Aircrack-ng

User Tools

Site Tools

Trace:
cracking_wpa

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
Next revisionBoth sides next revision
cracking_wpa [2010/01/03 18:23] – Generalize monitor mode setup instructions for non-madwifi drivers. netrolller3dcracking_wpa [2010/03/07 16:08] – One card is enough to crack wpa mister_x
Line 1: Line 1:
 ====== Tutorial: How to Crack WPA/WPA2 ====== ====== Tutorial: How to Crack WPA/WPA2 ======
-Version: 1.18 September 252009\\+Version: 1.19 February 122010\\
 By: darkAudax By: darkAudax
  
Line 37: Line 37:
  
 ===== Equipment used ===== ===== Equipment used =====
- 
-To follow this tutorial at home, you must have two wireless cards. 
  
 In this tutorial, here is what was used: In this tutorial, here is what was used:
Line 257: Line 255:
 To see if you captured any handshake packets, there are two ways.  Watch the airodump-ng screen for " WPA handshake: 00:14:6C:7E:40:80" in the top right-hand corner.  This means a four-way handshake was successfully captured.  See just above for an example screenshot. To see if you captured any handshake packets, there are two ways.  Watch the airodump-ng screen for " WPA handshake: 00:14:6C:7E:40:80" in the top right-hand corner.  This means a four-way handshake was successfully captured.  See just above for an example screenshot.
  
-use Wireshark and apply a filter of "eapol" This displays only eapol packets you are interested in.  Thus you can see if capture contains 0,1,2,3 or 4 eapol packets.+Use Wireshark and apply a filter of "eapol" This displays only eapol packets you are interested in.  Thus you can see if capture contains 0,1,2,3 or 4 eapol packets.
  
  
 ==== Step 3 - Use aireplay-ng to deauthenticate the wireless client ==== ==== Step 3 - Use aireplay-ng to deauthenticate the wireless client ====
  
-This step is optional.  You only perform this step if you opted to actively speed up the process.  The other constraint is that there must be a wireless client currently associated with the AP.  If there is no wireless client currently associated with the AP, then move onto the next step and be patient.  Needless to say, if a wireless client shows up later, you can backtrack and perform this step.+This step is optional.  If you are patient, you can wait until airodump-ng captures a handshake when one or more clients connect to the AP.  You only perform this step if you opted to actively speed up the process.  The other constraint is that there must be a wireless client currently associated with the AP.  If there is no wireless client currently associated with the AP, then you have to be patient and wait for one to connect to the AP so that a handshake can be captured.  Needless to say, if a wireless client shows up later and airodump-ng did not capture the handshake, you can backtrack and perform this step.
  
 This step sends a message to the wireless client saying that that it is no longer associated with the AP.  The wireless client will then hopefully reauthenticate with the AP.  The reauthentication is what generates the 4-way authentication handshake we are interested in collecting.  This is what we use to break the WPA/WPA2 pre-shared key. This step sends a message to the wireless client saying that that it is no longer associated with the AP.  The wireless client will then hopefully reauthenticate with the AP.  The reauthentication is what generates the 4-way authentication handshake we are interested in collecting.  This is what we use to break the WPA/WPA2 pre-shared key.
cracking_wpa.txt · Last modified: 2022/01/02 21:34 by mister_x