[Video] How to: Crack WPA/WPA2 (aircrack-ng + airolib-ng)

[Checkers]

Problably you are typing the wrong path to your dictionary (do you even have one?).

This is copied from the FAQ.

I'm new to linux, is BackTrack a good place to start ?
Sorry, the simple answer to that is no.

BackTrack is a highly specialized distro, where a lot of normal tasks are not done automatically for you as they are in a mainstream distro.

Our best advice if you wish to start off using linux with BackTrack as your first linux operating system, is don't.

Start off by downloading a copy of Kubuntu (as it is a similar base operating system to BackTrack) boot into that and force yourself to do everything you are used to doing on a daily basis using that, preferably spending most of your time using the command line tools. When and only when you can perform all of those daily tasks without having to look-up the commands should you move to BackTrack.

Please don't take this as us saying you shouldn't use BackTrack, take it as friendly advice that you are letting yourself in for a whole world of pain and frustration if you are not fully comfortable performing administration of your own linux machine before you start with Backtrack.

Do I have a dictionary? Yes I have plenty. Have I gotten the smaller files to work? Yes, I have. I know where my files are they are just too large for my computer to open. And thanks for your "useful" post, but I've already read the FAQ.

[g0tmi1k]

Hello g0tmi1k, nice tut, but i got stuck as you can tell from my code below, any help/tip would be appreciated.
...[*]airolib-ng crackwpa --import passwd
...

Code:

root@bt:~# airolib-ng crackwpa --import passwd /root/tools/dictionaries/TARGETNAME.lst

I think you don't have a wordlist at: /root/tools/dictionaries/g0tmi1k.lst OR /root/tools/dictionaries/TARGETNAME.lst
Hence the reason why it can't open/find the file!
I created a very small wordlist for my videos, because I didn't want to wait ages!
If you don't have your own, BackTrack comes with a few wordlists: /pentest/passwords/wordlists/

Hello g0tmilk, I'm having a small problem. When I run airodump-ng mon0 I get the following:
***IMAGE***
Any idea what's going on? When I'm not running Backtrack 4 R2 I only pick up Lompo, Other Network (my wireless), and my neighbors. Also, my card supports injection. I'm not sure which one to choose since my network isn't even listed.

Note: Lompo is a WiFi where you need to open up your web browser to log in.

So your WiFi network is not being detected?
How far close/away are you?
What happens if you filter airodump-ng to use just your BSSID & channel? (As its your network, you can log into the router, and get it's BSSID and channel number.)
Is the SSID hidden? If yes, start capturing, get another node to connect to the network. Can you see the SSID then?

hi
this is a simple password generator in python language that also make split the large file to small files and it can calculate all types of passwords such as numberic or cappital or lowercase or Symbols or mixture of those.

Thanks for the share (even if its a little bit off-topic!)
I've saved a copy
Thanks for the thanks too!

[mamalhacker]

hi
i have a problem by adding new password database to airolib-ng.
i create my password list by crunch but no one add to database by airlib-ng
i reaved invalid password
please help me
tnx

[HeLiX535]

I'm new in linux, so please help me =o)
When I want to crack wifi, after step: aireplay-ng --deauth 10 -a 00:1B:9E:B2:60:00 -c 00:12:17:94:90:0D mon0... I filled it right with my MAC adresses, but then it write, that my AP is set up to -1... Can you tell me please, what have to do?
Sorry for my English and thanks =o)

One more question: Dictionaries? What they contains? If I know that the password is like gymn512um, or something like that, will it find it?

Thanks.

[g0tmi1k]

hi
i have a problem by adding new password database to airolib-ng.
i create my password list by crunch but no one add to database by airlib-ng
i reaved invalid password
please help me
tnx

Can you verifty the crunch word list that was created?
WPA keys are between 8-63 char long, how long are the words generated from crunch?

I'm new in linux, so please help me =o)
When I want to crack wifi, after step: aireplay-ng --deauth 10 -a 00:1B:9E:B2:60:00 -c 00:12:17:94:90:0D mon0... I filled it right with my MAC adresses, but then it write, that my AP is set up to -1... Can you tell me please, what have to do?
Sorry for my English and thanks =o)

One more question: Dictionaries? What they contains? If I know that the password is like gymn512um, or something like that, will it find it?

Thanks.

It sounds like your wifi driver don't support injection. What are you using? Which version of backtrack are you using too?
Dictionaries/wordlists contain a mass of words which could be used for passwords. It depends on the wordlist you use if it will be included!

[zeroth]

I've got the wep cracking down and started working on wpa but I am unable to capture a handshake. I've looked at the capture file in wireshark and have a handful of eapol packets...looking at them it appears to be from the client. How to I go to the next step and get the router packets so I can capture the handshake? Not looking for a tutorial but any tips to get me in the right direction would be great....or let me know if I'm in the completely wrong direction.

Thanks

[zeroth]

Ok, I tried the same process on another wpa router and I captured the handshake. Curious why I was only getting 2/4 packets of the handshake on the other router. Anyone got a good source I can read on how to figure out exactly why I can't capture the handshake on the other router?

[Barry]

I've got the wep cracking down and started working on wpa but I am unable to capture a handshake. I've looked at the capture file in wireshark and have a handful of eapol packets...looking at them it appears to be from the client. How to I go to the next step and get the router packets so I can capture the handshake? Not looking for a tutorial but any tips to get me in the right direction would be great....or let me know if I'm in the completely wrong direction.

Thanks

Make sure you're not channel hopping, that will mess things up.

[zeroth]

Make sure you're not channel hopping, that will mess things up.

Something is up with that ap...I tried another wpa spot and was able to capture the handshake just fine. Curious on what was the deal with that spot and how to fix the issue if there is one. Signal seemed good, I was only getting 2/4 packets of the handshake. odd. Everything is working fine on other spots and I'm practicing some dictionary attacks on the captured handshake now.

Looks like it'll be ages...ha ha! Good thing I have a couple extra computers to play on. Anyone got any good sources I can read on about using rainbow tables? Basically, any way to speed this process up as much as possible. I'm willing to read, just hard finding good up to date sources.

[g0tmi1k]

Anyone got any good sources I can read on about using rainbow tables? Basically, any way to speed this process up as much as possible. I'm willing to read, just hard finding good up to date sources.

http://www.aircrack-ng.org/doku.php?id=airolib-ng
http://www.wirelessdefence.org/Conte...WPAttyMain.htm
http://www.renderlab.net/projects/WPA-tables/
http://www.churchofwifi.org/Project_Display.asp?PID=90