Backtrack5 (BT5) wireless password cracking tutorial-WPA/WPA2-PSK-type wireless password cracking

Source: Internet
Author: User

Yesterday, we published the minidwep-GTK method in the backtrack5 (BT5) wireless weppassword cracking tutorial, and introduced the simple method for cracking wep wireless password in BT5, today, I am going to show my friends how to crack WPA wpa2 wireless password in BT5.

Prerequisites: You have installed or guided the BT5 gnome32-bit image on your hard disk. You can refer to the following articles: backtrack5 hard disk boot + BT5 hard disk installation tutorial.

Although it is said that WPA password is hard to crack, in fact, well, it is true that it depends not only on technology, but also on luck. A powerful dictionary is needed here, there is a good dictionary, and it is often difficult to crack the password. Okay, don't sell off the customs. Let's say the method:

1. Open the wicd Network Manager of BT5 and go to the Internet under the application. Select an AP with a better number (which is nice to use ). Then look at its properties, open properties, and continue to open the properties inside to see the MAC address and channel of this AP.

2. ifconfig check the name of your wireless network card, which is usually wlan0 or wifi0. Then, run the command based on the actual situation.

3. enable wireless monitoring

Airmon-ng start wlan0 6

Note: wlan0 is the name of your wireless device 6 is the channel you want to open (but here 6 is actually not that important)

In this step, you may see a prompt indicating that the xxxx process is affected. It doesn't matter. Kill xxx As the process number given, and then run the preceding statement again until no error is reported.

4. As we have already selected the target, we will go straight to the target AP and start monitoring it with BT5.

airodump-ng -w nenew -c 4 --bssid AP‘s MAC mon0

At this time, you should be able to see the following:

5. Based on the above information, we can find the MAC addresses of the four clientclients and select one from them (preferably an active one ). Open a new terminal. Do not close the last terminal and you will need to use it later. Enter:
Aireplay-ng-0 10-a ap's Mac-c cp's Mac mon0

Run the command to check whether the WAP handshake icon is displayed on the first terminal. If it appears, congratulations, you are not far from success. If the command does not appear, continue to repeat the 5 command until the handshake occurs.

6. Crack the packets captured by the BT5 handshake

Aircrack-ng-W password.txt-B AP's Mac nenew. Cap

When password.txt is a dictionary file that we need to preset, there are a lot of dictionary files on the internet, search will have it. The cows will also release their dictionary files for download and continue to pay attention to them. Final result Diagram

This article is only for technical discussion and should not be used for illegal purposes. Otherwise, the consequences will be borne by you.

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.