting the password with hashing, we can use coWPAtty along with our word list to get the decrypted key.

Let’s run the following code:

cowpatty -f /pentest/passwords/wordlists/darkc0de.lst -r /root/cowcrack-01.cap -s Mandela2

The screenshot above shows how coWPAtty generates a hash for each word in our list with the SSID and compares it to the intercepted hash. Once the hash matches, the utility will display the access point password on the screen.

Step 7: Create your own hash

Typically, coWPAtty uses a list of words provided by the user and calculates the hash of each based on the specified SSID, although this task consumes a large amount of processor resources, mention the experts of the cybersecurity course.

Luckily, now the utility has support for working with a ready-to-use hash file, which makes WPA2-PSK password cracking more efficient by more than 1000%. These files are generated using 172,000 dictionary files and 1,000 of the most popular SSIDs. Remember that if your SSID is not included in this list, the feature will not help us. In this case, we must generate our own hash list from the SSID of the access point used.

Let’s use the following code:

genpmk -f /pentest/passwords/wordlists/darkc0de.lst -d hashes -s Mandela2

Step 8: Using your own hash

After generating a list of hashes for a specific SSID, we can start cracking the password by running the following command:

cowpatty -d hashfile -r dumpfile -s ssid

Although not the only utility of its kind, coWPAtty is one of the best options for WiFi password cracking as it is easy to use and does not require advanced hacking knowledge.

To learn more about information security risks, malware variants, vulnerabilities and information technologies, feel free to access the International Institute of Cyber Security (IICS) websites.

The post How to hack WPA2-PSK WiFi passwords easily with just 10 commands using this tool appeared first on Information Security Newspaper | Hacking News.

1. The tool also allows you to exclude words from the dictionary, which you have already used in the attack so as to avoid repetitions.
2. There is a “lyric pass” module which allows you to include phrases and lyrics of artists in the dictionary.
3. This tool interactively asks questions about the target of the target under attack and then creates a wordlist by replacing letters from the words given to it with symbols and numbers.

Steps to follow

Let’s talk about the tool now. This is called bopscrk, written in python and available at  https://github.com/r3nt0n/bopscrk

• To install on Kali Linux, type in the terminal:

git clone https://github.com/r3nt0n/bopscrk.git

• Then go to the directory with bopscrk and run the script:

python3 bopscrk.py -i

• After we answer the questions of the system, set the following parameters offered to our attention:

• -Minimum length – 8.
• -Maximum length – 16.
• -Name – Vladimir.
• -Surname – Yagodichkin.
• -Date of birth – December 20, 1987.
• -Additional words associated with the target, separated by commas – honda, zenit, warcraft.
• -Set the parameters for replacing letters with numbers, as well as the substitution of special characters at the beginning and end of the password – we answer “y”.
• -How many words we go to combine – indicate 2.
• -The name of the artist whose lyrics we want to add – let’s skip, more on that below.
• -Exclude words from another dictionary – here we can indicate the path to the dictionary – skip.
• -Select the file with the result, by default tmp.txt in the current directory – leave it as it is.

The output is 260449 possible password values

• Let’s view the contents of the file in the nano editor

• We can use the specified file to attack

• Now we will consider the most interesting function, namely the use of phrases from the lyrics of artists’ songs, for this we will re-enter

python3 bopscrk.py -i

• We skip all the suggested values, except for the minimum and maximum length – put 20 characters each (for clarity) and stop at “Artist names to search song lyrics (comma-separated)”, in the specified line, enter, for example, 2pac (known killed benchmark). 

• We see that the instrument has found 1244 songs of the specified artist and starts working with them.

• As a result, we get the result, of course it is better to mix with special characters and numbers

Conclusion

So we saw on how we can generate wordlist using song lyrics, which can be great fun for you.

The post Create wordlist from artist lyrics appeared first on Information Security Newspaper | Hacking News.

For launching twofi

• Type twofi in linux terminal as shown below:-

• Before using twofi you must have an twitter developer’s account and the twitter api key
  • If twofi is not installed, for downloading twofi type:
  • git clone https://github.com/digininja/twofi
• The config file for twofi is /etc/twofi/twofi.yml as shown below:

==============OUTPUT SNIP===============

• Now we have to mention twitter API key and secret in this twofi.yml file.
• For creating the api keys go to https://apps.twitter.com and create twitter developer account.
• Enter key which you have created from twitter developer account in twofi.yml.

• After saving API key, it will view something like this below:

For security reasons the keys has marked red. The above key is only for testing purposes.

• Now type: twofi -c -u hack as shown below.

• In the above screenshot, the list can be used in creating the wordlist for attacking on any account in twitter and other bruteforce attacks.

Ethical hacking researcher of international institute of cyber security has found that hackers use these kinds of tools to create wordlist for breaking passwords and other attacks.

The post Create wordlist from Twitter using Twofi appeared first on Information Security Newspaper | Hacking News.