Scribd Logo
Upload

Welcome to Scribd!

  • Air Crack

    Uploaded by

    mladen032
    10 views10 pages
    AirCrack

    Original Title

    Air Crack Doc

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    AirCrack

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    10 views10 pages

    Air Crack

    Uploaded by

    mladen032
    AirCrack

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 10

    WPA2 Cracking with BackTrack 5 R2 and Aircrack-ng

    This is a basic tutorial with all the information you need to be able to crack WPA2 with BackTrack 5
    R2 and Aircrack-ng.

    All commands to be written into the terminal will be written in Courier New.

    What you will need before starting this tutorial:

    1. BackTrack 5 R2 OS (which comes with Aircrack-ng preinstalled)
    2. A wordlist (well talk about this more soon)
    3. Something to take notes with (a text editor or just a plain old pen and paper)

    Before you begin WPA2 cracking, youll need to download a wordlist to your computer. This wordlist
    will be an .lst file containing the words from a book, dictionary, etc. Many wordlists are available for
    download online. Here is a list of websites containing downloadable wordlists (list adopted from
    aircrack-ng.org):

    ftp://ftp.openwall.com/pub/wordlists/
    http://www.openwall.com/mirrors/
    http://ftp.sunet.se/pub/security/tools/net/Openwall/wordlists/
    ftp://ftp.ox.ac.uk/pub/wordlists/
    http://gdataonline.com/downloads/GDict/
    http://www.theargon.com/achilles/wordlists/
    http://theargon.com/achilles/wordlists/theargonlists/
    ftp://ftp.cerias.purdue.edu/pub/dict/
    http://www.outpost9.com/files/WordLists.html
    http://www.securinfos.info/wordlists_dictionnaires.php
    http://www.vulnerabilityassessment.co.uk/passwords.htm
    http://packetstormsecurity.org/Crackers/wordlists/
    http://www.ai.uga.edu/ftplib/natural-language/moby/
    http://www.insidepro.com/eng/download.shtml
    http://www.word-list.com/
    http://www.cotse.com/tools/wordlists1.htm
    http://www.cotse.com/tools/wordlists2.htm
    http://wordlist.sourceforge.net/

    Most come in .zip file format. Extract the files and you will only need the .lst file. If there are multiple
    .lst files, you can open them in a text editor (Notepad, Notepad++, etc) and combine them together
    into one large word list. In our example, we have named the wordlist wordlist.lst and it is saved to
    our Desktop.

    Lets begin. This tutorial will show the step-by-step instructions to crack WPA2 on the ya mamma
    network.

    Once you have BackTrack 5 R2 up and running, youll need to make sure that you are not connected
    to the internet. To do this, go to Applications > Internet > Wicd Network Manger and make sure that it
    states Not connected in the bottom left-hand corner. If you are connected to a network, click
    Disconnect All located at the top of the window.



























    Once you have confirmed that your computer is not connected to the internet, run the command:

    airmon-ng : This command shows the interfaces status. You need to change the status from
    managed mode to monitor mode. This allows you to capture packets without
    being associated with an access point or ad-hoc network. You are now able to
    monitor all traffic received from the wireless network.





















    Now we will run the command:

    airmon-ng start wlan0 : This command enables monitor mode on the wireless interface.
    This also creates mon0, which is the same interface, just in
    promiscuous mode.


























    Now we will run the command:

    airodump-ng mon0: This displays information of the networks it has found about the access
    point and the client.

    This is where you will locate the:

    BSSID: MAC address of the access point.

    Channel (CH): Channel number (taken from beacon packets).

    Station: MAC address of each associated station or stations searching for an AP to
    connect with (client).



    Copy and paste each of these items into a text editor or write them down.


    Now we will run the command:
    airodump-ng w capture-packages bssid (accesspoint) c (channel) mon0

    for our example, it would look like:

    airodump-ng w capture-packages bssid 00:22:75:E7:6E:0B c 11 mon0

    Then you have to wait for activity on the network. Once there is a valid handshake, it will display
    WPA handshake: (BSSID), as shown below. This has created a capture file of information from the
    handshake. In our example, the capture file will be prefixed with capture-packages and saved on the
    root directory.








    Now we will run the command:

    aireplay-ng --deauth 1 a (accesspoint) c (client) mon0

    for our example, it would look like:

    aireplay-ng --deauth 1 a 00:22:75:E7:6E:0B c F0:CB:A1:2A:FB:62 mon0

    If you need to force traffic on the network to be able to obtain handshake information, you can
    deauthenticate clients associated to the access point, so they will need to reauthenticate.




















    Now we will run the command:

    aircrack-ng capture-packages-01.cap w /root/Desktop/wordlist.lst

    This will use aircrack-ng to go through the capture-packages handshake capture file we created from
    an earlier step. It will run the wordlist we have saved as wordlist.lst located on our desktop. Once it
    has found the network password, it will display:

    KEY FOUND! [ (network password)]










    Here we are confirming that the password is correct:



    And were connected!

    All information found at http://www.aircrack-ng.org/.

    You might also like