What is Wifi?
Wi-Fi is the name of a popular wireless networking technology that uses radio waves to provide wireless high-speed Internet and network connections. A common misconception is that the term Wi-Fi is short for "wireless fidelity," however this is not the case. Wi-Fi is simply a trademarked phrase that means IEEE 802.11x.
There is Three Wi-Fi security algorithms
Wired Equivalent Privacy (WEP) is the most widely used Wi-Fi security algorithm in the world. This is a function of age, backwards compatibility, and the fact that it appears first in the encryption type selection menus in many router control panels.
Wi-Fi Protected Access (WPA) was the Wi-Fi Alliance’s direct response and replacement to the increasingly apparent vulnerabilities of the WEP standard. It was formally adopted in 2003, a year before WEP was officially retired. The most common WPA configuration is WPA-PSK (Pre-Shared Key). The keys used by WPA are 256-bit, a significant increase over the 64-bit and 128-bit keys used in the WEP system.
WPA2: WPA has, as of 2006, been officially superseded by WPA2. One of the most significant changes between WPA and WPA2 was the mandatory use of AES algorithms and the introduction of CCMP (Counter Cipher Mode with Block Chaining Message Authentication Code Protocol) as a replacement for TKIP (still preserved in WPA2 as a fallback system and for interoperability with WPA).
Cracking a WPA or WPA2 wireless network is more difficult than cracking a WEP protected network because it depends on the complexity of the wireless password and on the attack method (Dictionary Attack or Brute Force Attack). Here you will learn step by step instructions how to crack WPA2 wifi password which uses a pre-shared keys (PSK) of a wireless network. This also applies to WPA secured network.
There is Three Wi-Fi security algorithms
Wired Equivalent Privacy (WEP) is the most widely used Wi-Fi security algorithm in the world. This is a function of age, backwards compatibility, and the fact that it appears first in the encryption type selection menus in many router control panels.
Wi-Fi Protected Access (WPA) was the Wi-Fi Alliance’s direct response and replacement to the increasingly apparent vulnerabilities of the WEP standard. It was formally adopted in 2003, a year before WEP was officially retired. The most common WPA configuration is WPA-PSK (Pre-Shared Key). The keys used by WPA are 256-bit, a significant increase over the 64-bit and 128-bit keys used in the WEP system.
WPA2: WPA has, as of 2006, been officially superseded by WPA2. One of the most significant changes between WPA and WPA2 was the mandatory use of AES algorithms and the introduction of CCMP (Counter Cipher Mode with Block Chaining Message Authentication Code Protocol) as a replacement for TKIP (still preserved in WPA2 as a fallback system and for interoperability with WPA).
Cracking a WPA or WPA2 wireless network is more difficult than cracking a WEP protected network because it depends on the complexity of the wireless password and on the attack method (Dictionary Attack or Brute Force Attack). Here you will learn step by step instructions how to crack WPA2 wifi password which uses a pre-shared keys (PSK) of a wireless network. This also applies to WPA secured network.
What will you need to Hack WPA2 and WPA Encrypted WiFi Network
- Back Track 5 Torrent
- VMware Player
- Wireless network adapter
Step 1
- Plugin Wireless network adapter
- Run Vmware Player. After this Boot into Backtrack.
- If you don't How to Install Backtrack in VMware and how to Boot Backtrack Check my Previous post
- Insert username and password to move further.
- bt login : root
- Password : toor
- Then type "startx"
How to Hack WPA2 and WPA Encrypted WiFi Network |
Step 2
- You want to make sure usb wireless device is actually showing in virtual machine
- Go to Player > Removeable Devices > Move the cursor on your device name > click on "Connec" if it is not connected.
Before launching the attack you need to know about your wireless network interface name, make your wireless card is in monitor mode. Then get the BSSID ( it is the series of unique letters and number of a particular router) of the access point. So let us do all these things. For better Understanding and details watch Video.
Step 3
First lets find your wireless card. Inside terminal or console, type:
Press Enter and there you should see a list of interface names of different devices. There should be a wireless device in that list you you have connected it to BackTrack. Probably it may be wlan0 or wlan1.
How to Hack WPA2 and WPA Encrypted WiFi Network |
Step 4
Enable monitor mode. Supposing your wireless card interface name as wlan0, type this command in that same console. type:
airmon-ng start wlan0
This code will create a new monitor mode interface mon0 like in the screenshot below which you want to keep note of.
