pyrit
pyrit Package Description
Pyrit allows you to create massive databases of pre-computed WPA/WPA2-PSK authentication phase in a space-time-tradeoff. By using the computational power of Multi-Core CPUs and other platforms through ATI-Stream,Nvidia CUDA and OpenCL, it is currently by far the most powerful attack against one of the world’s most used security-protocols.
Tools included in the pyrit package
pyrit – GPU-driven WPA/WPA2-PSK key cracker
root@kali:~# pyrit -h
Pyrit 0.5.1 (C) 2008-2011 Lukas Lueg - 2015 John Mora
https://github.com/JPaulMora/Pyrit
This code is distributed under the GNU General Public License v3+
Usage: pyrit [options] command
Recognized options:
-b : Filters AccessPoint by BSSID
-e : Filters AccessPoint by ESSID
-h : Print help for a certain command
-i : Filename for input ('-' is stdin)
-o : Filename for output ('-' is stdout)
-r : Packet capture source in pcap-format
-u : URL of the storage-system to use
--all-handshakes : Use all handshakes instead of the best one
--aes : Use AES
Recognized commands:
analyze : Analyze a packet-capture file
attack_batch : Attack a handshake with PMKs/passwords from the db
attack_cowpatty : Attack a handshake with PMKs from a cowpatty-file
attack_db : Attack a handshake with PMKs from the db
attack_passthrough : Attack a handshake with passwords from a file
batch : Batchprocess the database
benchmark : Determine performance of available cores
benchmark_long : Longer and more accurate version of benchmark (5 minutes)
check_db : Check the database for errors
create_essid : Create a new ESSID
delete_essid : Delete a ESSID from the database
eval : Count the available passwords and matching results
export_cowpatty : Export results to a new cowpatty file
export_hashdb : Export results to an airolib database
export_passwords : Export passwords to a file
help : Print general help
import_passwords : Import passwords from a file-like source
import_unique_passwords : Import unique passwords from a file-like source
list_cores : List available cores
list_essids : List all ESSIDs but don't count matching results
passthrough : Compute PMKs and write results to a file
relay : Relay a storage-url via RPC
selftest : Test hardware to ensure it computes correct results
serve : Serve local hardware to other Pyrit clients
strip : Strip packet-capture files to the relevant packets
stripLive : Capture relevant packets from a live capture-source
verify : Verify 10% of the results by recomputation
Pyrit 0.5.1 (C) 2008-2011 Lukas Lueg - 2015 John Mora
https://github.com/JPaulMora/Pyrit
This code is distributed under the GNU General Public License v3+
Usage: pyrit [options] command
Recognized options:
-b : Filters AccessPoint by BSSID
-e : Filters AccessPoint by ESSID
-h : Print help for a certain command
-i : Filename for input ('-' is stdin)
-o : Filename for output ('-' is stdout)
-r : Packet capture source in pcap-format
-u : URL of the storage-system to use
--all-handshakes : Use all handshakes instead of the best one
--aes : Use AES
Recognized commands:
analyze : Analyze a packet-capture file
attack_batch : Attack a handshake with PMKs/passwords from the db
attack_cowpatty : Attack a handshake with PMKs from a cowpatty-file
attack_db : Attack a handshake with PMKs from the db
attack_passthrough : Attack a handshake with passwords from a file
batch : Batchprocess the database
benchmark : Determine performance of available cores
benchmark_long : Longer and more accurate version of benchmark (5 minutes)
check_db : Check the database for errors
create_essid : Create a new ESSID
delete_essid : Delete a ESSID from the database
eval : Count the available passwords and matching results
export_cowpatty : Export results to a new cowpatty file
export_hashdb : Export results to an airolib database
export_passwords : Export passwords to a file
help : Print general help
import_passwords : Import passwords from a file-like source
import_unique_passwords : Import unique passwords from a file-like source
list_cores : List available cores
list_essids : List all ESSIDs but don't count matching results
passthrough : Compute PMKs and write results to a file
relay : Relay a storage-url via RPC
selftest : Test hardware to ensure it computes correct results
serve : Serve local hardware to other Pyrit clients
strip : Strip packet-capture files to the relevant packets
stripLive : Capture relevant packets from a live capture-source
verify : Verify 10% of the results by recomputation
pyrit Usage Examples
The benchmark option computes and displays your systems cracking speed.
root@kali:~# pyrit benchmark
Pyrit 0.5.1 (C) 2008-2011 Lukas Lueg - 2015 John Mora
https://github.com/JPaulMora/Pyrit
This code is distributed under the GNU General Public License v3+
Running benchmark (1353.0 PMKs/s)... /
Computed 1352.97 PMKs/s total.
#1: 'CPU-Core (SSE2/AES)': 464.7 PMKs/s (RTT 2.9)
#2: 'CPU-Core (SSE2/AES)': 91.4 PMKs/s (RTT 10.3)
#3: 'CPU-Core (SSE2/AES)': 742.3 PMKs/s (RTT 2.5)
#4: 'CPU-Core (SSE2/AES)': 498.4 PMKs/s (RTT 3.6)
Pyrit 0.5.1 (C) 2008-2011 Lukas Lueg - 2015 John Mora
https://github.com/JPaulMora/Pyrit
This code is distributed under the GNU General Public License v3+
Running benchmark (1353.0 PMKs/s)... /
Computed 1352.97 PMKs/s total.
