Wi-Fi Cracking using Linux Backtrack/ Debian (Kali Linux)
In several wireless Connections, the data is sent on internet via encrypted packets.
These Packets are secured with network keys,
We have basically 2 types of keys,
1: Wireless Encryption Protocol (WEP)
2: Wi-Fi Protected Access (WPA)
Wireless Encryption Protocol (WEP)
In is the most basic form of encryption. This has become an unsafe option as it is vulnerable and can be created with relative case. Although this case, many people still use this encryption.
Wi-Fi Protected Access (WPA)
This is the most Secure Wireless Encryption. Cracking of this Network requires,
Use of a wordlist with common passwords. This is sort of Brute Force Attack
This encryption is virtually untraceable if this network is secured with a strong password.
So let us begin the actual Wi-Fi Hack.
1: System having Wireless Adopter (Wireless LAN Card)
2: Backtrack Live DVD, this DVD is used to boot into Backtrack OS
Backtrack OS is a hacking Operating System.
3: Brain (The most important part)
4: Now, Insert the Backtrack Live DVD into your system and boot your system with it.
5: After booting, it will start executing some commands, wait till any interface will appear like,
6: After Loading, you will see:
root @ bt:~#
7: So, type “startx” and hit Enter. Wait after that, you will get an Interface.
8: Now, open the “Konsole” from the taskbar, as in the below image,
Now you will have a Command Prompt (Shell)
9: Type “airmon-ng” and hit Enter.
After that you will have a Screen like this,
Note down the name of “Interface”.
10: Now, type “ipconfig wlan0 down”, as ‘wlan0’ is our Interface name, replace according to your.
(This Command will disable your Wireless Card)
We are doing this in order to replace your MAC (Medium Access Control) Address.
11: Now, type “ifconfig wlan0 hw ether 00:11:22:33:44:55” and hit enter. This Command will change your MAC Address to “00:11:22:33:44:55”, In order to change your System Identity.
12: Now, type “airmon-ng start wlan0” and hit enter. This Command will start the network adapter in monitor mode.
13: Now, note down the new Interface Name, It could be eth0, mon0 or etc.
14: After noting the new Interface name, as mon0.
15: Type “airmon-ng mon0” and hit Enter. as mon0 is your new Interface Name. This Command will show you all the available Wireless Network in your range.
16: Press “Ctrl+C” to stop the “Airmon” for searching more networks.
Copy BSSID and Channel of it.
17: Now type, “airodump-ng-c channelno – bssid BSSIDN1 mon0 –w filename” and hit enter, replace ‘channel no #’ and ‘BSSIDN1’ with yours, replace ‘mon0’ with your Network Interface Card Name, in ‘filename’ write any name and remember that (Better use ‘filename’ itself).
18: This Command will begin capturing the packets from the network, you need more and more packets in order to crack a Wi-Fi password.
Packet Capturing is a very slow process.
To make packets capturing fast we will use another command.
Open another Shell Prompt and do not close the previous one. In new prompt type, “aireplay-ng -1 0 –a BSSIDN1 –h 00:11:22:33:44:55 mon0”, now replace ’BSSIDN1’ with the data you captured above, replace ‘mon0’ with your Network Interface Card Name.
(This Command will Boost up packets Capturing Speed)
‘-1’ tells to program about the specific attack we wish to use which in this case is fake authentication with the access point.
‘0’ cites the delay between attack and ‘-a’ is the MAC Address of target Access Point.
‘-h’ is your Wireless Adopter MAC Address.
19: Now wait for few minutes, let the data in the order ‘Konsloe’ reaches to 5000.
20: After it reach to 5000, open another ‘Konsole’ and type,
Replace the ‘filename’ with the file name you used above, add ‘-01.cap’ to it as “.cap” is the extension of file having captured data packets.
21: After this Command, Aircrack will start trying to crack Wi-Fi Password.
If the encryption Password use Wireless Encryption Protocol (WEP), it will suerly be cracked in few minutes.
But if the network use Wi-Fi Protected Access (WPA), then following command will be used instead of above.
“aircrack-ng –w/pentest/wireless/aircrack-ng/test/password.lst –b BSSIDN1 filename-01.cap”
Now ‘password.lst’ is a file which contain a list of common word use as password, this type of network is only cracked if the same password is existed in “password.lst” file….
So, use this trick, and have a lots of fun…