Crack Cap File Without Dictionary Definitions

Posted on |

[YB]This article is an excerpt from my in which I talk about hacking WiFi enabled devices with rogue access points, war driving, custom captive portals and splash page, multiple access points from a single NIC and much more.Click here to download the sample copy[/YB]

The Scientist Careers, science jobs, science careers, postdoctorial, fellowship, faculty, genetics,nanotechnology, life science career, best resource, biotechnology. A file with the CAP file extension is most likely a Packet Capture file created by packet sniffing programs. This kind of CAP file holds raw data collected by the sniffing program so that it can be analyzed at a later time or with a different program. Some CAP files might instead be Construct Game Development files.

In this chapter we will cover:

  • Intro to WPA2
  • What is Dictionary attack ?
  • Capturing WPA2 handshake
  • Aireplay-ng
  • Cracking
  • Conclusion

In the previous chapter we learned

Which left us with an obvious question, How to secure it ? use WPA2-PSK.

WPA2-PSK, WiFi Protected Access – Pre Shared Key, is by far one of the most secure and unbroken wireless security encryption at this moment. There is no encryption flaw yet reported by security researchers for WPA2, so that a malicious hacker can easily take advantage of and easily decrypt packets.

Encryption might be the most secured and unbroken at this point, but WPA2 system is still pretty vulnerable to the hackers.

Unlike WEP, WPA2 uses a 4-way handshake as an authentication process. In which the key is never transmitted over the network but used to encrypt/decrypt the data packets across the network. That allows a hacker to just capture the handshake and perform the attack without Live capturing data packets as we did while cracking WEP.

[YB]Checkout my new store for Best WiFi adapters for Hacking, Best-selling Pentesting Books and Best WiFi Boosters: Rootsh3ll rStore[/YB]

Just like the broadcast packets we saw in the previous chapter using wireshark, the 4-way handshake is also in plain text. Which allows a potential hacker to capture the plaintext information like

  • Access point MAC address
  • Client MAC address
  • ESSID – AP Name

Information above is used by the hacker to perform a dictionary attack on the captured 4-way handshake (PCAP File). Let’s see

  • What is a dictionary attack ?
  • How to perform dictionary attack on WPA2-PSK

What is a dictionary attack ?

Hashing is one of the keys used in the security field professional to protect the users from the malicious attackers.

Hash is simply a cryptographic function that converts a data or file of an arbitrary length or size to a fixed length, which is considered practically impossible to invert or reversed, as no key is involved in the process.

A Hash is always unique

In a dictionary attack,

  1. We create/use a wordlist (text file of possible passwords)
  2. Take a word at a moment from the wordlist
  3. Create its hash using the Hash function, PBKDF2 for WPA2
  4. Compare the output value with the existing hash.
  5. If value matches, password taken from the wordlist is the correct password

Above steps are involved in the WPA2 passphrase cracking process.

Let’s begin,

Step 1: Start monitor mode

  • sudo airmon-ng start wlan1 #Start monitor mode

Final output should look like this:

Step 2: Start capture, airodump-ng

We will now start airodump-ng to sniff the air and wait until the desired AP and corresponding client are displayed.

  • airodump-ng wlan1mon

As you can see in the above image, “rootsh3ll” is the victim AP . We will now note the information highlighted

  • AP (ESSID): rootsh3ll
  • AP MAC (BSSID): 64:66:B3:6E:B0:8A
  • Client MAC: 30:A8:DB:C6:88:13
  • Channel: 11

Hit CTRL-C, and kill airodump-ng.

Now, we will start airodump-ng exclusively to capture packets associated with “rootsh3ll” and save the 4-way handshake in a PCAP file, say rootsh3ll

Step 3: Start airodump-ng exclusively

  • airodump-ng –bssid 64:66:B3:6E:B0:8A -c 11 wlan1mon -w rootsh3ll

Here “rootsh3ll” is the output filename provided to the -w parameter

Step 4: Disconnect the client with aireplay-ng.

Now, are two ways for capturing the handshake,

  • Wait for a client to connect.
  • Disconnect the already connected client.

First option seems to be slow, time taking. Whether in our case, option 2 is just perfect as we have a client connected to the wireless AP “rootsh3ll”.

How does that work ? we use a utility from the aircrack-ng suite named aireplay-ng which allows us to craft and send a disconnect request to the desired AP with the information we noted down earlier.

