Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
Search
Members
Awards
Help
Contact
Affiliates
Upgrade
Visual Basic Board / Hacking / Wifi Wireless Hacking / [Tut]How to crack WPA/2-PSK w/ BT4 [Tut]
11-28-2010, 05:15 PM (This post was last modified: 11-28-2010 05:24 PM by Algorithm.)
Algorithm
Registered
All right another tutorial on how to hack a wireless network. Today we will be learning how to do a dictionary attack on a router that has a WPA/2-PSK password. We will go over two ways to do this, one is with just using aircrack-ng the other is with cowpatty. There are like 5 ways to crack a wpa-psk password I do believe, but for now we will go over the two that are the easiest. We will need two things for this pentest: backtrack and a really good dictionary file. You can find some good dictionary files on the net, just google. So lets get started and boot up with backtrack. *Disclaimer: Cracking anybodies router password is ILLEGAL. You can get convicted of a crime for doing so. So only do this on your own router. This tutorial is for educational use only.* We need to find out what kind of wireless card we have so open a console window and type: Code: airmon-ng Spoiler (Click to Hide)
Now we have to set our wireless card to monitor mode to monitor the network so type this in to the console window: Code: airmon-ng start wlan0 Oh yeah make sure its your's and not what I have in the pic. Spoiler (Click to Hide)
Ok we have our cards in monitor mode now lets scan the network for some connections type this in the console window: Code: airodump-ng You should see something like this: Spoiler (Click to Hide)
Take note of all these things cause we will need all these things about the network so open Kate and type all this info in. Another note, you will always need some connected to the network you are trying to penetrate. So press ctrl + c to stop airmon-ng and copy all the info. Now we need to focus only on the specfied network and get the rest of the clutter out of the way. By now your screen is probably nice and full so type in "clear" w/ out the parentheses to clear the screen. We will now use the following code: example: Code: airodump-ng -c (c) --bssid (bssid) -w (captureFileName) mon0 The -c = channel of the network. The --bssid = the bssid of the network example: 00:11:22:33:44:55 The -w = write to a file that is saved with a .cap extension
http://www.vb-board.com/showthread.php?tid=1218 (5 of 11) [20/04/2011 01:41:10 p.m.]
actual code example: Code: airodump-ng -c 6 --bssid 00:23:97:F5:22:F7 -w dump mon0 Spoiler (Click to View) Now that we got that going it is time to open a second konsole window to Deauth the user that is connected. We need to knock the user off line temporary to make them reconnect so we can intercept the router's creditials. This is called getting the four-way handshake. This is why we always need someone connected. Now we need the info that we copied to kate or notepad. Here is the example code: Code: aireplay-ng -0 1 -a (bssid) -c (station) mon0 The The The The The -0 = the deauth paremeter for aireplay-ng 1 = is how many times we send the deauth command -a = bssid number -c = the station number "connected computer" mon0 = our card of course
actual code example: Code: aireplay-ng -0 10 -a 00:23:97:F5:22:F7 -c 00:C0:A8:CF:19:09 mon0 For tutorial sake put a 10 for how many times to deauth. Now If we are successful with the deauth in the airodump-ng console you will see at the top right corner "WPA Handshake". Spoiler (Click to Hide)
Now I would maybe deauth them like a couple of times just to be safe that you got the handshake. If successful stop all your processes with ctrl + c in each window. Now clear a console window its time to crack that PSK. First we will use aircrack-ng. For the purpose of the tutorial I put the actual password in a password list that I found, to show you what a successful crack would look like. Have your password list on the desktop so there is no confusion on location. Now lets start with a example: Code: aircrack-ng -w (filename) youcapfile-01.cap The -w = a password text file The yourcapfile-01.cap is your cap file. actual code:
http://www.vb-board.com/showthread.php?tid=1218 (7 of 11) [20/04/2011 01:41:10 p.m.]
Code: aircrack-ng -w pass dump-01.cap The dump-01.cap is the dump file we made in airodump-ng. Now the successful message if you have the password in your dictionary file. Spoiler (Click to Hide)
Now for the cowpatty method it is really slow and I wouldnt recommend using this way unless you used gen-pmk to create a hash file which I write a tutorial on next. So clear out your code window and type the following: example code: Code:
http://www.vb-board.com/showthread.php?tid=1218 (8 of 11) [20/04/2011 01:41:10 p.m.]
cowpatty -r (capfile) -f (dictionaryfile) -s (essid) actual code: Code: cowpatty -r dump-01.cap -f pass -s 10FX0697705 As you can see it is slow. Spoiler (Click to View) Spoiler (Click to View) Well that is it for now. Next we will use gen-pmk to make a hashfile and make the cracking process for big dictionary files fast. Hope this helps someone here. Happy hacking! Goals here at VB-Board: Get 20 rep [x] Make a 100 posts[] Get 50 rep [] Make a 1000 posts [] Make 20+ tutorials or more []
11-29-2010, 09:39 AM
Post: #2
Owner
Administrators
RE: [Tut]How to crack WPA/2-PSK w/ BT4 [Tut]
yet another impressive tutorial, nice - Spend $5 to become VIP on Vb-Board to access tons of great downloads and other perks Affiliate With VB-Board to gain traffic to your website
http://www.vb-board.com/showthread.php?tid=1218 (9 of 11) [20/04/2011 01:41:10 p.m.]
11-29-2010, 09:58 AM
Post: #3
Algorithm
Registered
Wrote: yet another impressive tutorial, nice Thanks I should have some more going up very soon. Goals here at VB-Board: Get 20 rep [x] Make a 100 posts[] Get 50 rep [] Make a 1000 posts [] Make 20+ tutorials or more []
View a Printable Version Send this Thread to a Friend Subscribe to this thread
Go
Contact Us | Visual Basic Board | Return to Top | Return to Content | Lite (Archive) Mode | RSS Syndication Powered By MyBB, 2002-2011 MyBB Group.