WPA/WPA2 Cracking with GPU in AWS

DISCLAIMER: The information provided on this post is to be used for educational purposes only. The website creator is in no way responsible for any misuse of the information provided. All of the information in this website is meant to help the reader develop a hacker defence attitude in order to prevent the attacks discussed. In no way should you use the information to cause any kind of damage directly or indirectly. You implement the information given at your own risk.

In this post we are going to realise how practical it is to perform a brute force attack on a WPA or WPA2 captured handshake. A couple of years ago WPA/WPA2 considered secure but with the current power and cost of cloud computing anyone with slightest interest can setup a super fast server for brute force attempts with very cheap price (as low as $0.6 per hour!).

I am going to walk through my experiment and share the details and results with you. There are dozens of tutorials for this out there but this is just my own little experiment.

Brute forcing a WPA or WPA2 password begins with capturing the 4way handshake of the target WiFi. I am not going to go there as you can find a lot of solutions for that! I can only mention Kali toolbox which provides you the tools. So we will assume you got the WPA 4way handshake in handshake.cap file.

Continue reading

Alternative Python installation in EC2

There are case that we can not just upgrade the python to match applications requirement. EC2 instance uses Python 2.7 and I needed to use Python 3.4. Upgrading the Python might cause unexpected effects on Amazon scripts so I decided to have two Pythons without any conflict.

To start, download the desired version. Enter the directory and follow these commands:

./configure --prefix=/usr/local --enable-shared LDFLAGS="-Wl,-rpath /usr/local/lib"
make altinstall
/usr/local/bin/python3.4 -V

Installing Perforce Client API for Python

Just for reference this is how I make P4Python API work with Python 3.4

wget http://cdist2.perforce.com/perforce/r14.2/bin.tools/p4python.tgz
wget http://cdist2.perforce.com/perforce/r14.2/bin.linux26x86_64/p4api.tgz

sudo yum install gcc
sudo yum install gcc-c++
sudo yum install python-devel
python setup.py install –apidir /home/ec2-user/p4api-2014.2.978861/

Exporting Zotoro to excel

Zotoro, a reference management software, like most of reference management tools has a compatibility problem of exporting content to a non-reference style (like excel style).

I used some python code to do this, but before getting to python you need to manually export all the collections in Zotoro to “Refer/BibIX” format; which will create a txt file containing references. Create a directory and move all files there.

This script accept the directory path as input:

#! /usr/bin/env python

import sys
import os

directory = sys.argv[1]

if len(sys.argv) < 1:
	sys.exit('Usage: ./zotoro.py directory')

if not os.path.exists(directory): 
	exit('Directory not found!.\nUsage: ./zotoro.py directory')

files = os.listdir(directory)

for theFile in files:
	with open(directory+'/'+theFile) as infile:
		for line in infile:
			txt += line

myMap = [('%0 ', ''), ('%T ', '\t'), ('%V ', '\t'), ('%N ', '\t'), ('%P ', '\t'), ('%U ', '\t'),
('%J ', '\t'), ('%A ', '\t'), ('%D ', '\t'), ('%X ', '\t'), ('%K ', '\t'), ('%B ', '\t'),
('\r\n\t', '\t'), ('\r\n\r\n','***'), ('\r\n',''), ('***','\r\n')]

for k, v in myMap:
	txt = txt.replace(k, v)

f = open(directory+'/output.xls','w')

exit("now you can open the output.xls with excel")

Well, I know there are some problems with this code such as tags that are not included and may mess up the position of the field in excel column.
Even though this code is just for demonstration of the idea, I am currently working on fully functional code to convert Zotoro (Refer/BibIX) to excel format ASAP.

Finding APK package/activity name

During my research I had a problem of finding the package and activity name of the android APK file. Googling only results to tons of messed up solution which usually didnt work.

In this post I am sharing a piece of code I wrote in Python to analyse the result of android aapt tool (*well I am a Python freak so you are going to feel Python in this blog!):

def get_package_activity_name(apk_address):
	command = "aapt dump badging %s" %apk_address
	aapt_result = subprocess.Popen(command, stdout=subprocess.PIPE, shell=True).communicate()[0]
	lines = aapt_result.split("\n")
	myDic = {}
	for line in lines:
		if len(splitedline)==2:
	package = myDic['package'].split("'")[1]
	activity = myDic['launchable-activity'].split("'")[1].split(".")[-1]
return package, activity

I hope you can use this code or the idea of how to use aapt for obtaining package and main activity names.