Professional Documents
Culture Documents
org/downloads/
http://www.backtrack-linux.org/wiki/index.php/Downloading
by Vishnu
Valentino in Hacking
Tutorial | 68
Comments
After the long holiday, first I want to say Merry Christmas and Happy new year 2014 to you. Today we will learn about
5 Steps Wifi Hacking Cracking WPA2 Password. A lot of readers send many request regarding how to
crackwireless WPA2 password in our request tutorial page.
According to Wikipedia :
Wi-Fi Protected Access (WPA) and Wi-Fi Protected Access II (WPA2) are two security protocols and security
certification programs developed by the Wi-Fi Alliance to secure wireless computer networks. The Alliance defined
these in response to serious weaknesses researchers had found in the previous system, WEP (Wired Equivalent
Privacy)
A flaw in a feature added to Wi-Fi, called Wi-Fi Protected Setup (WPS), allows WPA and WPA2 security to be
bypassed and effectively broken in many situations. Many access point they have a Wifi Protected Setup enabled by
default (even after we hard reset the access point).
Requirements:
1. Wireless card (support promiscuous mode)
In this tutorial I use ALFA AWUS036H from Amazon.
this command will lists our wireless card that attached with our system.
2. The next step we need to stop our wireless monitor mode by running airmon-ng stop wlan0
3. Now we ready to capture the wireless traffic around us. By running airodump-ng wlan0 our wireless interface will
start capturing the data.
From the picture above, we can see many available access point with all the information. In the green box is our victim
access point which is my own access point
Information:
BSSID (Basic Service Set Identification): the MAC address of access point
PWR: Signal level reported by the card.
Beacons: Number of announcements packets sent by the AP
#Data: Number of captured data packets (if WEP, unique IV count), including data broadcast packets.
#/s: Number of data packets per second measure over the last 10 seconds.
if the WPS Locked status is No, then we ready to crack and move to step 5.
5. The last step is cracking the WPA2 password using reaver.
reaver -i <your_interface> -b <wi-fi victim MAC address> fail-wait=360
Because we already get the information from step 3 above, so my command look like this:
reaver -i wlan0 -b E0:05:C5:5A:26:94 fail-wait=360
it took about 5 hours to crack 19 characters WPA2 password (vishnuvalentino.com) from my Kali virtualBox, but it
depend with our hardware and wireless card.
Conclusions:
1. WPA and WPA2 security implemented without using the Wi-Fi Protected Setup (WPS) feature are unaffected by the
security vulnerability.
2. To prevent this attack, just turn off our WPS/QSS feature on our access point. See picture below (I only have the
Chinese version
)
Notes: Only practice this tutorial on your own lab and your own device. Hacking can be a crime if you don't know
where to put it.