How to Hack WPA2 and WPA Encrypted WiFi Network |
Step 5
- Search the BSSID and channel of the Access Point (router) you want to crack. Now let us find the information. For this type the following and press Enter
airodump-ng mon0
How to Hack WPA2 and WPA Encrypted WiFi Network |
Step 6:
Then you will see a list of Wireless Networks available around you and please keep note of the BSSID and channel of the ESSID (wireless network) you want to crack. Please note that the less the number is in the PWR column the close you are to the router; example mine is (-42) which means i am quite near to the router. When you find it hit CTrl+C to stop it scanning and enter the following:
airodump-ng --bssid (AP BSSID address) -c (chaneel no) -w (file name you want to save with) (monitor interface)
So, in my case it will be
airodump-ng --bssid 54:E6:FC:E0:AC:FC -c 1 -w WPAcrack mon0
Then the screen will look like this:
How to Hack WPA2 and WPA Encrypted WiFi Network |
How to Hack WPA2 and WPA Encrypted WiFi Network |
Step 7
Now, its time to capture a 4-way handshake so that we can use it to get the plain password of the network. Here is a little tricky part, if there is a client connected to the network then there will a mac address listed in the “station column” like in the screenshot below and if not then you will have to wait for someone to connect it to get 4-way handshake.You will get the handshake if anyone tries to connect to that network.
But, if there is someone is connected on the network then you can deauthenticate him so that he will try to reconnect and you will be able to get the handshake. To deauthenticate him enter the following code in new console. But, before take note of the Mac Address of the station.
aireplay-ng -a (BSSID of the network) -c (MAC address of the client) -0 20 (for deauntheticate "20" for no of packets to send) (monitor interface)
You can send any no of packets but few packets would be enough. In the image I have send 0 packets which is unlimited but it is better you send few packets and only and if you don’t get the handshake you can hit Ctrl+C to stop the process and redo it again.
aireplay-ng -a 54:E6:FC:E0:AC:FC -c 9C:4E:36:4E:F5:F0 -0 20 mon0
How to Hack WPA2 and WPA Encrypted WiFi Network |
Step 8
Now it will send deauthentication packet and if you are close to the network and if everything goes right then he will get disconnected and will try to connect again and we will get the 4-way handshake file in the top right corner of the airodump screen as shown below. But, the client should also be physically close to your wireless adapter network range so that it can deaunthecate them.
How to Hack WPA2 and WPA Encrypted WiFi Network |
Step 9
Now its time to crack the 4-way handshake which is little difficult to do. There are lots of ways to do it but I will show you the simple one.
First let us see where is our saved .cap(4-way handshake) file so please enter the following :
ls
It will show you the list of files in your Desktop. The screen would look like this.
How to Hack WPA2 and WPA Encrypted WiFi Network |
Step 10
Now, lets bruteforce the .cap file using aircrack-ng. You will need a Dictionary or word list file to get it work. There are few of them already in the BackTrack but you can download more. Aircrack simply tries to match the word from the dictionary to the .cap file and if matched then it will show the password but if the word is not in the dictionary then it will fail. We are using the darkc0de.lst password list which can be found in “/pentest/passwords/worldlists/darkc0de.lst” of BackTrack. Enter the following command
aircrack-ng -w (location of the password list) (cap file *.cap)
In my case,
aircrack-ng -w /pentest/passwords/worldlists/darkc0de.lst" WPA2crack-01.cap
How to Hack WPA2 and WPA Encrypted WiFi Network |
Step 11
Depending upon the speed of your CPU and the size of the password file it could take a lot of time. The -01 is automatically added by the BackTrack and everything is case sensitive. After executing this command the screen will look like this.
How to Hack WPA2 and WPA Encrypted WiFi Network |
Step 12
If the key is found then it will say, “KEY FOUND!” like in the screenshot below and if not it will say, The pass-phrase is not in the Dictionary or something like this. So, if it is not found then you can try to bruteforce it by trying every combination of word which will take lots of time. I will teach the other methods soon like brute forcing .cap by using Graphics card and so on. So, stay tuned.
How to Hack WPA2 and WPA Encrypted WiFi Network |
NOTE: It is not guaranteed that you will get the 4-way handshake. It depends upon various factors. But the main thing is that the physical distance between your wireless adapter, the access point and the client should be close to work for it.
Precautions:
Do not put the password that are in the dictionary. Use combination of alphabets, letters and symbols too
In your router setting you can hide your ESSID (the name of your wireless network)
In your router there will probably be a mac-address filtering service where you can specify the mac addresses that are allowed to connect to your router and no other will be able to connect to it but it is a little irritating if any of your guests wants to connect to your Wifi.
No comments:
Post a Comment