- #HOW TO GET A WIFI PASSWORD USING CROSB SOFTWARE#
- #HOW TO GET A WIFI PASSWORD USING CROSB PASSWORD#
- #HOW TO GET A WIFI PASSWORD USING CROSB SERIES#
- #HOW TO GET A WIFI PASSWORD USING CROSB MAC#
Within seconds both "secretpassword" and "tobeornottobe" were cracked.
#HOW TO GET A WIFI PASSWORD USING CROSB PASSWORD#
I then uploaded the pcap files to CloudCracker, a software-as-a-service website that charges $17 to check a WiFi password against about 604 million possible words.
#HOW TO GET A WIFI PASSWORD USING CROSB MAC#
My Mac never showed any sign it had lost connectivity with the access points. In less than 90 seconds I had possession of the handshakes for the two networks in a " pcap" (that's short for packet capture) file. The nice thing about Silica is that it allowed me to pull off the hack with a single click of my mouse. Indeed, using freely available programs like Aircrack-ng to send deauth frames and capture the handshake isn't difficult.
#HOW TO GET A WIFI PASSWORD USING CROSB SOFTWARE#
Using the Silica wireless hacking tool sold by penetration-testing software provider Immunity for $2,500 a year, I had no trouble capturing a handshake established between a Netgear WGR617 wireless router and my MacBook Pro. Devices that encounter a deauth frame will promptly rejoin an affected network.
#HOW TO GET A WIFI PASSWORD USING CROSB SERIES#
It's easy to get around, however, by transmitting what's known as a deauth frame, which is a series of deauthorization packets an AP sends to client devices prior to it rebooting or shutting down. This requirement may sound like a steep hurdle, since people often stay connected to some wireless networks around the clock. To capture a valid handshake, a targeted network must be monitored while an authorized device is validating itself to the access point. With less than two hours practice, I was able to do just that and crack the dummy passwords "secretpassword" and "tobeornottobe" I had chosen to protect my test networks. But there's nothing stopping a hacker from capturing the packets that are transmitted during the process and then seeing if a given password will complete the transaction. This handshake takes place behind a cryptographic veil that can't be pierced. The first step was capturing what is known as the four-way handshake, which is the cryptographic process a computer uses to validate itself to a wireless access point and vice versa. I started this project by setting up two networks with hopelessly insecure passphrases. That's not to say wireless password cracks can't be accomplished with ease, as I learned firsthand.
WPA and WPA2 also use a network's SSID as salt, ensuring that hackers can't effectively use precomputed tables to crack the code. What's more, WPA and WPA2 passwords require a minimum of eight characters, eliminating the possibility that users will pick shorter passphrases that could be brute forced in more manageable timeframes. By using the PBKDF2 key derivation function along with 4,096 iterations of SHA1 cryptographic hashing algorithm, attacks that took minutes to run against the recent LinkedIn and eHarmony password dumps of June would require days or even weeks or months to complete against the WiFi encryption scheme. WPA and WPA2 use an extremely robust password-storage regimen that significantly slows the speed of automated cracking programs. What I found wasn't encouraging.įirst, the good news. I was curious how easy it would be to crack these passcodes using the advanced hardware menus and techniques that have become readily available over the past five years. In theory, these protections prevent hackers and other unauthorized people from accessing wireless networks or even viewing traffic sent over them, but only when end users choose strong passwords.
If they're like the ones within range of my office, most of them are protected by the WiFi Protected Access or WiFi Protected Access 2 security protocols. Take, for example, the hundreds of millions of WiFi networks in use all over the world.
Lose control of the wrong password and it may only be a matter of time until the rest of our digital assets fall, too. After all, passwords are the keys that secure Web-based bank accounts, sensitive e-mail services, and virtually every other facet of our online life. Last week's feature explaining why passwords are under assault like never before touched a nerve with many Ars readers, and with good reason.