How to Crack WPA

Discussion in 'Microsoft Windows' started by p0tzzz, Feb 3, 2010 with 0 replies and 3,778 views.

  1. p0tzzz

    p0tzzz Enthusiast

    Messages:
    63
    Ratings:
    2
    Credit goes to
    kivi12k

    This tutorial will show you how to crack WPA. There are many ways to do this, but i will be showing you how to using Backtrack.
    Backtrack is a program used to gather information, network mapping, vulnerability identification, web application analysis and more. A WPA dictionary/wordlist is a program that can create an 8,9 or 10 digit password of every single number combination. This will help you crack the password beings as most peoples passwords are their telephone number or their default one.
    TAKE NOTE
    This is alot harder then cracking WEP.
    If you have not cracked a WEP before then i dont know if you will beable to crack a
    WPA.

    You will Need
    -Compatible WiFi Card (Such as Netgear WG111v2)

    -A copy of Backtrack 3 or 4. Find it here

    -WPA Dictionary/wordlist. Download it here

    INSTALLING BACKTRACK
    First download backtrack. I am going to be using backtrack 3
    Their are several ways to install it via USB, Hard Drive, or Bootable Cd
    I am going to show you through the USB.
    First your going to right click on your USB and click "Format" then make sure your USB is set to FAT32. If it is not, set it to FAT32 and reformat it.
    Okay so what you are going to do now is extract the files from Backtrack. Then copy the two folders "BT3" and "boot" and then paste them in your USB drive.
    [​IMG]

    Now you have to make your USB bootable. To do this, go into the "boot" folder
    that you copyed into your USB. Open "bootinst."
    A command prompt shouldve popped up. Just follow the directions.
    Now restart your computer, and while its starting back up press F10 or F12 to boot into Backtrack.

    CRACKING WPA WITH BACKTRACK
    PART1
    First boot into Backtrack.
    Now open up a shell console and type "airmon-ng stop wlan0" hit enter
    Now type the following commands. But treat each command listed below as a SEPERATE command.

    ifconfig wlan0 down

    macchanger --mac 00:11:22:33:44:55 wlan0


    airmon-ng start wlan0 (This may take a few minutes)

    Now type in "airodump-ng wlan0" then hit enter
    The BSSID will now show up. So what you want to do is copy your BSSID.
    It will look something like this "0C:0F:B3:FD:C0:6C"
    Your also going to want to know your channel number. Which would be under "CH"

    Now type "airodump-ng -c (channel number) -w (file name) --bssid (bssid) wlan0"
    then hit enter
    Your file name can be anything, just remember it

    PART 2

    At this moment, it will be locating all the people connected to it. This will only work if you have at least one person connected. Then we will need to capture what we call a "handshake" A handshake can be captured from two ways:

    1. Wait for someone to actually sign on to the network
    2. Knock him off the network, in which he is forced to sign back on

    By this point you should have already found at least one person connected.
    i am going to show you now how to knock him off, thus leading him to sign back in

    Dont do anything to your first shell, just leave it be. Open up a new shell and type
    "aireplay-ng -0 5 -a (bssid)wlan0"

    The 5 is the number of times its going to try to knock him off i believe.

    If you knock him off and he signs back on you should get something at the top right hand corner saying "WPA hanshake: (bssid)"

    PART 3


    Now that you have the WPA handshake, you can attempt to crack it. This is where the hard part comes in. You can now exit out of the other shells. And to make sure your handshake saved, go to "Home" and and it should be a file called watever you named the file earlier in Part 1 with a "-01.cap"

    Okay now open up a new shell and type "aircrack-ng (filename-01.cap)-w (dictionary location)

    To find the dictionary location, go to Home, then click the green up arrow. Then go to the folder "pentest." Then to the folder "wireless." Now choose one of the two folders "cowpathy" or "aircrack." They both have a dictionary. Im going to choose "aircrack."

    Okay now once you opened the folder "aircrack." Click open the folder "test." You should see a file called "password.lst" Now copy the address of the location up in the address bar. Then go back to your shell and paste the location after the "-w" and add "password.lst" after the "/test/" in the location

    Remember its "-w(SPACE) then the location

    Now it should be going through every word in the dictionary. Sometimes you wont find it depending on if their password is a real word or not. Now an alternative dictionary would be the dictionary up at the top which is a pretty descent dictionary if the users password is all numbers. You can find other ones all over the internet. (Remember Google is your friend)
    Sometimes a password will be so strong that you may never get it.

    Hope this helped anyone who was interested
    Happy cracking :thumbup:
     
    • Like Like x 1

Share This Page