10-07-2016, 07:44 PM
WPA/WPA2 Wifi Hacking Tutorial
In this tutorial, I will demonstrate how to crack WEP's big brothers: WPA annd WPA2
In the last tutorial we saw how weak and easy to crack WEP encryption is. I will now show you how to crack the most popular replacement for WEP. WPA2 uses a stronger encryption algorithm, AES, that's very difficult to crack—but not impossible.
When a user connects to a WPA2 Access point, the client and AP ue a "4 way handshake" to authenticate the client. This is how we can crack the encryption: if we can capture the 4 way handshake, we can crack the password. We will again use aircrack-ng, and this time we will use a dictionary attack to crack the password.
1) Put your WiFi Adapter into Monitor mode, to monitor and capture traffic on the network:
Code:
Code:
airmon-ng start wlan0Replace wlan0 with the identifier of your adapter, as in tutorial 1.
Note that airmon-ng has renamed your wlan0 adapter to wlan0mon.
IF YOU WANT TO REMAIN ANONYMOUS, SPOOF YOUR MAC. Run these commands:
Code:
Code:
ifconfig wlan0 down
macchanger -m 99:88:77:66:55:44 wlan0mon
ifconfig wlan0 upThis will change your MAC address of your wireless adapter, you can run it again for wlan0mon.
2) Begin capturing traffic:
We will again use airodump-ng to capture packets sent over the wireless network. First we need to get the information about the network we are trying to crack:
Code:
Code:
airodump-ng wlan0mon3) Capture traffic on the target AP:
Now we will focus on a single network, make sure its encryption is WPA2. Run this command:
Code:
Code:
airodump-ng --bssid 00:11:22:33:44:55 -c 11 --write example wlan0monreplace 00:11:22:33:44:55 with the bssid of the target network, and 11 with the channel. "example" is the file the captured packets will be written to.
4) Force a 4 way handshake:
To capture the password, we need to capture the authentication process. We can quickly do this by forcing them off the network, whereby there system will automatically reauthenticate them. Open a new terminal window and run this command:
Code:
Code:
aireplay-ng --deauth 1 -a 00:11:22:33:44:55 wlan0monThe 1 is the number of de-authenticate frames you want to send, and 00:11:22:33:44:55 is the bssid of the access point.
If the command was successful, we should see "WPA handshake." in the top corner of our airodump terminal. We now have the encrypted password!
5) Cracking the password
We can now use aircrack-ng to crack the encrypted password in our "example" file. This is a dictionary attack, so the attack is only as good as the dictionary file you use. Use Ctrl + C to stop the airodump process running, and then run this command in a new terminal:
Code:
Code:
aircrack-ng example-01.cap -w '/root/desktop/exampleworldlist'We don't need to be in range of the network to crack the password. You can also use multiple wordlists to crack the password, but double ups in the 2 lists will increase the cracking time as the program will have to check the same password twice. You can download wordlists from the internet: The default directory for wordlists on kali is "/pentest/passwords/wordlists/" so if you have a default dictionary there, feel free to use that.
6) Wait. This process of cracking could take a long time - hours to days. The stronger the password, the longer it will take to crack it - if ever. A strong password can sometimes only be cracked with a bruteforce attack (testing every possible combination of numbers, letters and symbols), and that takes much much longer. if you cant crack this password, find another network to attack. When the password is found, it will be displayed on your screen. You now have access!
Thanks for reading, please reply with your thanks if you enjoyed this and/or found it useful.
![[Image: FTYbRmR.gif]](http://i.imgur.com/FTYbRmR.gif)
Check Out My Free Crypting Service Here
![[-]](https://weleaks.info/images/collapse.png)
