For anyone wanting to practice with an MCU, my friends and I wrote a Wi-Fi hacking CTF game called the ChickenManGame, which is the world's most famous (and only) Wi-Fi hacking CTF game based on the ESP8266. If you want to try out our scenario more easily, you can use an ultra-cheap ESP8266 microcontroller programmed in Arduino to both create a Wi-Fi network to hack and generate handshakes at the same time.
Don't Miss: Buy the Best Wireless Network Adapter for Wi-Fi Hacking.
To follow along, you'll need at a minimum a Kali-compatible wireless network adapter, a Wi-Fi network you know the password to, a device like a smartphone to join the network to create handshakes, and a computer running Kali Linux. While we'll step this up by loading some passwords into the database first, the most basic method of password cracking with Pyrit is incredibly simple to use. Pyrit attacks all EAPOL-handshakes at the same time if Pyrit -r test.pcap -b 00:de:ad:be:ef:00 \ Password is written to the filename given by the option Is picked automatically if both options are omitted. e can be used to specify the Access-Point to attack it attack_passthroughĪttack an EAPOL-handshake found in the packet-captureįile(s) given by the option -r using the passwords readįrom the file given by the option -i. Without adding passwords to the Pyrit database directly, the most basic attack we can run with Pyrit is the attack_passthrough option, summarized by manual description. Powerful attack against one of the world's most used security-proto‐ WPA/WPA2-PSK authentication phase in a space-time tradeoff. Pyrit exploits the computational power of many-core- and GPGPU-plat‐įorms to create massive databases, pre-computing part of the Pyrit - A GPGPU-driven WPA/WPA2-PSK key cracker In Kali Linux, we can see the description of the tool by typing man pyrit in a terminal window. After we import passwords to the database, we can start cracking them with the attack_batch option. To prevent duplicates, the import_unique_passwords command can also strip out passwords that appear multiple times in the same file we're trying to import. Pyrit also has several features to import multiple password lists into a large database. And then there's the verify option that lets Pyrit confirm results via recomputation. One helpful tool is the strip command, which strips down long capture files to only include relevant packets.
Pyrit has many tools that are useful for hackers and pentesters besides just cracking passwords, and today, we'll use a few of those tools to help us play a capture-the-flag Wi-Fi hacking game.