본문 바로가기

Programming/Python Program

WIFI 비밀번호 알아내기 with python | Cracking WIFI PASSWORD with brute force on python



Wifi를 크래킹 하는 도구들은 상당히 많다. 그러나 대부분 유닉스(또는 리눅스) 명령어를 충분히 숙지하여야 이해하는데 무리가 없을 것이다. 이번에는 아주~ 간단(?)히 파이썬을 이용하여 WIFI(무선인터넷) 패스워드를 찾아보려고 한다. 단순 무식한 방법인 brute force 를 이용해서 말이다. brute force는 쉽게 말하면 단순하게 모든 패스워드를 입력해보고 아니면 다음 패스워드, 그래도 아니면 또 다른 패스워드....... 이렇게 일련의 패스워드들을 프로그램이 자동으로 하나씩 대입하여 찾아내는 방법이라고 보면 된다. 각설하고 아래는 저의 컴퓨터 환경(맥을 사용합니다)에서 주변(카페)에서 찾을 수 있는 무선 인터넷을 찾고, 패스워드를 brute force해 보도록 하겠습니다.

위는 전체코드이며 파이썬 3에서 작성한 것입니다. test_wifi_pw.txt 라는 파일안에 일련의 패스워드들이 들어 있습니다.

실행을 하면 주변에서 잡히는 WIFI SSID 리스트를 보여줍니다. 여기에서 접속을 시도할 하나의 SSID를 넣어주겠습니다.

초록색으로 보이는 olleh_GiGA_WiFi_3777 SSID 를 넣어주겠습니다.

그럼 프로그램이 test_wifi_pw.txt 안에 있는 패스워드를 하나씩 넣어보고 아니면 그 다음으로 넘어가고 있습니다. 마지막에 패스워드를 찾았군요. 물론 이 패스워드는 미리 알고 있었기에 17번의 시도만에 찾은 것입니다. 임의의 SSID 라고 한다면 운에 따라 짧은 시간에 찾을수도 있겠으나, 10자리가 넘어가는 패스워드라면 어마어마한 시간이 소요될 수도 있습니다. 앞서 말씀드린대로 단순무식(!!!)한 방법의 brute force 이기 때문입니다.

다른 방법을 학습하고 싶으시다면 아래에 소개된 키워드로 검색하고 찾아보면 도움이 될 것입니다.



- REFERENCE BELOW - 

http://resources.infosecinstitute.com/20-popular-wireless-hacking-tools-updated-for-2016/#gref

1. Aircrack

Aircrack is the most popular and widely-known wireless password cracking tool. It is used as 802.11 WEP and WPA-PSK keys cracking tool around the globe. It first captures packets of the network and then try to recover password of the network by analyzing packets. It also implements standard FMS attacks with some optimizations to recover or crack password of the network. optimizations include KoreK attacks and PTW attack to make the attack much faster than other WEP password cracking tools. This tool is powerful and used most widely across the world. This is the reason I am adding it at the top of the list.

It offers console interface. If you find this tool hard to use, you can try the available online tutorials. Company behind this tool also offers online tutorial to let you learn by yourself.

Download: http://www.aircrack-ng.org/

2. AirSnort

AirSnort is another popular wireless LAN password cracking tool. It can crack WEP keys of Wi-Fi802.11b network. This tool basically operates by passively monitoring transmissions and then computing the encryption key when enough packets have been gathered. This tool is freely available for Linux and Windows platform. It is also simple to use. The tool has not been updated for around three years, but it seems that company behind this tool is now interested in further development. This tool is also directly involved in WEP cracking and hence used widely.

Download AirSnort: http://sourceforge.net/projects/airsnort/

3. Kismet

Kismet is another Wi-Fi 802.11 a/b/g/n layer 2 wireless network sniffer and intrusion detection system. This tool is basically used in Wi-Fi troubleshooting. It works fine with any Wi-Fi card supporting rfmon mode. It is available for Windows, Linux, OS X and BSD platforms. This tool passively collects packets to identify standard network and also detects the hidden networks. Built on a client server modular architecture, this tool can sniff 802.11b, 802.11a, 802.11g, and 802.11n traffic. It is an open source tool and supports recent faster wireless standards.

Download Kismet: http://www.kismetwireless.net/download.shtml

4. Cain & Able

Cain & Able is another popular tool used for cracking wireless network passwords. This tool was developed to intercept the network traffic and then use the brute forcing to discover the passwords. This is why this tool helps a lot while finding the password of wireless network by analyzing the routing protocols. This tool can also be used to crack other kind of passwords. It is one of the most popular password cracking tools.

