0% found this document useful (0 votes)
100 views13 pages

Crack WPA and WPA Passwords BackTrack 5 r3

This document provides a step-by-step guide to cracking WPA2 and WPA WiFi passwords. It explains what is needed, including BackTrack Linux, a compatible wireless adapter, and information about the target network like the BSSID and channel. It describes using airodump-ng to capture the handshake needed to crack the password, and potentially forcing a reconnect by deauthenticating a connected client to obtain the handshake. Once the handshake file is captured, the final step is to crack it to recover the WiFi password.

Uploaded by

f775354
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
0% found this document useful (0 votes)
100 views13 pages

Crack WPA and WPA Passwords BackTrack 5 r3

This document provides a step-by-step guide to cracking WPA2 and WPA WiFi passwords. It explains what is needed, including BackTrack Linux, a compatible wireless adapter, and information about the target network like the BSSID and channel. It describes using airodump-ng to capture the handshake needed to crack the password, and potentially forcing a reconnect by deauthenticating a connected client to obtain the handshake. Once the handshake file is captured, the final step is to crack it to recover the WiFi password.

Uploaded by

f775354
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 13

Crack WPA and WPA Passwords

Home Privacy Policy Terms of Service Sitemap Write for Us! Contact Us
HOME VIDEOS HACK WIFI  DOWNLOADS GENERAL SECURITY 

CONTACT US
WIRELESS DOMINATION

 Home > Hack WiFi > How to Crack WPA2 and WPA WiFi Password – Search the site
Step by step!

Search
How to Crack WPA2 and WPA
WiFi Password – Step by step!
 Hack WiFi  27 Comments

A COMPLETE GUIDE
This tutorial will show you how to crack WPA2 and WPA secured wireless 
networks. Please note that this is not the Reaver attack.

If you want to crack WPA/WPA2 using Reaver then read this post. The
process is done by airmon-ng suite. Many steps are same for WEP cracking
and WPA/WPA2 as well.

NOTE: This tutorial is for Educational Purposes Only!

http://www.wirelessdomination.com/how-to-crack-wpa2-and-wpa-wifi-password-step-by-step-guide/[2/10/2016 10:58:23 PM]


Crack WPA and WPA Passwords

What You’ll Need

For this you will require all the basic things like a computer, spare time, etc.
But important things are as follows:

BackTrack OS. Backtrack is a bootable Linux distribution with lots of Popular Comment Tags
pen-testing tools and is almost needed for all my tutorials. So, if you
have not installed it please read this article on how to install it. How to Crack
A compatible wireless network adapter. If you are live booting WPA2 and WPA
BackTrack then the internal adapter will work but I recommend an WiFi Password –
external wireless adapter. Step by step!

Let’s Get Started How to Crack


WPA2 WiFi
Step 1:Boot into BackTrack Password Using
Reaver (99%)
You can use any method to boot into backtrack; like from live cd, VMware,
dual boot, etc. So, just boot it first into the GUI mode and open up a new How to Install
console(command line) which is in the taskbar. BackTrack 5 R3 in
VMWare – Step by
Step 2: Gather Information Step Guide!
Next »
Before launching the attack you need to know about your wireless network
interface name, make your wireless card is in monitor mode. Then get the
BSSID ( it is the series of unique letters and number of a particular router)
of the access point. So let us do all these things.
LIKE US!
First lets find your wireless card. Inside terminal or console, type:
Hack Wifi
15,928

airmon-ng

1
Press Enter and there you should see a list of interface names of different
devices. There should be a wireless device in that list you you have
connected it to BackTrack. Probably it may be wlan0 or wlan1.

hack WPA2 and WPA WiFi password

Enable monitor mode. Supposing your wireless card interface name as


wlan0, type this command in that same console.

http://www.wirelessdomination.com/how-to-crack-wpa2-and-wpa-wifi-password-step-by-step-guide/[2/10/2016 10:58:23 PM]


Crack WPA and WPA Passwords


airmon-ng start wlan0

This code will create a new monitor mode interface mon0 like in the
screenshot below which you want to keep note of.

hack WPA2 and WPA WiFi password

Search the BSSID and channel of the Access Point (router) you want to
crack. Now let us find the information. For this type the following and
press Enter


airodump-ng mon0

hack WPA2 and WPA WiFi password

Then you will see a list of Wireless Networks available around you and
please keep note of the BSSID and channel of the ESSID (wireless
network) you want to crack. Please note that the less the number is in the
PWR column the close you are to the router; example mine is (-42) which

http://www.wirelessdomination.com/how-to-crack-wpa2-and-wpa-wifi-password-step-by-step-guide/[2/10/2016 10:58:23 PM]


Crack WPA and WPA Passwords

means i am quite near to the router. When you find it hit CTrl+C to stop it
scanning and enter the following:


airodump-ng --bssid (AP BSSID address) -c
(chaneel no) -w (file name you want to save
with) (monitor interface

So, in my case it will be


airodump-ng --bssid 54:E6:FC:E0:AC:FC -c 1 -w
WPAcrack mon0

Then the screen will look like this:

hack WPA2 and WPA WiFi password

hack WPA2 and WPA WiFi password

Step 3: Let’s Get Cracking

Now, its time to capture a 4-way handshake so that we can use it to get the
plain password of the network. Here is a little tricky part, if there is a client
connected to the network then there will a mac address listed in the “station
column” like in the screenshot below and if not then you will have to wait
for someone to connect it to get 4-way handshake.You will get the
handshake if anyone tries to connect to that network.

