> How to crack wifi networks with Ubuntu 12.04
How to crack wifi networks with Ubuntu 12.04
Posted byesther harwantion
Monday, December 3, 2012at7:24 PM
The purpose of the guide today, will be to showhow it is possible crack networks WEP-WPA-WPA2 through the use of Ubuntu 12.04.1 LTS . The use of the latter is justified by the fact that by Linux distributions is much easier and efficient operations of this type.
How to crack wifi networks with Ubuntu 12.04 LTS (dictionary attack)
A good wireless card, such as Atheros or Realtek .
Open a terminal and type the following command to install Aircrack-ng:
sudo apt-get install aircrack-ng
Now the system will inform you that the installation of the suite will be occupied a certain number of MB, type and hit return ;
At this point we have completed the installation of Aircrack and then we are ready to perform the actual operation of cracking;
Also inside the terminal, type the following command:
This command will identify your wireless card, is usually called wlan0;
To understand the name of your card, you can also use the following command:
The system should provide something like this:
wlan0 Realtek RTL8187L rtl8187 - [phy2]
Then your network card was recognized!
[NOTE] From now on, all the code you are going to write will be based on wlan0 so if your network card is recognized in a different type wlan2, you should use this.
In order for your network card can make a search you need to put in Monitor mode with the following command:
airmon-ng start wlan0
At this point, the system will return the following screen:
Well, you only read the last line and write down the name of the virtual interface that should typically be mon0, to understand it is just locate the following entry "( monitor mode enabled on mon0 ) "
[NOTE] From now on, all the code you are going to write will be based on mon0.
At this point we are ready to scan networks:
airodump-ng-encrypt wep mon0
Through this command we will exclusively networks with WEP encryption. Change it if you want to search for other networks, or use the following command if you want to see all the available networks:
Now the terminal will return a screen like this:
Wait a few minutes and then finished the scan by pressing the keys CTRL + C;
Now you must choose your victim and copy the BSSID, which would be the MAC address of the access point and the number of network channel located under the CH column.
Now we have to turn off the virtual interface using the following command:
airmon-ng stop mon0
Now we have to activate the virtual interface directing it towards the channel of the victim in order to perform a more detailed search, type the following command:
airmon-ng start wlan0 "channel number of the victim"
Now we are ready to start capturing packets from the victim:
airodump-ng-bssid BSSID of victim-c channel number ideageek mon0-w
To make the crack a WEP network, we need to capture a large number of packages that usually involves a lot of time but we will use a procedure that significantly speed up this operation unleashing an attack called fake authentication then open a terminal window and type the following command :
aireplay-ng -1 0-a BSSID mon0 the victim
If authentication is successful, the system should provide a screen like this:
If the attack does not work because of the access points more sophisticated, try to use this attack:
aireplay-ng -1 6000-o 1-q 10-a BSSID mon0
Once logged in, we are ready to launch the attack itself:
[NOTE] There are different types of attack but we pause sull'attacco number 2 because most of the time the result is more esaudiente.
Now the system will begin packet capture and at some point, will make you this question:
Use this packet?
Type y and immediately begin to packets to the access point to encourage them to generate new IVs;
To verify that the attack functions, return to the first screen of the terminal and check that the numbers in column # Date immeasurably increase;
The attack is working and the system is collecting the packages in the file ideageek-01.cap ;
If it does not happen anything, it means that the attack does not work, then try selecting a different type attack;
Now for the last time, open another terminal window and type the following command:
Well, at this point the system in addition to continuing the injection of the packages, will begin reading of packets analyzed so far through the file ideageek-01.cap where precisely inside, are located all network data of the victim;
Depending on the network, this may take several minutes and often, the operation will stop and will resume in 5000 IVs.
If all went well, as soon as the system has tracked your password will look something like this:
Well, the password will be found in ASCII format but do not worry, just write it as well as the course is given by removing punctuation.
That's it, that way you can test the security of your home line and see if your line is safe!
However, this procedure can also be used to test networks with WPA / WPA 2 with the only difference that to find the password of the latter, it is necessary to launch a dictionary attack but still today despite this method can not be always get the desired result.