WPA Password Dictionary - Used to crack Wifi passwords.
Current size: 2GB Total number of passwords: 340 million
The user establishes a connection with the router through a password handshake packet containing hash encryption to confirm the identity. Then if you get the handshake packet, you can get the hash value of the password. Then by running a dictionary and comparing the hash value, you can get the plaintext of the password.
Install using macport
sudo port install aircrack-ngMacBook comes with a wifi tool: Airport
-
First, disconnect from wifi
-
Check surrounding wifi
/System/Library/PrivateFrameworks/Apple80211.framework/Versions/Current/Resources/airport -s- Check the wireless network card device of this machine
ifconfigPS: The default network card of MacOS is en0. If there is no external network card, use en0.
- Capture packet
Airport can use the network card's listening mode to capture surrounding wireless network data packets. Among them, the most important data packet to us is: the packet containing the password - also called the handshake packet. When a new user or disconnected user automatically connects to wifi, a handshake packet will be sent. One attack method is reinjecting packet, which can force the wireless router to restart so that the handshake packet can be obtained when the user automatically connects. If there are many wireless router users, you can wait quietly.
sudo /System/Library/PrivateFrameworks/Apple80211.framework/Versions/Current/Resources/airport en0 sniff 6en0is the wireless network card device6is the CHANNEL to crack the wifi.
- Wait for the user to connect to wifi and get the handshake package.
Wait to obtain the handshake packet. The longer the packet capture time, the greater the chance of obtaining the handshake packet.
- Stop capturing packets
^CCaptured packets are saved in /tmp
- Crack wifi password
After obtaining the handshake package, we still need to crack the encrypted password.
A good password dictionary should include common weak passwords, mobile phone numbers, name and birthday combinations, passwords leaked by major websites, English words, etc. If it cannot be cracked using a dictionary, it means that the password is quite complex; brute force exhaustion is even more time-consuming and laborious. (On the importance of complex passwords).
PS: Various password dictionaries are available in the Github repository.
sudo aircrack-ng -w password.txt -b c8:3a:35:30:3e:c8 /tmp/-w:Specify dictionary file-b:Specify the wifi BSSID to be cracked
- Crack results
KET FOUND! [ ******* ] means the password was successfully cracked. [] contains the cracked password.
Otherwise, change a password dictionary and try again.