ZEROTHCODE

zerothcode blog

Tutorials

How to hack UPC wireless networks and other WLAN pt 1

hack: In these tutorials we will show you how to hack UPC wireless networks with the default password which is a common thing for many UPC customers. The first step is to create a password list that contains all possible combinations of 8 capital letters.

We will be using Maskprocessor in Kali Linux to create the password list.

Then we will be capturing a 4-way handshake with Airodump-ng by deauthentication of a connected client with Airplay-ng. The last step is to brute force the password using Aicrack-ng.

How to hack UPC wireless networks in 3 steps

Steps:

1: Creating the password list with Maskprocessor
2: Capturing the 4-way handshake with Airodump-ng
3: Brute forcing the password with Aircrack-ng

Creating the password list with Maskprocessor

We will use maskprocessor to generate the password lists piping each letter to a file so we could use multiple computers to speed up brute forcing the password. hack

maskprocessor A?u?u?u?u?u?u?u -o /usr/A.txt
maskprocessor B?u?u?u?u?u?u?u -o /usr/B.txt
maskprocessor C?u?u?u?u?u?u?u -o /usr/C.txt
etc…. Repeat for every letter in the alphabet.

The filesize for each document will be approximately 60 GB. You can use the following command to see how many different combinations each file will contain: hack

maskprocessor A?u?u?u?u?u?u?u –combinations

8.031.810.176 combinations…
* 26 letters
208.827.064.576 possible combinations

Step 2: Capturing the handshake with Airodump-ng (hack)

The next thing we have to do is capture the handshake with Airodump-ng. We will be using Airodump-ng first to select our target and retrieve it’s BSSID and channel the WiFi access point is broadcasting on.

Then we will use Aireplay-ng to de-authenticate a connected client to force a reconnect, which will give us the fourway handshake we need. Now let’s start Airodump-ng to find our target by using the following command:
airodump-ng mon0

Now pick your target’s BSSID and channel and restart Airodump-ng with the following command and look for a connected client:

airodump-ng –bssid [BSSID] -c [channel]-w [filepath to store .cap]wlan0mon

Open a new terminal and issue a deauthentication command for the connected client using Aireplay-ng.

aireplay-ng -0 2 -a [BSSID] -c [Client MAC] mon0

Deauthentication successful and the 4 way handshake is captured! hack
Aircrack-ng aireplay-ng

Step 3: Brute forcing the password with Aircrack-ng

Let’s do some maths first:
1x AMD hd7970 1000mhz core clock with oclHashcat v1.35 can do 142.000 combinations per second.

26^8 = 208,827,064,576 combinations
26^8 / 142,000 keys per second = 1470613 seconds
2,610,338 / 60 seconds = 24510 minutes
43,505 / 60 minutes = 408,5 hours
725 hours / 24 hours = 17 Days

50% chance of cracking the password in 8.5 days.

It takes 17 days to brute force a standard UPC password and hacks UPC wireless networks with a single average video card using oclHashcat.

In this video, we will be brute-forcing the file with Aircrack-ng and a processor which takes 100 times longer than brute-forcing the password with a GPU and oclHashcat.

Use the following command to brute-force the password with Aircrack-ng:

aircrack-ng -a 2 -b [Router BSSID] -w [Filepath to password list] [Filepath to .cap file]

Eventually, it will crack the password:

`

Lesson learned hack

Nowadays fast GPU’s are available for decent prices and are often the standard in consumer laptops and desktops, especially when they are build for multimedia and gaming.

With these powerful CPU’s and GPU’s the average home user has the power to crack passwords which are considered strong and safe by many end users.

Even though 17 days is too long for most to crack a Wifi password it is accessible if you really want to. If you add 3 more letters,

or even better, numbers or special characters like a ! or a $-sign it will be close to impossible to crack for an average home user.

 

You May Also Like to View

http://zerothcode.com/blog/zoom-caught-cybersecurity-need-know/