    Cracking WPA/WPA2 PSK

    EncryptionByIAmDelirious-Feb 21, 2015

    Cracking WPA/WPA2
    About a month ago, to my embarrassment, I learned that my Wi-Fi

    password was so weak that een my !" year old neighbour could crack it#

    $o, not really%

    A little &isclaimer ' (he contents o) this post are solely )or ethical and

    educational purposes% *ou may not use it )or unethical purposes% (he

    Author or the Website is not responsible )or any damage to yoursel), your

    network, or the computers in you network, should something go wrong%

    +asically guys, be care)ul where you use this and please dont do anything


    Were going to start with a little introduction to ali 0inu1, because that is

    the 3 I pre)er, is the easiest )or this task and comes with all the tools we

    need% 4ali5 is a 0inu1 distribution and is the successor to the much

    acclaimed acktrack, which many o) you reading this article will probably

    know o)% $ow, there are many ways o) installing and using ali, i) anyone

    needs any help, leae in the comments, and I will probably write another

    post about installing and its basics in the )uture%

    In this tutorial, Im going to hack into a Wi-Fi hotspot that I 6ust set up,

    named ' Anonymus%

    $ow, gien that we hae ail 0inu1, open up a terminal window, type in

    4i)con7g 4% (his is going to list all the networking inter)aces connected to

    your deice%

    8ere, we only need +wlan". which is our Wi-Fi card, so we can disable the

    others by doing 4i)con7g 9name o) the inter)ace: down5%

    +4lo5 does no matter.#

    $ow, we type 4airmon-ng start wlan"5

    +airmon-ng is 6ust a tool )or monitoring air tra;c, 4start5 basically startsthe tool, and 4wlan"5 speci7es the inter)ace we are using )or monitoring.

    Itll probably show 4some processes that could cause trouble5, well simply

    kill those processes by entering 4kill 9process I&:5%

    $ow i) we do 4i)con7g5, it should show us the newly made monitoring

    inter)ace 4mon"5%

    (hen, put in, 4airodump-ng mon"5%

    In the screenshot below, the highlighted bssid is our target +and it is my

    own., named 4Anonymus5, the channel is !< as we can see under the 4C85


    For our ne1t step we type in, 4airodump-ng 'c 9channel: -w 9name: '

    bssid 9bssid: mon"5%

    0et me e1plain a )ew things here, 4airodump-ng5 is a tool )or capturing Wi-

    Fi packets, 49channel:5 means the channel your target is running on, 4-w5

    basically writes a 7le by the name that succeeds it in 49name:5, +I did

    4handshake5 6ust )or the conenience o) it. bssid is a string o) numbers

    speci7c to a hotspot%

    $ow, open up a new terminal and type in 4aireply-ng -" " 'a 9bssid:

    mon"5, this command send a deauthentication signal +usually called a

    deauth packet. to all the deices connected to that hotspot% (hen a)ter a

    )ew seconds we stop it by 4Ctrl=C5% $ow, as we can see, the other terminal

    shows that the WPA 8andshake was success)ully captured%

    We can close both windows at this point, and open a new one% (ype 4ls5>

    that should list the 7les in the current directory% We can clearly see that

    the 7les )rom the aboe operation are present% ut we only need the 7le

    ending with 4-"!%cap5%

    (hen we do, 4aircrack-ng 'w 9)ull location o) the wordlist: 9the 7le


    *ou may be asking what wordlist? What is that sh@t?

    A Wordlist is a 7le containing thousands o) known and possible

    passwords, which you can download )rom the internet +4speci)ying )rom

    the internet5 ' We aint dumb, boy BP.% (he one I used can be )ound here%

    (he list contains D2,E

    It will then start searching )or matching keys in the word list% $ow the time

    that this will take is solely dependent on the strength o) the password% (he

    stronger the password the more time will it take% For ery strong

    passwords, check this out% For tips on creating your own strong password

    ' (op !" (ips to Create a 3trong Password

    A)ter completion it looks something like the screenshot below% In it, you

    can see that it tested HEDD keys and my key was the HEDth% I purposely

    put )uturama because )rankly, )uturama is awesome Also it is a ery weakpassword +People reading this, i) your password is 4)uturama5, youre cool

    (he 8ell? Change it right now.
    $ow that we know the password, lets test it#

    Annnnd# oila it works

