Tutorial Cracking WPA / WPA2

How to Crack WPA/WPA2



About this TuT
Being COMPLETELY anonymous on the web is definitely necessary. To ensure extra security, we are going to crack a Wireless Network. WPE is definitely easier than this, but why show what's easy when I can show what's hard?

Getting Started - Preparing BackTrack
First, obtain a copy of backtrack 5, downloadable HERE. Burn the bitch to a DVD.

Next, boot the CD. If you don't know how to boot from a live CD, check google. Pick the default text mode and boot in. Add the command prompt, typing in the following will bring up the GUI...
Code:
startx
Next, we're going to install Reaver.

Go to Applications -> Internet -> Wicd Network Manager. Select YOUR network and connect. We need to do this in order to install some things. Reaver will stay installed until your next reboot.

Click the terminal icon on your menu bar and type in:
Code:
apt-get update

After that's done, type in:

Code:
apt-get install reaver

Preparing to Crack
Cool, you can now disconnect from your network if you please. Time to prepare to crack by gathering information.

In terminal, type in:
Code:
iwconfig

Find your adapter. It'll likely be named wlan0, but it's possible to be named something else.

Next, we need to put our wireless card into monitor mode. To do this, type in (if your adapter's name isn't wlan0, replace that with the name that matches your wireless adapter):

Code:
airmon-ng start wlan0

Take note of the name of the monitor mode interface, it's likely mon0.

Next, we need the BSSID of the router we want to crack. The BSSID is the identification number for the router. To do this, type in (again, assuming you're wlan0):

Code:
airodump-ng wlan0

If it doesn't work, try:
Code:
airodump-ng mon0

Let's Start Bruteforcing!
In the ENC column, we'll see WPA, WPA2, and WPE. Pick either WPA or WPA2. Copy the BSSID on the far left of the screen. Choose an access point with a pretty strong signal (it's relatively close to you)

Next, type in terminal, replacing BSSID and MONINT to match what you have. (Monint is your monitor interface name, mine was mon0.):
Code:
reaver -i MONINT -b BSSID -vv

Let it then bruteforce the password. To pause the progress (why would you, though?), press Control + C.

Enjoy!