This tutorial walks you though a very simple case to crack a WEP key. It is intended to build your basic skills and get you familiar with the concepts. It assumes you have a working wireless card with drivers already patched for injection.
According to the official website, Cain & Abel is a password recovery tool for Microsoft Operating Systems. It allows easy recovery of various kinds of passwords by sniffing the network, cracking encrypted passwords using Dictionary, Brute-Force and Cryptanalysis attacks, recording VoIP conversations, decoding scrambled passwords, recovering wireless network keys, revealing password boxes, uncovering cached passwords and analyzing routing protocols.
The latest version is faster and contains a lot of new features like APR (ARP Poison Routing) which enables sniffing on switched LANs and Man-in-the-Middle attacks. The sniffer in this version can also analyze encrypted protocols such as SSH-1 and HTTPS and contains filters to capture credentials from a wide range of authentication mechanisms. The new version also ships routing protocols authentication monitors and routes extractors, dictionary and brute-force crackers for all common hashing algorithms and for several specific authentications, password/hash calculators, cryptanalysis attacks, password decoders and some not so common utilities related to network and system security.
When Wi-Fi was first developed in the late 1990s, Wired Equivalent Privacy was created to give wireless communications confidentiality. WEP, as it became known, proved terribly flawed and easily cracked. You can read more about that in my beginner's guide to hacking Wi-Fi.
The weakness in the WPA2-PSK system is that the encrypted password is shared in what is known as the 4-way handshake. When a client authenticates to the access point (AP), the client and the AP go through a 4-step process to authenticate the user to the AP. If we can grab the password at that time, we can then attempt to crack it.
In this tutorial from our Wi-Fi Hacking series, we'll look at using aircrack-ng and a dictionary attack on the encrypted password after grabbing it in the 4-way handshake. If you're looking for a faster way, I suggest you also check out my article on hacking WPA2-PSK passwords using coWPAtty.
Now that we have the encrypted password in our file WPAcrack, we can run that file against aircrack-ng using a password file of our choice. Remember that this type of attack is only as good as your password file. I'll be using the default password list included with aircrack-ng on BackTrack named darkcOde.
Keep coming back, as I promise more advanced methods of hacking wireless in future tutorials. If you haven't seen the other Wi-Fi hacking guides yet, check them out here. Particularly the one on hacking WEP using aircrack-ng and hacking WPA2-PSK passwords using coWPAtty.
Hello Master OTW!Thanks so much for ur hard work. People like us are finding ur tutorials more useful.I have a little problem. I followed ur tutorials on cracking WPA/WPA2 and everything worked out fine.Just the last stage, the aircrack-ng;When I typed aircrack-ng WPAcrack-01.cap -w /pentest/passwords/wordlists/darkc0deThis is what I got:Opening WPAcrack-01.capPlease specify a dictionary (Option -w).
i tried it with this time darkcode..changing the zero in darkc0de to to an o..still No such file or directory...am imagining my kali doesnt have it...i deleted backtrack5 and installed kali...so how do i get other password lists and more important how do i install it straight into the aircrack-ng directory...
I tried cracking WPA2 networks last week using airodump and fern, but my chromebook's processor is not that powerful! :P Will definitely have to play around with the command prompt way, I'm a sucker for GUi's...haha Also, thanks for the password lists, those are hard to find sometimes, surprisingly.
Hey, i came across a issue, i think i went through all of the steps here word for word and about two times it said "WPA Handshake" and the Bssid in the top right but when i went and tried to use the darkc0de command "aircrack-ng WPAcrack-01.cap -w /pentest/passwords/wordlists/darkc0de" it at first said specify a dictionary so i entered darc0de as darkc0de.lst and it seemed to work, but now I'm coming across this in the top right console it says there is no Valid WPA Handshake but on the left one it says it went through after authentication.
Hmm from what i seen/hear from yours that would be the case, but when i tried last night only a few times would i even get a WPA Handshake, the other times i waited hours and got nothing, so WPA handshake should be instant and afterwards i use the aircrack-ng WPAcrack-01.cap -w /pentest/passwords/wordlists/darkc0de.lst command and it should be all fine and i will have to wait for that one
Hmm, is there a "Quicker" Method to WEP/WPA/WPA2 Password cracking? The two smaller files that i tried were both unable to find the password and the Larger One i downloaded from the two links will take about a week I'm guessing to even come near completion and i only have one Laptop and use it daily so i can't exactly just leave it for a week and Hope for it to find the password, Given that the password isn't in that large list.
