How to Hack Wi-Fi: Cracking WPA2-PSK Passwords Using Aircrack-Ng (miraclestarboy.com)
Get link
Facebook
X
Pinterest
Email
Other Apps
When Wi-Fi was first developed in the late 1990s, Wired
Equivalent Privacy was created to give wireless communications
confidentiality. WEP, as it became known, proved terribly flawed and
easily cracked. You can read more about that in my beginner's guide to hacking Wi-Fi.
As
a replacement, most wireless access points now use Wi-Fi Protected
Access II with a pre-shared key for wireless security, known as
WPA2-PSK. WPA2 uses a stronger encryption algorithm, AES, that's very
difficult to crack—but not impossible. My beginner's Wi-Fi hacking guide also gives more information on this.
The
weakness in the WPA2-PSK system is that the encrypted password is
shared in what is known as the 4-way handshake. When a client
authenticates to the access point (AP), the client and the AP go through
a 4-step process to authenticate the user to the AP. If we can grab the
password at that time, we can then attempt to crack it.
Step 1: Put Wi-Fi Adapter in Monitor Mode with Airmon-Ng
Let's
start by putting our wireless adapter in monitor mode. For info on what
kind of wireless adapter you should have, check out this guide.
This is similar to putting a wired adapter into promiscuous mode. It
allows us to see all of the wireless traffic that passes by us in the
air. Let's open a terminal and type:
airmon-ng start wlan0
Note that airmon-ng has renamed your wlan0 adapter to mon0.
Step 2: Capture Traffic with Airodump-Ng
Now
that our wireless adapter is in monitor mode, we have the capability to
see all the wireless traffic that passes by in the air. We can grab that
traffic by simply using the airodump-ng command.
This
command grabs all the traffic that your wireless adapter can see and
displays critical information about it, including the BSSID (the MAC
address of the AP), power, number of beacon frames, number of data
frames, channel, speed, encryption (if any), and finally, the ESSID
(what most of us refer to as the SSID). Let's do this by typing:
airodump-ng mon0
Note
all of the visible APs are listed in the upper part of the screen and
the clients are listed in the lower part of the screen.
Step 3: Focus Airodump-Ng on One AP on One Channel
Our
next step is to focus our efforts on one AP, on one channel, and
capture critical data from it. We need the BSSID and channel to do this.
Let's open another terminal and type:
As
you can see in the screenshot above, we're now focusing on capturing
data from one AP with a ESSID of Belkin276 on channel 6. The Belkin276
is probably a default SSID, which are prime targets for wireless hacking
as the users that leave the default ESSID usually don't spend much
effort securing their AP.
Step 4: Aireplay-Ng Deauth
In order to capture
the encrypted password, we need to have the client authenticate against
the AP. If they're already authenticated, we can de-authenticate them
(kick them off) and their system will automatically re-authenticate,
whereby we can grab their encrypted password in the process. Let's open
another terminal and type:
aireplay-ng --deauth 100 -a 08:86:30:74:22:76 mon0
100 is the number of de-authenticate frames you want to send
08:86:30:74:22:76 is the BSSID of the AP
mon0 is the monitoring wireless adapter
Step 5: Capture the Handshake
In the previous
step, we bounced the user off their own AP, and now when they
re-authenticate, airodump-ng will attempt to grab their password in the
new 4-way handshake. Let's go back to our airodump-ng terminal and check
to see whether or not we've been successful.
Notice
in the top line to the far right, airodump-ng says "WPA handshake."
This is the way it tells us we were successful in grabbing the encrypted
password! That is the first step to success!
Step 6: Let's Aircrack-Ng That Password!
Now that we have the encrypted password in our file WPAcrack,
we can run that file against aircrack-ng using a password file of our
choice. Remember that this type of attack is only as good as your
password file. I'll be using the default password list included with
aircrack-ng on BackTrack named darkcOde.
We'll now attempt to crack the password by opening another terminal and typing:
WPAcrack-01.cap is the name of the file we wrote to in the airodump-ng command
/pentest/passwords/wordlist/darkc0de is the absolute path to your password file
How Long Will It Take?
This process
can be relatively slow and tedious. Depending upon the length of your
password list, you could be waiting a few minutes to a few days. On my
dual core 2.8 gig Intel processor, it's capable of testing a little over
500 passwords per second. That works out to about 1.8 million passwords
per hour. Your results will vary.
When the password is found,
it'll appear on your screen. Remember, the password file is critical.
Try the default password file first and if it's not successful, advance
to a larger, more complete password file such as one of these.
Keep
coming back, as I promise more advanced methods of hacking wireless in
future tutorials. If you haven't seen the other Wi-Fi hacking guides
yet, check them out here. Particularly the one on hacking WEP using aircrack-ng and hacking WPA2-PSK passwords using coWPAtty.
And
as always, if you have questions on any of this, please ask away in the
comments below. If it's something unrelated, try asking in the Null Byte forum.
I know how hard people find it to access a few menus in android well as a professional phone guru I am here to help you Complete Android Secrete codes 1 . Phone Information, Usage and Battery – * #* # 4636#* # * 2 . IMEI Number – * # 06# 3 . Enter Service Menu On Newer Phones – * #0 *# 4 . Detailed Camera Information – * #* # 34971539# *# * 5 . Backup All Media Files – * #* # 273282* 255* 663282* #* # * 6 . Wireless LAN Test – * #* # 232339# *# * 7 . Enable Test Mode for Service – * #* # 197328640 #* #* 8 . Back -light Test – * #* #0842 #* #* 9 . Test the Touchscreen – * #* # 2664#* # * 10. Vibration Test – * #* # 0842#* # * 11. FTA Software Version – * #* # 1111#* # * 12. Complete Software and Hardware Info – * #12580 * 369# 13. Diagnostic Configuration – * #9090 # 14. USB Logging Control – *# 872564# 15. System Dump Mode – * #9900 # 16. HSDPA/ HSUPA Control Menu ...
DCS OS 9 is a symbian s60 v2 application which is built using sis boom and which let you install s60v3 applications on your symbian s60v2 mobile phones. REQUIMENTS 1. A S60v2 Base Mobile e.g N70 2. Download DCS OS 9 3. Memory Card. (This application will install if there is memory card presence in your mobile otherwise it will not install) STEPS 1. Open the attached DCS OS 9 & Install It In Your s60v2 Mobile 2. Run DCS OS 9. 3. Install any sisx (s60v3) applications Thats All.. Enjoy it.
Google has been working on its voice recognition technology ever since the days when you had to call a phone number with a Silicon Valley area code to dictate your query. As you can imagine, things have come a long way in the decade or so that has passed, to the point where we talk to our phones as if they were a person nowaday Google Voice Search—colloquially referred to as "Google Now"—can already be used to toggle system settings on Android, but a brand new beta app from the Mountain View search giant has taken this concept to the next level. Starting today, users can simply install this app, then control every aspect of their devices without even touching the screen. Google's New 'Voice Access' App Explained Google's new app is called "Voice Access," and while it's only just entering its beta testing phases right now, it already works amazingly well. The gist of things is rather simple—with Voice Access enabled, you'll see small nu...
Comments