This tool is not just for WEP cracking but various other features are also there. It is basically used for Windows password cracking. This is the reason this tool is so popular among users.

Download Cain & Able: http://www.oxid.it/cain.html

5. WireShark

WireShark is a very popular tool in networking. It is the network protocol analyzer tool which lets you check different things in your office or home network. You can live capture packets and analyze packets to find various things related to network by checking the data at the micro-level. This tool is available for Windows, Linux, OS X, Solaris, FreeBSD and other platforms.

If you are thinking to try this tool, I recommend you to first read about networking and protocols. WireShark requires good knowledge of network protocols to analyze the data obtained with the tool. If you do not have good knowledge of that, you may not find this tool interesting. So, try only if you are sure about your protocol knowledge.

Wireshark does is one of the most popular tool in networking and this is why it was included in this list in higher position.

Download Wireshark: https://www.wireshark.org/

6. Fern WiFi Wireless Cracker

Fern WiFi Wireless Cracker is another nice tool which helps with network security. It lets you see real-time network traffic and identify hosts. Basically this tool was developed to find flaws in computer networks and fixes the detected flaws. It is available for Apple, Windows and Linux platforms.

it is able to crack and recover WEP/WPA/WPS keys easily. It can also run other network based attacks on wireless or Ethernet based networks. For cracking WPA/WPA2, it uses WPS based on dictionary based attacks. For WEP cracking, it uses Fragmentation, Chop-Chop, Caffe-Latte, Hirte, ARP Request Replay or WPS attack.

This tool is in active development. SO, you can expect timely update with new features. Pro version of the tool is also available which offers much features.

Download Fern WiFi Wireless cracker: http://www.fern-pro.com/downloads.php

7. CoWPAtty

CoWPAtty is another nice wireless password cracking tool. It is an automated dictionary attack tool for WPA-PSK to crack the passwords. It runs on Linux OS and offers a less interesting command line interface to work with. It runs on a word-list containing thousands of password to use in the attack. If the password is in the password’s word-list, this tool will surely crack the password. But this tool is slow and speed depends on the word list and password’s strength. Another reason for slow process is that the hash uses SHA1 with a seed of SSID. It means the same password will have a different SSIM. So, you cannot simply use the rainbow table against all access points. So, the tool uses the password dictionary and generates the hash for each word contained in the dictionary by using the SSID. This tool is simple to use with available commands.

With the newer version of the tool CoWPAtty tried to improve the speed by using a pre-computed hash file to avoid the computation at the time of cracking. This pre-computed file contains around 172000 dictionary file for around 1000 most popular SSIDs. But for successful attack, your SSID must be in that list. If your SSID is not in those 1000, you are unlucky. Still, you can try this tool to see how it works.

Download CoWPAtty: http://sourceforge.net/projects/cowpatty/

8. Airjack

Airjack is a Wi-Fi 802.11 packet injection tool. It is used to perform DOS attack and MIM attack. This wireless cracking tool is very useful in injecting forged packets and making a network down by denial of service attack. This tool can also be used for a man in the middle attack in the network. This tool is popular and powerful both.

Download AirJack: http://sourceforge.net/projects/airjack/

9. WepAttack

WepAttack is another working open source Linux tool for breaking 802.11 WEP keys. Like few other tools in the list, this tool also performs an active dictionary attack. It tests millions of words from its dictionary to find the working key for the network. Only a working WLAN card is required to work with WepAttack to perform the attack. Limited usability but works awesome on supported WLAN cards.

Download WepAttack: http://wepattack.sourceforge.net/

10. NetStumbler

NetStumbler is another wireless password cracking tool available only for Windows platform. It helps in finding open wireless access points. This tool is freely available. Basically NetStumbler is used for wardriving, verifying network configurations, finding locations with a poor network, detecting unauthorized access points, and more.

This tool is not very effective now. Main reason is that last stable release of the tool was back in April 2004 around 11 years ago. So, it does not work with 64-bit Windows OS. It can also be easily detected with most of the wireless intrusion detection systems available. So, you can use this tool for learning purpose on home network to see how it works.

A trimmed down version dubbed as ‘MiniStumbler’ of the tool is also available. This tool is too old but it still works fine on supported systems. So, I included it in this list.