Hmm well i went and loaded up BT and ive downloaded the most recent, and i only once randomly got the handshake, but when i try this "airodump --bssid 00:09:5B:6F:64:1E -c 11 WEPcrack mon0" in the WEP Guide (using the Bssid's channel and own Bssid) It says the command does not exist No issues up until i have to enter that
Is this something I may need to do? I have BT v3 iso both the 32 and 64 versions. Tried running the 64 version off of a usb with a little over 7 gb space. Booted off the usb and ran in text mode. Entered startx to get to gui. Then tried iwconfig and it couldn't find anything. I have an external wireless reciever. I am pretty sure it is aircrack compatible. It is a NETGEAR WNDA3100 not sure if it is v1 or v2 but I believe both are compatible. Do I need to install BT to my machine instead using a VM?
but if i do aircrack-ng WPAcrack-01.cap -w /pentest/passwords/wordlists/darkc0de it says that i didn't chose an network/ he didn't find a network. and if i do airodump-ng --bssid 08:86:30:74:22:76 -c 6 --write WPAcrack mon0 and then aireplay-ng --deauth 100 -a 08:86:30:74:22:76 mon0 and i go back to look if i capture the hand shake than i see that i was succesful and than i see fixed chanel again. how can i solve these problems?
I did each step in order, i was able to see the wireless network en i did this:1airmon-ng start wlan02airodump-ng mon03airodump-ng --bssid 08:86:30:74:22:76 -c 6 --write WPAcrack mon0 (with my own selected bssid and chanel)4aireplay-ng --deauth 100 -a 08:86:30:74:22:76 mon05 then i see that i have captured the wpa handshake and than i see fixed chanel again.
When you are in BT, try removing the usb wireless adapter and then inserting it. If BT has a driver for your card, it will automount the device and driver, similar to Windows PnP. If that doesn't work, there may not be a driver for the wireless adapter in BT. You can then either find a driver and install it or buy a new wireless adapter that has a driver in BT. Buying another wireless card might be your best bet as few wireless card are compatible with aircrack-ng. Before you buy, check if it is on the compatible list.
I had tried to crack my own wifi first because it easy and i know of cause my own password so i set the password into the wordlist when then i tried to crack it and the terminal had tried all the keys it says. passphrase not in dictionary quitting aircrack-ng...
I opened the terminal and typedaircrack-ng wpacrack-01.cap -w /pentest/passwords/wordlists/darkc0de.lst= its beginning to set the keys in.When it was finnish it says : passphrase not in dictionary quitting aircrack-ng...
As per your guideline I have used one Tech-Com 802.11/b/g/n 150 Mbps wireless USB Adapter. But inspite of that my Kali or BTr3 is not showing the wifi usb adapter. Is there any problem with me master ? But when I am using live Kali or BTr3 it is detecting. But dear master it is not detecting password and showing the same prob.
What does that mean , when i use darkc0de it says:root@Vats:~# aircrack-ng /WPAcrack-01.cap -w /pentest/passwords/wordlists/darkc0defopen(dictionary) failed: No such file or directoryfopen(dictionary) failed: No such file or directoryPlease helpThank you
I was wondering about the syntax of implementing a password dictionary as above - is there a method through which aircrack can combine multiple words within a dictionary together and test each of those as a separate password?
I have cracked the password, it is not connecting to my cell phone .First it scans then try to use remembered password and then say connecting.Just after authenticating it again start scanning and it start repeating the process again. After two or three try , the wi-fi network disappears. I see you said MAC or IP Filtering to Secret(a Member). How to crack the MAC or Ip filtering. I researched on internet and found that my HTC Wildfire requires network certificate(.p12). Or is there any other term , Please tell me i cant wait to crack down my network fully
I'm sure what web site covers this best, but you do have several GPU utilizing tools in Kali under Password Attacks and then GPU tools. I'm starting a new series on password cracking next week, so you may find that useful.
NewbeeSwing and a miss.oot@bt:~# aircrack-ng WPAcrack-01.cap -w /pentest/passwords/wordlists/darkc0defopen(dictionary) failed: No such file or directoryfopren(dictionary) failed: No such file or directoryOpening WPAcrack-01.capRead 37554 packets. 2b1af7f3a8