Hacking WiFi Passwords Using Backtrack 5 :
Using Backtrack 5 (preferably r3) you can hack someone else WiFi passwords easily,and use Internet for free.We will use 2 Kinds of software's today,For WEP passwords : AIRODUMP and for WPA passwords : REAVER. Sure you can use Reaver for WEP passwords but it will took some time to successfully get the password.
What will You need ?
#1 -A compatible wireless adapter : A wireless adapter that's capable of packet injection, and there are some chances that the one in your computer is not.Check Before Hack.
#2 -BackTrack 5 - Installed or Live DVD,Both will work.
#3 -A WiFi HotSpot nearby,so that you can get at-least 20% signal,That is the minimal requirement for launching WiFi hacking apps,
#4 -Brains And Patience.
Hacking WiFi with WEP Passwords :
The WEP passwords are an older and less often used network security protocol. If the network you want to crack is using the more popular WPA encryption,See The Hacking WiFi with WPA Passwords,So now lets get it started :
Step 1 -
Open Konsole,The backtrack terminal.Step 2 -
Run the following commands to get a list of your network interfaces:
airmon-ng
Step 3 -
The one I've got there is labeled "ra0". Yours MAYBE DIFFERENT; take note of the label and write it down. From here on in, SUBSTITUTE it in everywhere a command includes (interface).Step 4 -
Run the following four commands :
airmon-ng stop (interface)
ifconfig (interface) down
macchanger --mac 00:11:22:33:44:55 (interface)
airmon-ng start (interface)
(interface) is the network adapter name.
Step 5 -
The result you get after running the above commands should look somewhat like this pic ->
If they don't,You might not be able to proceed (most commonly because you adapter doesn't support this hack).You can buy a new adapter (they are pretty cheap) ranging from Rs-500 (15 $) to Rs 2000(50 $).
If they don't,You might not be able to proceed (most commonly because you adapter doesn't support this hack).You can buy a new adapter (they are pretty cheap) ranging from Rs-500 (15 $) to Rs 2000(50 $).
Step 6 -
Now the ethical hacking starts,choose your network by running this command :
airodump-ng (interface)
Step 7 -
The above command will display a list of available wireless spots near you,choose the spot you like,and take note of two things: its BSSID and its channel (in the column labeled CH).NOTE : this attack will only work if the network has WEP encryption,for that,see the WEP encryption (in the ENC) column, not WPA or anything else.
Step 8 -
Now we will TRY to capture what is transmitting on that network and store it in a file,Use these commands for that :
airodump-ng -c (channel) -w (file name) --bssid (bssid) (interface)
change the required fields.
Step 9 -
Now let the technology do its work,minimize the konsole,then open a new konsole window.Issue these commands in NEW konsole :
aireplay-ng -1 0 -a (bssid) -h 00:11:22:33:44:55 -e (essid) (interface)
Here the ESSID is the access point's name, which in my case is HornyBitch. What you want to get after this command is the reassuring "Association successful" message with that smiley face.
Step 10 -
You are now 70% Done,Now issue the commands :
aireplay-ng -3 -b (bssid) -h 00:11:22:33:44:55 (interface)
These commands will make the router traffic to capture more throughput faster to speed up our crack. After a few minutes, that front window will start going crazy with read/write packets.
Step 11 -
Now we will use the patience part,Basically we want to wait until enough data has been collected to run your crack. Watch the number in the "#Data" column—we want it to go above 10,000.
Step 12 -
Once you've collected enough data, it's the moment of truth. Launch a third Konsole window and run the following to crack that data you've collected:
aircrack-ng -b (bssid) (file name-01.cap)
NOTE : THE (filename -01) is the name of MY file,change it and put the name of YOUR FILE.
Step 13 -
.png)
If you didn't get enough data, aircrack will fail and tell you to try again with more. If it succeeds, it will look like this ->
The WEP key appears next to "KEY FOUND." Drop the colons and enter it to log onto the network.
Now For The Guys who want a video version :
Hacking Wifi With WPA Passwords :
Step 1 : Install Reaver :
First connect to a wifi you have access to,then issue these commands in the terminal :
apt-get update apt-get install reaver
Step 2 : Gather Your Device Information -
iwconfig
Step 3 - Put your wireless card into monitor mode -
Assuming your wireless card's interface name is wlan0, execute the following command to put your wireless card into monitor mode:
airmon-ng start wlan0
This command will output the name of monitor mode interface, which you'll also want to make note of. Most likely, it'll be mon0, like in the screenshot below. Make note of that ->
Step 4 -Find the BSSID of the router you want to crack:
Now you need to get the BSSID of the router you're attempting to crack,so that you can point Reaver in the right direction. To do this, execute the following command:
airodump-ng wlan0
Step 5 - Select The Network To Hack -
Now it will display a list of wireless networks available near you,select the one you are interested in.Note that network's BSSID .
Step 6 -Let The Cracking Begin -
Now execute the following command in the Terminal, replacing bssid and moninterface with the BSSID and monitor interface and you noted before:
reaver -i moninterface -b bssid -vv
For example, if your monitor interface was mon1 like mine, and your BSSID was 8D:AE:9G:28:8F:E2 your command would look like: reaver -i mon0 -b 8D:AE:9D:65:1F:B2 -vv
Step 7 - Use The Patience Part -
Press enter and set the hell don,now the reaver will work to brute force the crap outta their network,For me it usually tooks about 3-4 hours,but it may vary for you.
Step 8 - The Result
When The reaver has finished,try to find the line saying "key cracked in ---- seconds" and below that you have WPA PSK,which is your password,Now use that to log in to that network,and happy browsing :).
BUMMER : Reaver does NOT work on DD-WRT firmwares,so you better ask their password if you need to use their WiFi.
