Credit Goes to Tools Needed: 1) 2) Aircrack- Ng (Included in Backtrack 5). Instructions: 1) Make sure all your wireless connection is turned off 2) Load up a terminal and type: airmon-ng 3) Next type: “airmon-ng start wlan0″. 4) Next type “airodump-ng mon0″ and the screen shown below will appear. 5) Open a notepad or text editor, type down the BSSID, CHANNEL & STATION of the WPA WPA2 that you have chosen to crack.

Step 2: Change your Wireless Network name and password. Next, click on the Setup tab. Then click on Wireless Setup in the sidebar. The first thing we want to do is to change the SSID a.k.a. Wireless Network Name. Click on the Multiple Wireless Network Name Setup button (at the bottom of the screen).

We will need them again for a later stage. 6) Now type in the airodump-ng command show below. “airodump-ng –w james-comp –bssid (BSSID) –c (CHANNEL) mon0″ a) Replace BSSID and CHANNEL with what we just saved above and press the enter key. 7) In the event you could not get a handshake, the following method is used to de-authenticate a client from an accesspoint, forcing them to re-authenticate leading to a successful WPA handshake. Type: ” aireplay-ng –deauth 1 –a (STATION) –c (BSSID) mon0″.

Replace “STATION & BSSID with the information we saved earlier in our text editor. And the screen below will appear. 8) Open another terminal and type the command shown below: “aircrack-ng james-comp-01.cap –w wordlist.ls” How to Use Word list: 1)Download and copy/save word list to your desktop. 2)Drag word list from desktop onto shell terminal. And finally press the enter button, aircrack will begin its cracking phase as shown below: Note: If the password is in the wordlist you will be shown the screen below! We have successfully cracked a WPA network Key! Otherwise.we need to get us a better wordlist.

Credit Goes to Tools Used - Backtrack 5 R2, KDE 32Bit - Aircrack-ng Utilities - Pyrit Introduction Pyrit allows to create massive databases, pre-computing part of the IEEE 802.11 WPA/WPA2-PSK authentication phase in a space-time-tradeoff. Pyrit can use your Graphic card to increase your cracking speed. Exploiting the computational power of Many-Core- and other platforms through ATI-Stream, Nvidia CUDA and OpenCL, it is currently by far the most powerful attack against one of the world’s most used security-protocols.

Attacking WPA/WPA2 by brute-force boils down to to computing Pairwise Master Keys as fast as possible. Every Pairwise Master Key is ‘worth’ exactly one megabyte of data getting pushed through PBKDF2-HMAC-SHA1. In turn, computing 10.000 PMKs per second is equivalent to hashing 9,8 gigabyte of data with SHA1 in one second. - Objective • Capture Packets • Analyze Packets • Database Preparation • Batch Processing • Cracking with db_attack Lets Begin: Capturing Packets with Airodump 1) For this stage, if you do not have any understanding on using airodump-ng to capture packets then i would suggest proceeding to the tutorial. Follow through step 1 to step 8 and upon receiving a successful 4 way, join us back here.

2) I have already captured my packets and named them melissa-packages-01.cap for this tutorial. Analyzing Packets with Pyrit 3) Now assuming that you have already successfully received your 4 way handshake, lets proceed to use pyrit to analyze the packets before attempting to crack it. To do this open a terminal and type: pyrit -r analyze.

A) Pyrit has successfully analyzed the captured file and found one Access Point with BSSID bc:f6:85:12:be:e8 and ESSID ‘melissageoffery2001@unifi’ and two Stations communicating with that AccessPoint. B) The four way-handshake between the Station with MAC 60:33:4B:cf:f6:3c and the Access Point has also been recorded in the capture file. Pyrit Database Preparation Pyrit can store ESSIDs, passwords/passphrases and their corresponding Pairwise Master Keys in a database. This is a very useful function as it is doing the major task of pre-computing tables of Pairwise Master Keys and ESSIDs. This will vastly reduce the time needed to guess the password.

4) Firstly to upload all our password list to pyrit database, type: pyrit -i import_passwords. Elektrisch schema huisinstallatie symbolen eendraadschema. As you can see from the image below, i uploaded two of my word list into the database.

Make sure you have a strong password list with as many entries as possible. The strength of the dictionary still plays a major role in successfully cracking the password. 5) To create and ESSID of your target in the database, lets type: pyrit -e create_essid. 6) To remove an ESSID type: pyrit -e delete_essid 7) To check our database, type: pyrit eval. The klub 17 mods garden.

And as you can see from the image below, i have 1261293 passwords and the ESSID “melissageoffery2001@unifi’. Pyrit Batch Processing Now that we have the ESSID and passwords uploaded into our database, lets batch process them. This means that pyrit will take our ESSID ‘”melissageoffery2001@unifi’ and combine it with each passphrase in the word list. It will then store the computed corresponding Pairwise Master Keys, which we will use later to assist us in cracking the password.