Download NetStumbler: http://www.stumbler.net/

11. inSSIDer

inSSIDer is one of the most popular Wi-Fi scanner for Microsoft Windows and OS X platforms. This tool was released under open source license and also awarded as “Best Open Source Software in Networking”. Later it became premium tool and now costs $19.99. The inSSIDer Wi-Fi scanner can do various tasks, including finding open Wi-Fi access points, tracking signal strength, and saving logs with GPS records. Basically this tool is used by network administrators to find the issues in the wireless networks

Download inSSIDer: http://www.inssider.com/

12. Wifiphisher

Wifiphisher is another nice hacking tool to get password of a wireless network. This tool can execute fast automated phishing attack against a Wi-Fi wireless network to steal passwords. This tool comes pre-installed on Kali Linux. It is free to use and is available for Windows, MAC and Linux.

Download and read more about WiFiphisher:
https://github.com/sophron/wifiphisher

13. KisMac

KisMac is tool very much similar to Kismet, we added in the list above. It offers features similar to Kismet and is used as wireless network discovery hacking tool. As the name suggests, this tool is only available for Mac. It scans for networks passively only on supported wireless cards and then try to crack WEP and WPA keys by using brute force or exploiting any flaw.

Download KisMac:
http://kismac-ng.org/

14. Reaver

Reaver is an open-source tool for performing brute force attack against WPS to recover WPA/WPA2 pass keys. This tool is hosted on Google Code and may disappear soon if developer has not migrated it to another platform. It was last updated around 4 years ago. Similar to other tools, this tool can be a good alternate to other tools in the list which use same attack method.

Download Reaver:
https://code.google.com/p/reaver-wps/downloads/list

15. Wifite

Wifite is also a nice tool which supports cracking WPS encrypted networks via reaver. It works on Linux based operating systems. It offers various nice features related to password cracking.

Download Wifite: https://github.com/derv82/wifite

We have a complete article on Wifite. Read wifite walkthrough.

16. WepDecrypt

WepDecrypt is another wireless LAN tool written in C language. This tool can guess the WEP keys by performing dictionary attack, distributed network attack, key generator and some other methods. This tool needs few libraries to work. You can read more details on the download page. Tool is not so popular but it is good for beginners to see how dictionary attack works.

Download and read more about WepDecrypt:
http://wepdecrypt.sourceforge.net/wepdecrypt-manual.html

17. OmniPeek

OmniPeek is a packet sniffer and network packets analyzer tool. This tool is only available for Windows platform and is available for commercial use only. It also requires you to have good knowledge of network protocols and understanding of network packets. It works with most of the network interface cards available in market. With available plugins, this tool can become more powerful. Around 40 plugins are already available to extend the functions of this tool.

Download OmniPeek: http://www.wildpackets.com/products/distributed_network_analysis/omnipeek_network_analyzer

18. CloudCracker

CloudCracker is an online password cracking tool to crack WPA keys of Wireless network. This tool can also be used to crack various other kind of password hashes. You only need to upload the handshake file and enter the network name to start the attack. With 3000 million words long dictionary, this tool is most likely to crack the password. This tool is also used for MD5, SHA and few other cracking. It is also an effective tool and worth to mention if we talk about wireless cracking tools.

See CloudCracker: https://www.cloudcracker.com/

19. CommonView for Wi-Fi

CommonView for Wi-Fi is also a popular wireless network monitor and packer analyzer tool. It comes with easy to understand and use GUI to work with. This tool is basically for Wi-Fi network admins and security professionals who want to monitor and troubleshoot network related problems. It works fine with Wi-Fi 802.11 a/b/g/n/ac networks. It captures every single packet and lets you see useful information of the network. You can also get useful information like protocol distribution, access points, signal strength and more. This tool offers key information about a network and has a good value for network admins.

Download CommonView: http://www.tamos.com/products/commwifi/

20. Pyrit

Pyrit is also a very good tool which lets you perform attack on IEEE 802.11 WPA/WPA2-PSK authentication. This tool is available for free and is hosted on Google Code. SO, it could be disappearing in coming months. It works on range of platforms including FreeBSD, MacOS X and Linux.

It performs brute-force attack to crack the WPA/WPA-2 passwords. It is very effective and I recommend you to try it once. Due to its effectiveness, it was necessary to mention this tool in this list.

Download Pyrit:
https://code.google.com/p/pyrit/