Skip to main content
When Wi-Fi was first developed in the late 1990s, Wired Equivalent Privacy was created to give wireless communications confidentiality. WEP, as it became known, proved terribly flawed and easily cracked.
As a replacement, most wireless access points now use Wi-Fi Protected Access II with a pre-shared key for wireless security, known as WPA2-PSK. WPA2 uses a stronger encryption algorithm, AES, that's very difficult to crack—but not impossible.
The weakness in the WPA2-PSK system is that the encrypted password is shared in what is known as the 4-way handshake. When a client authenticates to the access point (AP), the client and the AP go through a 4-step process to authenticate the user to the AP. If we can grab the password at that time, we can then attempt to crack it.
Image via Shutterstock
In this tutorial, we'll look at using aircrack-ng and a dictionary attack on the encrypted password after grabbing it in the 4-way handshake.

Step 1Put Wi-Fi Adapter in Monitor Mode with Airmon-Ng

Let's start by putting our wireless adapter in monitor mode.
For this to work, we'll need to use a compatible wireless network adapter
  • airmon-ng start wlan0
Note that airmon-ng has renamed your wlan0 adapter to mon0.

Step 2Capture Traffic with Airodump-Ng

Now that our wireless adapter is in monitor mode, we have the capability to see all the wireless traffic that passes by in the air. We can grab that traffic by simply using the airodump-ng command.
This command grabs all the traffic that your wireless adapter can see and displays critical information about it, including the BSSID (the MAC address of the AP), power, number of beacon frames, number of data frames, channel, speed, encryption (if any), and finally, the ESSID (what most of us refer to as the SSID). Let's do this by typing:
  • airodump-ng mon0
Note all of the visible APs are listed in the upper part of the screen and the clients are listed in the lower part of the screen.

Step 3Focus Airodump-Ng on One AP on One Channel

Our next step is to focus our efforts on one AP, on one channel, and capture critical data from it. We need the BSSID and channel to do this. Let's open another terminal and type:
  • airodump-ng --bssid 08:86:30:74:22:76 -c 6 --write WPAcrack mon0
  • 08:86:30:74:22:76 is the BSSID of the AP
  • -c 6 is the channel the AP is operating on
  • WPAcrack is the file you want to write to
  • mon0 is the monitoring wireless adapter*
As you can see in the screenshot above, we're now focusing on capturing data from one AP with a ESSID of Belkin276 on channel 6. The Belkin276 is probably a default SSID, which are prime targets for wireless hacking as the users that leave the default ESSID usually don't spend much effort securing their AP.

Step 4Aireplay-Ng Deauth

In order to capture the encrypted password, we need to have the client authenticate against the AP. If they're already authenticated, we can de-authenticate them (kick them off) and their system will automatically re-authenticate, whereby we can grab their encrypted password in the process. Let's open another terminal and type:
  • aireplay-ng --deauth 100 -a 08:86:30:74:22:76 mon0
  • 100 is the number of de-authenticate frames you want to send
  • 08:86:30:74:22:76 is the BSSID of the AP
  • mon0 is the monitoring wireless adapter

Step 5Capture the Handshake

In the previous step, we bounced the user off their own AP, and now when they re-authenticate, airodump-ng will attempt to grab their password in the new 4-way handshake. Let's go back to our airodump-ng terminal and check to see whether or not we've been successful.
Notice in the top line to the far right, airodump-ng says "WPA handshake." This is the way it tells us we were successful in grabbing the encrypted password! That is the first step to success!

Step 6Let's Aircrack-Ng That Password!

Now that we have the encrypted password in our file WPAcrack, we can run that file against aircrack-ng using a password file of our choice. Remember that this type of attack is only as good as your password file. I'll be using the default password list included with aircrack-ng on BackTrack named darkcOde.
We'll now attempt to crack the password by opening another terminal and typing:
  • aircrack-ng WPAcrack-01.cap -w /pentest/passwords/wordlists/darkc0de
  • WPAcrack-01.cap is the name of the file we wrote to in the airodump-ng command
  • /pentest/passwords/wordlist/darkc0de is the absolute path to your password file

Comments

Post a Comment

Popular posts from this blog

HOW TO HACK WIFI WPA WPA2 WPS IN WINDOWS IN 2 MINS USING JUMPSTART AND DUMPPER Hy Friends welcome to techforumandroid.blospot.com where you find awsome hacking tricks I am going to share a Method to hack Wifi Password, using this method we can hack wifi WPA/WPA2 – WPS enabled network within seconds, the easiest and best way to Hack wpa/wpa2 - wps  networks. THIS IS FOR EDUCATIONAL PURPOSE ONLY, I AM NOT RESPONSIBLE FOR ANY  ILLEGAL ACTIVITIES DONE BY VISITORS, THIS IS FOR ETHICAL PURPOSE ONLY What is WPA/WPA2 : Wi-Fi Protected Access (WPA) andWi-Fi Protected Access II(WPA2) are two security protocols and security certification programs developed by theWi-Fi Allianceto secure wireless computer networks. The Alliance defined these in response to serious weaknesses researchers had found in the previous system,WEP (Wired Equivalent Privacy). WPA became available in 2003. The Wi-Fi Alliance intended it as an intermediate measure in anticip...
2 comments
Read more

What is The DVDrip, BRrip, DVDscr, TSrip, & Cam

Cam:  A Cam is a theater rip usually done with a digital video camera. Sometimes they use mini tripod, but a lot of them do this manually so the camera make shake. And sometimes the seating placement isn’t always idle; it might be filmed from an angle. The sound is taken directly from the onboard microphone of the camera, so sometimes you can hear the audience’s laughter quite often during the film. Due to these factors the sound and picture quality usually very poor. DVDRip: Is a copy of a original DVD. The quality is excellent (DVD Quality). DVDRip Quality is ready to download when Original DVD is in the market. DVDrips are released in SVCD and DivX/XviD. BRrip/BDrip – It is ripped from a Blu-ray disk and has excellent quality and resolution. Better than DVDrips. Scr/DVDScr:  This are ripped from promotional VHS tape/ DVDs. The quality may be differing according to the equipment used and skill of the ripper. Some times good as DVDrip. But usually these contain...
Post a Comment
Read more
Play Introduction 12 questions every round, for each question you have 10 seconds to choose the correct answer. You will be eliminated when a wrong answer is selected or timed-out. Correctly answer the 12 questions to divide cash reward. Earn real money with snaptube download snaptube with this link  snaptube apk  after open u see popup window open displaying snaptube carorepati icon click on it and sign in with gmail or facebook to win money upto 5k  Rules of the Game 1. "Snaptube Crorepati" is a real-time live contest, participants answer the 12 questions correctly to divide cash reward. Users log in to participate in the real-time contest. A total of 12 questions for each round, each question has 2-4 answer options, choose the only option you think is correct. Only 10 seconds to answer each question, overtime or wrong selection will cause elimination. If you hold a Reborn Card, the Reborn Card will be redeemed automa...
1 comment
Read more