- For this tutorial you will need root access. If using ubuntu you can use sudo for this tutorial but if you don't want to use sudo every time you type in new command, use su it will give you full root access. If you don't have the root password sudo will work just fine. If your doing this on a laptop sometimes using a external wireless card is the best, external wireless cards get better reception and better results. But if you have internal wireless card in your laptop it will work just fine.
- First find out if your computer has aircrack-ng installed on your computer, open the terminal on your Linux distro of your choice. First in your terminal type in aircrack-ng if it says No command 'aircrack-ng' found. You don't have it installed. In Ubuntu there is two way to install it, in terminal type in sudo apt-get install aircrack-ng or the software center. But using the software center it has issues of not liking aircrack-ng because its not maintained by canonical who designed Ubuntu. But for the other distros out the like fedora or others you'll have to look that up. This tutorial is being done on Ubuntu.
- Now lets get started, Now look for the wireless card that is installed or connected to your computer. Using airmon-ng will show the wireless card or cards installed or connected to your computer. Open terminal in your computer Type as follows “airmon-ng.”
- After finding the wireless card that is connected or installed on your computer let remember which one is which that if you have two or more wireless cards connected. Normally wlan0 is the internal wireless card, but if doing this on a old laptop or desktop that has no wireless cards and you have a wireless card connected then whatever is listed is the card that you have on your computer. Also keep note some desktops have a wireless cards installed on the motherboard. But if using this on a older laptop that has no wireless make sure the card is connected to the computer.
- Now we have the card in monitor mode, from here things get fun. Type “airodump-ng mon0”. Let it scan for a few minutes, it will find all the access points that turned on. Lets go over a few things, first BSSID listing is the routers or access points, Beacons shows how many time it calls out to tell the computer Hey i'm here, CH is the channel that its communicating on, MB is how fast it will transmit data, and finally ESSID is the name of the of the access point.
The list down below, the BSSID is the same as above next is the station, the station is the computer that is connected to the access point by wireless it will not read the computer if its connected by Ethernet. After letting scan for a few minutes stop the scan by pressing Ctrl and C this will stop the scan, but everything that you scanned for will not go away.
- After you had scanned your area for access points look at the second BSSID list, find how many MAC addresses are listed and then look station list.
- Now open another terminal window or a new tab. When you open a new tab or window you will need to use sudo or if you don't want to use sudo all the time use su login into root. Now your going to start scanning the specific access point that you want to get into. Note the wpa is the file that captures the packets in this scan.
airodump mon0 –channel 1 –bssid 00:00:00:00:00:00 -w wpa - You can't wait until a clients connects to the access point, but you don't know when that will happen. There is a way to force the client to disconnect and then reconnect. If you started airodump now is the waiting game, just wait for someone to connect to the access point, but if you don't have a lot of time there is a way to speed the process up. Find the MAC address of the access point your trying get into and then next to MAC address of the access point is the station write them down or just copy and paste then when needed. So lets force them apart just a few seconds to get that handshake in that open terminal you will still need root access. Type in aireplay-ng -0 1 -a BSSID MAC -c station MAC mon0 this will disconnect the client from the router for a few seconds the user won't know because it happens so fast.
9. No go back to airodump-ng scan. In the upper right hand corner it will say WPA Handshake
then the MAC of the access point. Now you have got what you need.
- Stop all scans if you doing this from your car some were is public get out of there go to a safe place. Make sure you have good copy of word files or they also call them dictionary files, the next part is the most time consuming part of this whole process. First when you get home or get to that safe place make sure to have plenty of snacks, drinks or whatever you like doing to do when you kill time. To start this very simple remember were you saved the wpa file that you saved when you did the scanning most of the time it will be in your home directory but if you saved it some were else then remember were you saved it.
aircrack-ng -w word.lst -b MAC Address of access point wpa.cap - Then after the scanning done it will show you the key then your done. If the scan doesn't find the key then you can be out of luck. There are other ways of getting the key but I will cover that in later time but for now this is a simple way of getting the key of a access point. I will include a link to password files that I use.
No comments:
Post a Comment