Cracking a WPA2 WiFi Password with Aircrack-ng

September 1, 2015 | Views: 165902

Begin Learning Cyber Security for FREE Now!

FREE REGISTRATIONAlready a Member Login Here

Hola amigos…

Aim: To crack a WPA2-psk encrypted WiFi password using Aircrack-ng.

Requirements:

  • If  you’re using a Kali Linux in VMware or other virtual machines, then you need to get a compatible USB WiFi receiver (I’m using an Atheros AR9271 wireless network adapter), because WiFi connections don’t show up in virtual machines. Instead, they show those connections as LAN and also in order to do packet injections (we’ll discuss about packet injections and their need in few minutes).
  • If you dual-booted your system and/or using Ubuntu or Mint Linux, then you’re good to go.

Wait…wait…

You also need a word list comprising of all the possible different combination of pass-phrases. You can can download some of them from Torrentz or click here.

You need the Aircrack-ng suite (in Kali Linux, it comes as a built-in tool). For others, you can get it by doing “sudo apt-get install aircrack-ng”

 

Moving ahead, assuming that you have met the above requirements…

 

Procedure:

Attach the USB WiFi receiver to the virtual machine (if you’re using one). Open up your terminal as root and type “ifconfig”. This will show you all the networking interfaces connected to your device.

Now, type “airmon-ng start wlan0 mon0”. This command will push your wireless interface into monitor mode. Here, ‘airmon-ng’ is a traffic monitoring tool, ‘wlan0’ is your wireless interface, ‘mon0’ is monitor mode and ‘start’ will start the monitor mode on the particular interface.

After entering this command, there pops up a list of process id’s that cause trouble during the process, so kill those processes by typing “kill <pid>”  In my case, “kill 3130 3227 4210 4236”. Now, type ifconfig and this will show the newly set monitoring interface i.e, mon0.

Next, type “airodump-ng mon0” (airodump-ng is a WiFi packets capturing tool) and this will start capturing all packets. From the captured packets, select your target and note its ‘bssid’ (bssid = base service set identifier) and channel. Stop the capture using “cntrl+c”.

Now, to start capturing the packets of your target network, type the following command “airodump-ng -c <channel> -w <name> -bssid <bssid> mon0” (-c = channel of your target, -w = writes the captutred data to a file, name = name assosiated to the file, -bssid = base service set id of your target, mon0 = interface on which capturing takes place).

In my case, “airodump-ng -c 11 -w wifi –bssid 10:FE:ED:2E:29:34 mon0”, which will start the capturing of packets.

While the capturing of packets goes on, open a new terminal as root and type “aireplay-ng -0 0 -a <bssid> mon0” (aireplay-ng = tool for deauthentication, fake authentication and other packet injections, -0 = number associated for deauthentication, 0 = deauth count, -a = bssid).

Here, we’re trying to send a deauthentication request. In my case, the command looks like “aireplay-ng -0 0 -a 10:FE:ED:2E:29:34 mon0”. After a few seconds, stop it using cntrl+c.

You can also do the fake authentication request by typing “aireplay-ng -1 0 -a 10:FE:ED:2E:29:34 -h 20:EF:FD:3F:36:45 wlan0” (-1 = fake authentication request number, 0 = count, -h = host bssid. The host bssid doesn’t really matter – some fake id would do the work).

If you look at the other terminal, we have successful captured the WPA handshake.

You can now stop the capturing using cntrl+c and type “ls”. This will bring up all the current directories and files. Select a file with “.cap”extension and type the following command “aircrack-ng -w <full location of the word list> <name of the file>” (aircrack-ng is a tool that helps in cracking the password). I

n my case, the command looks like “aircrack-ng -w /home/upendra/passwords.lst wifi-01.cap”  Now, it starts finding suitable passphrase.

Wait…wait and wait…(Password strength and cracking time are directly proportional.) Patience pays off …

In the end,

Key found.

 

“Yeah, everything works great but my neighbor uses his mobile number as a pass key and sometimes some random combination of specific words. How can I create a custom dictionary or word list of my own so that i could crack his password???”

Coming up, stay tuned …

Point to remember:  “With great power comes great responsibility.”

– Thank you –

Share with Friends
FacebookTwitterLinkedInEmail
Use Cybytes and
Tip the Author!
Join
Share with Friends
FacebookTwitterLinkedInEmail
Ready to share your knowledge and expertise?
54 Comments
  1. Oh… I forgot Kali Linux 2.0 version uses different commands to start monitor mode. New command ends with interface first. Something like wlan0mon or something like that.

  2. This is a dictionary attack. What if a password is not in a dictionary? What and how to use then? Hydra; Brute-force or new brute-force Mask attack and how to use them?
    Thank you

  3. How can I specify a channel when I execute the command:

    aireplay-ng -0 0 -a 10:FE:ED:2E:29:34 mon0

    ?

    Because otherwise most of the time I get the error: wlan0mon is on channel 11, but the AP uses channel 6

  4. would u explain how it can crack the handshake is it by trying the words in the pass list one by one or it trys it letter by letter

  5. Cracking WPS is better than creating a worldists and cracking it !!.

Page 5 of 6« First...«23456»
Comment on This

You must be logged in to post a comment.

Our Revolution

We believe Cyber Security training should be free, for everyone, FOREVER. Everyone, everywhere, deserves the OPPORTUNITY to learn, begin and grow a career in this fascinating field. Therefore, Cybrary is a free community where people, companies and training come together to give everyone the ability to collaborate in an open source way that is revolutionizing the cyber security educational experience.

Support Cybrary

Donate Here to Get This Month's Donor Badge

 

We recommend always using caution when following any link

Are you sure you want to continue?

Continue
Cancel