#1: 'CPU-Core (SSE2/AES)': 464.7 PMKs/s (RTT 2.9)
#2: 'CPU-Core (SSE2/AES)': 91.4 PMKs/s (RTT 10.3)
#3: 'CPU-Core (SSE2/AES)': 742.3 PMKs/s (RTT 2.5)
#4: 'CPU-Core (SSE2/AES)': 498.4 PMKs/s (RTT 3.6)
Read a capture file (/usr/share/doc/aircrack-ng/examples/wpa2.eapol.cap) and analyze it.
root@kali:~# pyrit -r /usr/share/doc/aircrack-ng/examples/wpa2.eapol.cap analyze
Pyrit 0.5.1 (C) 2008-2011 Lukas Lueg - 2015 John Mora
https://github.com/JPaulMora/Pyrit
This code is distributed under the GNU General Public License v3+
Parsing file '/usr/share/doc/aircrack-ng/examples/wpa2.eapol.cap' (1/1)...
Parsed 5 packets (5 802.11-packets), got 1 AP(s)
#1: AccessPoint 00:14:6c:7e:40:80 ('Harkonen'):
#1: Station 00:13:46:fe:32:0c, 1 handshake(s):
#1: HMAC_SHA1_AES, good, spread 1
Pyrit 0.5.1 (C) 2008-2011 Lukas Lueg - 2015 John Mora
https://github.com/JPaulMora/Pyrit
This code is distributed under the GNU General Public License v3+
Parsing file '/usr/share/doc/aircrack-ng/examples/wpa2.eapol.cap' (1/1)...
Parsed 5 packets (5 802.11-packets), got 1 AP(s)
#1: AccessPoint 00:14:6c:7e:40:80 ('Harkonen'):
#1: Station 00:13:46:fe:32:0c, 1 handshake(s):
#1: HMAC_SHA1_AES, good, spread 1
Create an ESSID (create_essid), specifying the name found in the above analysis (-e Harkonen).
root@kali:~# pyrit -e Harkonen create_essid
Pyrit 0.5.1 (C) 2008-2011 Lukas Lueg - 2015 John Mora
https://github.com/JPaulMora/Pyrit
This code is distributed under the GNU General Public License v3+
Connecting to storage at 'file://'... connected.
Created ESSID 'Harkonen'
Pyrit 0.5.1 (C) 2008-2011 Lukas Lueg - 2015 John Mora
https://github.com/JPaulMora/Pyrit
This code is distributed under the GNU General Public License v3+
Connecting to storage at 'file://'... connected.
Created ESSID 'Harkonen'
Read a password file (-i /usr/share/wordlists/metasploit/password.lst) and import them into the database (import_passwords).
root@kali:~# pyrit -i /usr/share/wordlists/metasploit/password.lst import_passwords
Pyrit 0.5.1 (C) 2008-2011 Lukas Lueg - 2015 John Mora
https://github.com/JPaulMora/Pyrit
This code is distributed under the GNU General Public License v3+
Connecting to storage at 'file://'... connected.
88396 lines read. Flushing buffers....
All done.
Pyrit 0.5.1 (C) 2008-2011 Lukas Lueg - 2015 John Mora
https://github.com/JPaulMora/Pyrit
This code is distributed under the GNU General Public License v3+
Connecting to storage at 'file://'... connected.
88396 lines read. Flushing buffers....
All done.
Compute the PMKs using the ESSID and passwords
root@kali:~# pyrit batch
Pyrit 0.5.1 (C) 2008-2011 Lukas Lueg - 2015 John Mora
https://github.com/JPaulMora/Pyrit
This code is distributed under the GNU General Public License v3+
Connecting to storage at 'file://'... connected.
Working on ESSID 'Harkonen'
Processed all workunits for ESSID 'Harkonen'; 1756 PMKs per second.
Batchprocessing done.
Pyrit 0.5.1 (C) 2008-2011 Lukas Lueg - 2015 John Mora
https://github.com/JPaulMora/Pyrit
This code is distributed under the GNU General Public License v3+
Connecting to storage at 'file://'... connected.
Working on ESSID 'Harkonen'
Processed all workunits for ESSID 'Harkonen'; 1756 PMKs per second.
Batchprocessing done.
Read the capture file (-r /usr/share/doc/aircrack-ng/examples/wpa2.eapol.cap) and attempt to crack the password (attack_db).
root@kali:~# pyrit -r /usr/share/doc/aircrack-ng/examples/wpa2.eapol.cap attack_db
Pyrit 0.5.1 (C) 2008-2011 Lukas Lueg - 2015 John Mora
https://github.com/JPaulMora/Pyrit
This code is distributed under the GNU General Public License v3+
Connecting to storage at 'file://'... connected.
Parsing file '/usr/share/doc/aircrack-ng/examples/wpa2.eapol.cap' (1/1)...
Parsed 5 packets (5 802.11-packets), got 1 AP(s)
Picked AccessPoint 00:14:6c:7e:40:80 ('Harkonen') automatically.
Attacking handshake with Station 00:13:46:fe:32:0c...
Tried 15877 PMKs so far (33.2%); 9788764 PMKs per second.
The password is '12345678'.
Pyrit 0.5.1 (C) 2008-2011 Lukas Lueg - 2015 John Mora
https://github.com/JPaulMora/Pyrit
This code is distributed under the GNU General Public License v3+
Connecting to storage at 'file://'... connected.
Parsing file '/usr/share/doc/aircrack-ng/examples/wpa2.eapol.cap' (1/1)...
Parsed 5 packets (5 802.11-packets), got 1 AP(s)
Picked AccessPoint 00:14:6c:7e:40:80 ('Harkonen') automatically.
Attacking handshake with Station 00:13:46:fe:32:0c...
Tried 15877 PMKs so far (33.2%); 9788764 PMKs per second.
The password is '12345678'.
No comments