We are actually abusing a legitimate Windows(or any other OS) feature. Which forces the wireless card to re connect to the AP when available.

In the second option we are actually making sure that option 1 happens, so that we can capture the handshake.

  1. Client disconnects when receives the disconnect packet.
  2. Reconnect to the AP
  3. 4-way handshake between AP and client
  4. Hacker captures the 4-way handshake

let’s disconnect the client now,

Open a new Terminal window and type:

  • aireplay-ng –deauth 5 -a 64:66:B3:6E:B0:8A wlan1mon

parameters applied:

–deauth 5: 5 deauth requests broadcasted with BSSID “rootsh3ll”, 0 for endless

-a: parameter to tell aireplay-ng the BSSID

wlan1mon: monitor mode interface

Crack

Step 5: Capture the handshake

Meanwhile in the terminal window of airodump-ng, you would notice the top of the output. which says

  • WPA Handshake: 64:66:B3:6E:B0:8A

Which simply means that the WPA handshake has been capture for the specific BSSID, which is the AP MAC of rootsh3ll.

Hit CTRL-C, as the handshake has been captured, we will now crack the password using the captured handshake

Step 6: How does a Handshake looks like? Open Wireshark (Optional)

This step is optional, you can open the PCAP file(rootsh3ll-01.cap) in Wireshark for manual inspection, or to see how does a handshake looks like.

Type in terminal wireshark [.cap file], which in our case is

  • wireshark rootsh3ll-01.cap
  • Type “eapol” in the filter field, press [ENTER]

You would notice the last column, “Info” is showing a message no. from 1 to 4.

This is the 4 way handshake happened during the capture. It is like AP and Client are talking to each other. Notice the Source and Destination tab.

moving on to the next step,

Step 7: Cracking

Here’s an ugly truth

WPA2 password cracking is not deterministic like WEP, because it is based on a dictionary of possible words and we do not know whether the passphrase is in the dictionary or not. So you are never sure whether a specific dictionary will just work or not.

For this tutorial I have beautifully crafted a wordlist, just to demonstrate how the output of the cracked password would look like. Command and the wordlist looks like this:

Here I have directly saved the password in the wordlist to demonstrate how the output would look like, your will be different, obviously.

let’s fire up aircrack-ng and crack the key

Type in terminal, aircrack-ng [.cap file] -w [wordlist], which in our case looks like

  • aircrack-ng rootsh3ll-01.cap -w dict

and aircrack-ng has cracked the password in one go.

This is quite odd to see the cracked passphrase for the first time, right ?

Here’s a sample output of the running process, yours would look like the same during the cracking process.

Countermeasures

Use a strong password to stay safe,

Example: Myp@sword8@#, is a strong password

As it has

  • No order in plain English language
  • 13 Character password, very secured
  • Alpha-numeric and special characters in one makes a very strong password.
  • Upper and Lower-case characters.
  • No pattern
  • Not a mobile number, as mobile numbers can be easily guessed.

Or you can just keep a password with some special characters, a word that isn’t a pattern or a dictionary word.

That will also be good and secured.

Conclusion

We learned the process involved in WPA cracking.

Here is a list of commands we went through the capture and the cracking process

That’s all for WPA2 for now, Hope you enjoyed through the chapter.

In next chapter we will learn how to crack WPS, and why WPS ?

Faced issues in between ? feel free to ask in the comment section. I would love to answer them all.

What if you have an old password-protected PDF file whose password you do not remember any longer? What if you need to access the file urgently? No need to worry as there are a few ways to decrypt the PDF file and bypass the password. In this article we will discuss various methods to remove security password from the PDF files.

Method 1: Google Chrome to Crack PDF Password

You can use Google Chrome to remove the password from PDF. But, this method will only work if you already know the password. If you do not know the password, skip to the next method in this article. Chrome comes packed with a native PDF reader and does not require any additional plugin. You can open the password protected file in Chrome browser and then save it on your hard disk sans the password. Here are the simple steps:

1. Open Chrome browser on your computer.

2. Locate the PDF file you wish to crack the password from on your hard disk.

3. Drag and drop the file onto the Chrome Window.

Crack Cap File Without Dictionary Definitions For Kids

4. Chrome will now begin to render the file. Enter the PDF file password when prompted by Chrome. You should now be able to see the file within the Chrome Window

5. Press CTRL + P (if you are using Windows PC. If you are using Mac, press CMD + P) to bring up the print menu.

6. On the left pane, under ‘Destination' press ‘Change' button.

7. Choose ‘Save as PDF' as the new destination on the popup Window.

This will be it! The new file will be saved on your hard drive and it will be without any password protection.