But, if there is someone is connected on the network then you can


deauthenticate him so that he will try to reconnect and you will be able to
get the handshake. To deauthenticate him enter the following code in new
console. But, before take note of the Mac Address of the station.

http://www.wirelessdomination.com/how-to-crack-wpa2-and-wpa-wifi-password-step-by-step-guide/[2/10/2016 10:58:23 PM]


Crack WPA and WPA Passwords


aireplay-ng -a (BSSID of the network) -c (MAC
address of the client) -0 20 (for deauntheticate
"20" for no of packets to send) (monitor
interface)

You can send any no of packets but few packets would be enough. In the
image I have send 0 packets which is unlimited but it is better you send few
packets and only and if you don’t get the handshake you can hit Ctrl+C to
stop the process and redo it again.


aireplay-ng -a 54:E6:FC:E0:AC:FC -c
9C:4E:36:4E:F5:F0 -0 20 mon0

hack WPA2 and WPA WiFi password

Now it will send deauthentication packet and if you are close to the network
and if everything goes right then he will get disconnected and will try to
connect again and we will get the 4-way handshake file in the top right
corner of the airodump screen as shown below. But, the client should also
be physically close to your wireless adapter network range so that it can
deaunthecate them.

http://www.wirelessdomination.com/how-to-crack-wpa2-and-wpa-wifi-password-step-by-step-guide/[2/10/2016 10:58:23 PM]


Crack WPA and WPA Passwords

hack WPA2 and WPA WiFi password

hack WPA2 and WPA WiFi password

Step 4: Cracking The Password

Now its time to crack the 4-way handshake which is little difficult to do.
There are lots of ways to do it but I will show you the simple one.

First let us see where is our saved .cap(4-way handshake) file so please enter
the following :


ls

It will show you the list of files in your Desktop. The screen would look like
this.

http://www.wirelessdomination.com/how-to-crack-wpa2-and-wpa-wifi-password-step-by-step-guide/[2/10/2016 10:58:23 PM]


Crack WPA and WPA Passwords

hack WPA2 and WPA WiFi password

Now, lets bruteforce the .cap file using aircrack-ng. You will need a
Dictionary or word list file to get it work. There are few of them already in
the BackTrack but you can download more. Aircrack simply tries to match
the word from the dictionary to the .cap file and if matched then it will
show the password but if the word is not in the dictionary then it will fail.
We are using the darkc0de.lst password list which can be found in
“/pentest/passwords/worldlists/darkc0de.lst” of BackTrack. Enter the
following command


aircrack-ng -w (location of the password list)
(cap file *.cap)

In my case,


aircrack-ng -w
/pentest/passwords/worldlists/darkc0de.lst"
WPA2crack-01.cap

hack WPA2 and WPA WiFi password

Depending upon the speed of your CPU and the size of the password file it
could take a lot of time. The -01 is automatically added by the BackTrack
and everything is case sensitive. After executing this command the screen
will look like this.

http://www.wirelessdomination.com/how-to-crack-wpa2-and-wpa-wifi-password-step-by-step-guide/[2/10/2016 10:58:23 PM]


Crack WPA and WPA Passwords

hack WPA2 and WPA WiFi password

If the key is found then it will say, “KEY FOUND!” like in the screenshot
below and if not it will say, The pass-phrase is not in the Dictionary or
something like this. So, if it is not found then you can try to bruteforce it by
trying every combination of word which will take lots of time. I will teach
the other methods soon like brute forcing .cap by using Graphics card and
so on. So, stay tuned.

hack WPA2 and WPA WiFi password

NOTE: It is not guaranteed that you will get the 4-way handshake. It
depends upon various factors. But the main thing is that the physical
distance between your wireless adapter, the access point and the client
should be close to work for it.

Precautions:

Do not put the password that are in the dictionary. Use combination of
alphabets, letters and symbols too
In your router setting you can hide your ESSID (the name of your

http://www.wirelessdomination.com/how-to-crack-wpa2-and-wpa-wifi-password-step-by-step-guide/[2/10/2016 10:58:23 PM]


Crack WPA and WPA Passwords

wireless network)
In your router there will probably be a mac-address filtering service
where you can specify the mac addresses that are allowed to connect to
your router and no other will be able to connect to it but it is a little
irritating if any of your guests wants to connect to your Wifi.

Tweet 5 Like 140

Related Posts

Downloads Page How to Crack WEP Installing Kali Linux


WiFi Password in VirtualBox

Backtrack is dead – 3 Popular Wireless How to Crack WPA2


long live Kali Linux! Hacking Tools WiFi Password Using
Reaver (99%)

http://www.wirelessdomination.com/how-to-crack-wpa2-and-wpa-wifi-password-step-by-step-guide/[2/10/2016 10:58:23 PM]


Crack WPA and WPA Passwords

http://www.wirelessdomination.com/how-to-crack-wpa2-and-wpa-wifi-password-step-by-step-guide/[2/10/2016 10:58:23 PM]


Crack WPA and WPA Passwords

http://www.wirelessdomination.com/how-to-crack-wpa2-and-wpa-wifi-password-step-by-step-guide/[2/10/2016 10:58:23 PM]


Crack WPA and WPA Passwords

http://www.wirelessdomination.com/how-to-crack-wpa2-and-wpa-wifi-password-step-by-step-guide/[2/10/2016 10:58:23 PM]


Crack WPA and WPA Passwords

Wireless Domination Copyright © 2016. Theme by MyThemeShop

http://www.wirelessdomination.com/how-to-crack-wpa2-and-wpa-wifi-password-step-by-step-guide/[2/10/2016 10:58:23 PM]

You might also like