cracking_wpa
Differences
This shows you the differences between two versions of the page.
Both sides previous revisionPrevious revisionNext revision | Previous revisionNext revisionBoth sides next revision | ||
cracking_wpa [2010/01/03 18:23] – Generalize monitor mode setup instructions for non-madwifi drivers. netrolller3d | cracking_wpa [2010/03/07 16:10] – forgot to update the version and date mister_x | ||
---|---|---|---|
Line 1: | Line 1: | ||
====== Tutorial: How to Crack WPA/WPA2 ====== | ====== Tutorial: How to Crack WPA/WPA2 ====== | ||
- | Version: 1.18 September 25, 2009\\ | + | Version: 1.20 March 07, 2010\\ |
By: darkAudax | By: darkAudax | ||
Line 37: | Line 37: | ||
===== Equipment used ===== | ===== Equipment used ===== | ||
- | |||
- | To follow this tutorial at home, you must have two wireless cards. | ||
In this tutorial, here is what was used: | In this tutorial, here is what was used: | ||
Line 84: | Line 82: | ||
| | ||
- | The presence of a [phy0] tag at the end of the driver name is an indicator for mac80211, so the Broadcom card is using a mac80211 driver. **Note that mac80211 is supported only since aircrack-ng v1.0-rc1, and it won't work with v0.9.1, which this tutorial primarily refers to.** | + | The presence of a [phy0] tag at the end of the driver name is an indicator for mac80211, so the Broadcom card is using a mac80211 driver. **Note that mac80211 is supported only since aircrack-ng v1.0-rc1, and it won't work with v0.9.1.** |
Both entries of the Atheros card show " | Both entries of the Atheros card show " | ||
Finally, the Ralink shows neither of these indicators, so it is using an ieee80211 driver - see the generic instructions for setting it up. | Finally, the Ralink shows neither of these indicators, so it is using an ieee80211 driver - see the generic instructions for setting it up. | ||
Line 257: | Line 255: | ||
To see if you captured any handshake packets, there are two ways. Watch the airodump-ng screen for " WPA handshake: 00: | To see if you captured any handshake packets, there are two ways. Watch the airodump-ng screen for " WPA handshake: 00: | ||
- | use Wireshark and apply a filter of " | + | Use Wireshark and apply a filter of " |
==== Step 3 - Use aireplay-ng to deauthenticate the wireless client ==== | ==== Step 3 - Use aireplay-ng to deauthenticate the wireless client ==== | ||
- | This step is optional. | + | This step is optional. If you are patient, you can wait until airodump-ng captures a handshake when one or more clients connect to the AP. You only perform this step if you opted to actively speed up the process. |
This step sends a message to the wireless client saying that that it is no longer associated with the AP. The wireless client will then hopefully reauthenticate with the AP. The reauthentication is what generates the 4-way authentication handshake we are interested in collecting. | This step sends a message to the wireless client saying that that it is no longer associated with the AP. The wireless client will then hopefully reauthenticate with the AP. The reauthentication is what generates the 4-way authentication handshake we are interested in collecting. |
cracking_wpa.txt · Last modified: 2022/01/02 21:34 by mister_x