Method 2: The Best Solution to Crack Password from PDF Document - Dr.PDF

As we know there are two kinds of password that can be used on PDF file, Owner password and user password. Many online PDF password breaker service will only help you break owner password. But not crack open password, we highly recommend using iSeePassword Dr.PDF which is one of the best password break tool you will find. It helps you break PDF passwords as well as any other restrictions. Whether the PDF file has the owner password or master password, this incredible program will take care of all.

Just download the trail and try to crack PDF security password all by yourself. Easy, and safe, never damage to your original PDF data.

Part 1 Crack Open Password from PDF File

Download and install PDF Password Cracker on a computer. After you download the program on your computer, install and run it, then you will see the main interface like blow.

Here we will use the first option to recover open password. Click 'Add File' button to import your PDF document. Then you will be asked to select a type of attack, do not be intimidated! This is just for recover your file password instead of damaging your data.

You can choose between Brute Force Attack, Mask Attack, Dictionary Attack. We recommend you choosing Mask Attack because it can improve the chance of finding your password. Click the settings button to make parameters.

Once your finish the parameters then click Start button, then waiting! It may take a little longer if the password is file is actually a lot more complicated.

Once the password is found, you will get a messages with Congratulation word. Then you can now use the found password to open your PDF document without any issue.

Crack Cap File Without Dictionary Definitions Grammar

Part 1 Crack Owner Password from PDF File to Edit, Modify or Print

Open the Dr.PDF again and choose the second option.

Click the Add File button to import PDF files. You're allowed to add up to 200 file a time. Even though the program still shows consistency in play and never crashed. There are two ways to saved the exported PDF files, one is save the target PDF on the source folder. It means you can save the PDF on the folder where the source file are. You can also specify an output folder for the exported PDF files.

NOTE: You're allowed to clear the imported PDF lists by clicking Remove button on the top toolbar.

Start to Break PDF Password Now! After you imported the PDF files and specify the output folder, just click the Start button to begin the breaking process. If there is a lock icon appearing on the PDF item bar, it means the imported PDF file is protected by open user,then you will be asked to type the Open password in the pop up window.

Method 3: Use One of the Free Online Tools to Crack PDF Password

If you don't know the password of the PDF file, Method 1 will not work. Thankfully, there are several online tools that let you crack the password of various types of PDF files. Some of these tools also allow you to select multiple files at a time. This saves you effort and time. But, there are some serious drawbacks of using the free online tools. First of all, most such free tools restrict password crack to PDF files of certain size. For instance, you may not be able to crack the password if the file size exceeds 100 MB. You also need high speed internet connection to process multiple files.

You can check these online PDF password cracker sites:

1. http://freemypdf.com/

2. https://www.pdfunlock.com/

3. https://foxyutils.com/unlockpdf/

FreeMyPDF.com

PDF Unlock

FoxyUtils UnlockPDF

Conversion Method

 Need online access Need online access Need online access

File Size

 150MB 5MB 30MB

Type of files

 All files Owner-Restricted files only All files

Formatting

 Preserved Some formatting may not be preserved Preserved

Difficulty

 Easy-to-use Easy-to-use Easy-to-use

Cost

 Free Free Free

One of the biggest challenges is that you cannot always trust these tools. There are some sites that end up sneaking in the malicious programs to your computer. That's certainly not what you want.

If you are still using the free online tools, here are the generic steps to crack the PDF password:

1. Open the web browser on your computer and visit the website which you intend to use to crack PDF password.

2. Click the button 'Select Files' or 'Open Files' (the button label may vary across sites). The 'Open' dialogue box should appear.

3. Select the PDF file (or files) from which you wish to remove the password.

4. Click 'Open' button at the bottom and wait for the website to complete the process.

If you are lucky, the website will process all the files successfully. However, more often than not, you may encounter an error message. These websites are not very effective. So, what is the solution? Look at the method 3.

When you receive a password-protected PDF file in email, the file text is unsearchable. Also, you may have an old file whose password you may have forgotten. In both the cases, you can use the methods outlined above to crack the password.


pm / Posted by Vicky Tiffany to Windows 7