GPU-assisted cracking WPA2-PSK passwords with aircrack-ng and oclHashCat.
How to Hack Wi-Fi: Cracking WPA2-PSK Passwords Using Aircrack-Ng Welcome back, my greenhorn hackers. When Wi-Fi was first developed in the late 1990s, Wired Equivalent Privacy was created to give wireless communications confidentiality. WEP, as it became known, proved terribly flawed and easily cracked. You can read more about that in my beginner's guide to hacking Wi-Fi . As a replacement, most wireless access points now use Wi-Fi Protected Access II with a pre-shared key for wireless security, known as WPA2-PSK. WPA2 uses a stronger encryption algorithm, AES, that's very difficult to crack—but not impossible. My beginner's Wi-Fi hacking guide also gives more information on this. The weakness in the WPA2-PSK system is that the encrypted password is shared in what is known as the 4-way handshake. When a client authenticates to the access point (AP), the client and the AP go through a 4-step process to authenticate the user to the AP. If we can grab the password at that time, we can then attempt to crack it. In this tutorial from our Wi-Fi Hacking series, we'll look at using aircrack-ng and a dictionary attack on the encrypted password after grabbing it in the 4-way handshake. If you're looking for a faster way, I suggest you also check out my article on hacking WPA2-PSK passwords using coWPAtty . Step 1: Put Wi-Fi Adapter in Monitor Mode with Airmon-Ng Let's start by putting our wireless adapter in monitor mode. For info on what kind of wireless adapter you should have, check out this guide. This is similar to putting a wired adapter into promiscuous mode. It allows us to see all of the wireless traffic that passes by us in the air. Let's open a terminal and type: airmon-ng start wlan0 Note that airmon-ng has renamed your wlan0 adapter to mon0. Step 2: Capture Traffic with Airodump-Ng Now that our wireless adapter is in monitor mode, we have the capability to see all the wireless traffic that passes by in the air. We can grab that traffic by simply using the airodump-ng command. This command grabs all the traffic that your wireless adapter can see and displays critical information about it, including the BSSID (the MAC address of the AP), power, number of beacon frames, number of data frames, channel, speed, encryption (if any), and finally, the ESSID (what most of us refer to as the SSID). Let's do this by typing: Step 5: Capture the Handshake In the previous step, we bounced the user off their own AP, and now when they re-authenticate, airodump-ng will attempt to grab their password in the new 4-way handshake. Let's go back to our airodump-ng terminal and check to see whether or not we've been successful. Notice in the top line to the far right, airodump-ng says "WPA handshake." This is the way it tells us we were successful in grabbing the encrypted password! That is the first step to success ! Step 6: Let's Aircrack-Ng That Password ! Now that we have the encrypted password in our file WPAcrack, we can run that file against aircrack-ng using a password file of our choice. Remember that this type of attack is only as good as your password file. I'll be using the default password list included with aircrack-ng on BackTrack named darkcOde. We'll now attempt to crack the password by opening another terminal and typing: How Long Will It Take? This process can be relatively slow and tedious. Depending upon the length of your password list, you could be waiting a few minutes to a few days. On my dual core 2.8 gig Intel processor, it's capable of testing a little over 500 passwords per second. That works out to about 1.8 million passwords per hour. Your results will vary. When the password is found, it'll appear on your screen. Remember, the password file is critical. Try the default password file first and if it's not successful, advance to a larger, more complete password file such as one of these. Stay Tuned for More Wireless Hacking Guides Keep coming back, as I promise more advanced methods of hacking wireless in future tutorials. If you haven't seen the other Wi-Fi hacking guides yet, check them out here. Particularly the one on hacking WEP using aircrack-ng and hacking WPA2-PSK passwords using coWPAtty . And as always, if you have questions on any of this, please ask away in the comments below. If it's something unrelated, try asking in the Null Byte forum . Shiniga: Welcome to Null Byte ! If you know the default password, why not just use it? No, cracking necessary. Or, use a much smaller list. There are numerous wordlists built into Kali and available on the web. To find the word lists in Kali, simply type: locate wordlist in any terminal. OTW','url':'http://null-byte.wonderhowto.com/how-to/hack-wi-fi-cracking-wpa2-psk-passwords-using-aircrack-ng-0148366/','og_descr':'Welcome back, my greenhorn hackers. When Wi-Fi was first developed in the late 1990s, Wired Equivalent Privacy was created to give wireless communications confidentiality. WEP, as it became known, proved terribly flawed and easily cracked. You can read more about that in my beginner's guide to hacking Wi-Fi. As a replacement, most wireless access points now use Wi-Fi Protected Access II with a pre-shared key for wireless security, known as WPA2-PSK. WPA2 uses a stronger encryption algorithm, AES, that's very difficult to crack—but not impossible. My beginner's Wi-Fi hacking guide also gives
How To Crack WEP and WPA Wireless Networks Cracking WEP, WPA-PSK and WPA2-PSK wireless security using aircrack-ng. Crack WPA or WPA2 PSK (aircrack-ng).
. This exercise will demonstrate how to use a dictionary attack to crack WPA and WPA2 wireless security. It will show how to use airodump to captu.
How to Hack Wi-Fi: Cracking WPA2-PSK Passwords Using Aircrack-Ng. Welcome back, my greenhorn hackers. When Wi-Fi was first developed in the late 1990s, Wired.
Crack V600 Vs V550
Crack V600 Keurig
Crack Wi-Fi with WPA/WPA2-PSK using Aircrack-ng. HowTo : Pause/Resume Aircrack-ng; HowTo : Identify Hash Type; Installing 'John the Ripper' - The Password Cracker;.