I read this article recently on how this guy hacked his neighbours WIFI access point relatively easy. After that I wondered how easy it would be to crack my own WIFI network because my password wasn’t all that complex. In fact, it even has some dictionary words in it. So I got me a copy of BackTrack 5, got up to speed on hacking tools like airdump-ng, aircrack-ng, John the Ripper (love that name) and started cracking.
Here’s what I learned:
- Getting enough data from a WPA encrypted WIFI access point to start hacking on far away from the crime scene takes only a few minutes if you know what you’re doing.
- To get access to your WIFI network interface you need to run BackTrack on the bare metal. Running it as a virtualized guest OS in VMWare doesn’t expose your WIFI interface as WIFI. Booting the OS from a USB disk did the trick for me.
- Don’t save files in /tmp/ on Ubuntu if you plan to reboot. They will get wiped when you reboot. *facepalm*
- John The Ripper and aircrack-ng exist for Windows as well. Hacking away with the native versions seriously increases your hack attempts per second (800 vs 2700 on my machine) instead of running them on a virtual box. I know this is obvious because you’re running on the native OS, but I just assumed those tools where Linux only at first. Silly me.
- John the ripper has its brute force limit set to 8 characters at compile time. That means that it’s a bit harder to get hacked if you have a 9 character password because you have to recompile or use the external modes. I ended up using the external modes.
- Brute forcing a WPA packet for a 9 character password takes ages. Literally! It ran for hours and it didn’t even get close to finishing. At 2700 attempts per second with a 9 character password combining numbers, upper- & lower-case characters it would take about 872 years to find all possible combinations. If you use a 100 laptops like mine simultaneous (Intel i7 2Ghz) that is. Ouch.
- There’s a bunch of word lists out there containing commonly used passwords. If your password is in one of those lists, chances are it will be found in no-time (2700 passwords per second remember). So it’s a good thing to make that password as random as possible.
The free lists you find online are supposed to be of lesser quality. If you’re willing to shelve out a few bucks however, you can get bigger and high quality lists. Still this proves that having a good randomized password is pretty important.
My WIFI password is harder to crack than I thought. Yet I’m going to change it to something more random because those dictionary words are not in the current frequently used password lists right now, but it could end up in there in the near future. For all I know it’s already in some password list I didn’t see.