Crack WPA and WPA Passwords BackTrack 5 r3
Crack WPA and WPA Passwords BackTrack 5 r3
Home Privacy Policy Terms of Service Sitemap Write for Us! Contact Us
HOME VIDEOS HACK WIFI DOWNLOADS GENERAL SECURITY
CONTACT US
WIRELESS DOMINATION
Home > Hack WiFi > How to Crack WPA2 and WPA WiFi Password – Search the site
Step by step!
Search
How to Crack WPA2 and WPA
WiFi Password – Step by step!
Hack WiFi 27 Comments
A COMPLETE GUIDE
This tutorial will show you how to crack WPA2 and WPA secured wireless
networks. Please note that this is not the Reaver attack.
If you want to crack WPA/WPA2 using Reaver then read this post. The
process is done by airmon-ng suite. Many steps are same for WEP cracking
and WPA/WPA2 as well.
For this you will require all the basic things like a computer, spare time, etc.
But important things are as follows:
BackTrack OS. Backtrack is a bootable Linux distribution with lots of Popular Comment Tags
pen-testing tools and is almost needed for all my tutorials. So, if you
have not installed it please read this article on how to install it. How to Crack
A compatible wireless network adapter. If you are live booting WPA2 and WPA
BackTrack then the internal adapter will work but I recommend an WiFi Password –
external wireless adapter. Step by step!
1
Press Enter and there you should see a list of interface names of different
devices. There should be a wireless device in that list you you have
connected it to BackTrack. Probably it may be wlan0 or wlan1.
airmon-ng start wlan0
This code will create a new monitor mode interface mon0 like in the
screenshot below which you want to keep note of.
Search the BSSID and channel of the Access Point (router) you want to
crack. Now let us find the information. For this type the following and
press Enter
airodump-ng mon0
Then you will see a list of Wireless Networks available around you and
please keep note of the BSSID and channel of the ESSID (wireless
network) you want to crack. Please note that the less the number is in the
PWR column the close you are to the router; example mine is (-42) which
means i am quite near to the router. When you find it hit CTrl+C to stop it
scanning and enter the following:
airodump-ng --bssid (AP BSSID address) -c
(chaneel no) -w (file name you want to save
with) (monitor interface
airodump-ng --bssid 54:E6:FC:E0:AC:FC -c 1 -w
WPAcrack mon0
Now, its time to capture a 4-way handshake so that we can use it to get the
plain password of the network. Here is a little tricky part, if there is a client
connected to the network then there will a mac address listed in the “station
column” like in the screenshot below and if not then you will have to wait
for someone to connect it to get 4-way handshake.You will get the
handshake if anyone tries to connect to that network.
aireplay-ng -a (BSSID of the network) -c (MAC
address of the client) -0 20 (for deauntheticate
"20" for no of packets to send) (monitor
interface)
You can send any no of packets but few packets would be enough. In the
image I have send 0 packets which is unlimited but it is better you send few
packets and only and if you don’t get the handshake you can hit Ctrl+C to
stop the process and redo it again.
aireplay-ng -a 54:E6:FC:E0:AC:FC -c
9C:4E:36:4E:F5:F0 -0 20 mon0
Now it will send deauthentication packet and if you are close to the network
and if everything goes right then he will get disconnected and will try to
connect again and we will get the 4-way handshake file in the top right
corner of the airodump screen as shown below. But, the client should also
be physically close to your wireless adapter network range so that it can
deaunthecate them.
Now its time to crack the 4-way handshake which is little difficult to do.
There are lots of ways to do it but I will show you the simple one.
First let us see where is our saved .cap(4-way handshake) file so please enter
the following :
ls
It will show you the list of files in your Desktop. The screen would look like
this.
Now, lets bruteforce the .cap file using aircrack-ng. You will need a
Dictionary or word list file to get it work. There are few of them already in
the BackTrack but you can download more. Aircrack simply tries to match
the word from the dictionary to the .cap file and if matched then it will
show the password but if the word is not in the dictionary then it will fail.
We are using the darkc0de.lst password list which can be found in
“/pentest/passwords/worldlists/darkc0de.lst” of BackTrack. Enter the
following command
aircrack-ng -w (location of the password list)
(cap file *.cap)
In my case,
aircrack-ng -w
/pentest/passwords/worldlists/darkc0de.lst"
WPA2crack-01.cap
Depending upon the speed of your CPU and the size of the password file it
could take a lot of time. The -01 is automatically added by the BackTrack
and everything is case sensitive. After executing this command the screen
will look like this.
If the key is found then it will say, “KEY FOUND!” like in the screenshot
below and if not it will say, The pass-phrase is not in the Dictionary or
something like this. So, if it is not found then you can try to bruteforce it by
trying every combination of word which will take lots of time. I will teach
the other methods soon like brute forcing .cap by using Graphics card and
so on. So, stay tuned.
NOTE: It is not guaranteed that you will get the 4-way handshake. It
depends upon various factors. But the main thing is that the physical
distance between your wireless adapter, the access point and the client
should be close to work for it.
Precautions:
Do not put the password that are in the dictionary. Use combination of
alphabets, letters and symbols too
In your router setting you can hide your ESSID (the name of your
wireless network)
In your router there will probably be a mac-address filtering service
where you can specify the mac addresses that are allowed to connect to
your router and no other will be able to connect to it but it is a little
irritating if any of your guests wants to connect to your Wifi.
Related Posts