1) A Desktop or Laptop having a Wireless
Adapter
2) Backtrack Live DVD : This DVD is used to
boot into backtrack OS, Backtrack OS is a
hacking OS and will be used in my further
hacking tutorials that is why I am asking to
download it. It can be downloaded at :
Download Backtrack to hack wifi Passwords
3) Brain! ( The most important part) These
are the things you require now let us proceed
with the steps to crack wifi passwords easily.
1) Download the Backtrack OS ISO image and
burn it to a DVD. Boot from that DVD ( Insert
that DVD into CD-ROM and restart your PC.)
You will see backtrack starting. Choose
“Backtrack Default text version”. After that
it will start executing some commands. Wait
till you see something different
You will see root@bt:’# , Type startx and
hit enter. The color of the screen will be
different is of the earlier version of
backtrack. You will get a red- black screen
of backtrack. Wait for few minutes, after it
is done, you will get a desktop like version of
backtrack.
Now Open the Konsole from the taskbar,
Click on the icon against the dragon like icon
in the taskbar .
You will have a Command Prompt like Shell.
2) Type airmon-ng and hit Enter. You will
have a screen like this, note down the name
of interface, in our case the the name is
wlan0.
3) Now type ifconfig wlan0 down and hit
enter. This command will disable your wireless
adapter, we are doing this in order to change
your MAC address.
3) Now type ifconfig wlan0 hw ether
00:11:22:33:44:55 and hit enter. This
command will change your MAC address to
00:11:22:33:44:55 in order to hide your
identity.
4) Now type airmon-ng start wlan0 and hit
enter. This will start the network adapter in
monitor mode. Note down the new interface
name, it could be eth0 or mon0 or something
like that.
The above command has started our network
adapter in monitor mode as mon0, note down
this name.
5) After this type airmon-ng mon0 and hit
enter
Replace the mon0 with interface name you
discovered in step 4. This command will show
you the list of available networks. Press Ctrl
+C to stop the airmon to search for more
networds. Copy the BSSID of the wireless
network which you want to hack.
In the above screenshot there is a list of
available networks, Choose 1 network and
note the BSSID andchannel of it.
6) Type airodump-ng -c channelno – bssid
BSSIDN1 mon0 -w filename and hit enter.
Replace channelno and BSSIDN1 with the
data from step 5. Replace the mon0 with
network interface name from step 4. In place
of filename write anyname and do remember
that. Better use filename itself.
This command will begin capturing the
packets from the network. You need to
capture more and more packets in order to
crack the wifi password. This packet
capturing is a slow process.
7) To make the packet capturing faster, we
will use another command. Open a new shell,
don’t close the previous shell.
In new shell type aireplay-ng -1 0 -a
BSSIDN1 -h 00:11:22:33:44:55 mon0 and hit
enter.
Replace the BSSIDN1 with the data from
step 5 and mon0 from step 4. This command
will boost the data capturing process.
The -1 tells the program the specific attack
we wish to use which in this case is fake
authentication with the access point. The 0
cites the delay between attacks, -a is the
MAC address of the target access point, -h is
your wireless adapters MAC address and the
command ends with the your wireless adapters
device name.
8) Now wait for few mins, let the DATA in
the other console reach a count of 5000.
The data is 1, wait for that to reach 5000.
9) After it reaches 5000, open another
console and type aircrack-ng filename-01.cap
and hit enter.
Replace the filename with the name you
used in step 6. Add -01.cap to it. .cap is the
extension of file having captured data
packets.
After typing this command, aircrack will
start trying to crack the Wi-FI password.
If the encryption used is WEP, it will surely
crack the password within few minutes.
In case of WPA use the following command
instead of the above aircrack- ng -w /
pentest/wireless/aircrack- ng/ test/
password.lst -b BSSIDN1 filename-01.cap
Replace BSSIDN1 and filename with data you
used. /pentest/wireless/ aircrack-ng/ test/
password.lst is the address of a file having
wordlist of popular passwords. In case of WPA
aircrack will try to brute force the password.
As I explained above that to crack WPA you
need a file having passwords to crack the
encryption If you are lucky enough and the
network owner is not smart enough, you will
get the password.