]
08-05-2013, 05:43 AM
This post is leaked from the premium section of "Legion" on the competing hack forum. There will be 5 new leaks a day. There may be some format problems due to UTF8 character encoding.
Quote:(07-10-2013, 01:19 PM)Greyhat.Infiltrator Wrote:[To see links please register here]
In this tutorial, I will demonstrate how we can use both Windows and Linux to crack WPA/2 encryption.The reason, I am using Windows and Linux Operating Systems, is because my Linux Os is running off a virtual machine. And due to limitations to the Hypervisor, virtual machines can't communicate directly with the graphics card itself. As result, I will be using my Windows machine that has a Nvidia GTX 465 graphics card to do all the WPA/2 key cracking.
Furthermore, another reason to use Linux is because of the Wireless Injection drivers that work better under Linux than under Windows. Even though, it is possible to inject wireless frames under Windows, the hardware is very expensive and not many of us are financially capable of affording one. So therefore, I highly recommend you to use Linux for this part of the tutorial.
I understand some of you out there, have little or no experience at all using Linux. That's why I made this tutorial as simple as possible. If you follow it carefully and put some effort into it, you will succeed.
WARNING: Before you proceed with the steps below, you must ensure you have a compatible hardware
or there won't be a guarantee that things will work for you.
1) Compatible adapters
Hidden Content
2) Compatible graphics cards
Step 1Download Virtualbox from this URL
([To see links please register here]
)
Step 2Download Backtrack from this URL
([To see links please register here]
)
Remember to download the (Backtrack R3, X64 KDE) version.
Step 3We need to setup our virtual machine, so that we can install Backtrack on it.
The Youtube videos below will walk you through the process of setting up and installing Backtrack on your VM.
How to create a Virtual Machine?
How to install Backtrack 5 R3?
Step 4Now, we are going to download Hashcat and setup a working directory along with wordlists for it.
([To see links please register here]
)
Once you've downloaded the Hashcat files, create a folder in the root directory of you
C:\ drive and call it Hashcat. Then unzip all the file contents you've just downloaded in there. They should look like the screen shot below.
Step 5Now we need to acquire our wordlists. The wordlists provided in the following URL are highly recommended.
Download whatever ones you can and save them into the Hashcat directory you've created.
If you require more wordlists, feel free to PM me!
([To see links please register here]
)Step 6Let's get started, I am going to setup a target AP called "HackMe" and for the sake of this tutorial,
I will create a very simple pass-phrase, so that we can crack it successfully.
The Wireless Access Point that I am using, it's a NetGear N150 Wireless router WNR100 v3.
You can use any other brand or model of Wireless router that pleases you.
Now head over to your virtual machine and fire up your Backtrack 5 OS.
Once it's up and running, connect your WIFI adapter to your host system and issue the following command:
Hidden Content
The above command should output the following results, regarding the type of WIFI adapter you are using.
If you are not sure, or for some unknown reason you are adapter isn't being detected by your VM, watch the video below.
Step 7Provided there are no errors or issues, let's first put our Wifi card into monitor mode and then after let's create a monitor mode interface called "Mon0". In your Backtrack 5 VM, open up a terminal and type the following commands:
Hidden Content
Then
Hidden Content
Your screen should look similar to the screen shot below.Step 8Now that our WIFI card is in monitor monitor, we are going to use the Airodump-ng utility to monitor what Wireless networks are available for us.
In the terminal type airodump-ng followed by the monitor interface. The monitor interface will be "mon0". This can very depending on your adapter chipset.
Hidden Content
As you can see from the screen shot below, our Wifi adapter has picked quite a few wireless networks. And our target AP "HackMe" is the first up on the list of available wireless networks.
Now that we identified our target of choice, lets instruct Airodump-ng to monitor the "HackMe" Wireless AP. And have it record all the wireless traffic to a .cap file so that we can capture the handshake, in order to crack the WPA/2 key.
Hidden Content
In order to capture the WPA handshake, we can wait for a client to authenticate to our AP, or we can deauthenticate a client that is already authenticated.
To deauthenticate a client, we use the Aireplay-ng utility which is part of the Aircrack-ng suite. The command is as follows:
Hidden Content
The video below, will walk you through the process of capturing the traffic, deauthenticating the client and as well as verifying that you've captured a valid WPA handshake using Wireshark.
Step 9Now that, we know the WPA handshake is valid. We use the Aircrack-ng utility to convert the HackME.cap file into a HackME.hccap file.
By default, Hashcat only take it's own .hccap file format. We can't use .pcap or .cap files as they are not supported file formats.
Converting the .cap file into the .hccap is very simple. First, we do an ls command to verify our HackMe.cap exists.
So the HackME.cap exist, now we use the following command to convert our .cap file.
Aircrack-ng has now finished converting the .cap file. We now need to import the HackME.hccap file into our Windows machine, so that we can crack the WPA key with Hashcat.
To import the .hccap file, I will be using Dropbox. I will show you, how the installation is done on the Linux side.
On the Windows side it should be a straight and simple installation for a GUI guru like yourself.
Disclaimer
Hidden Content
Now let's put everything into practice.
![[Image: ieq6viOQ6szdE.gif]](http://i.minus.com/ieq6viOQ6szdE.gif)
![[Image: Untitled.png]](http://infiltrator.webs.com/images/Untitled.png)
![[Image: adapter.png]](http://infiltrator.webs.com/images/adapter.png)
![[Image: airmon-ng.png]](http://infiltrator.webs.com/images/airmon-ng.png)
![[Image: airodump-ng.png]](http://infiltrator.webs.com/images/airodump-ng.png)
![[Image: aircrack-ng1.png]](http://infiltrator.webs.com/images/aircrack-ng1.png)
![[Image: aircrack-ng.png]](http://infiltrator.webs.com/images/aircrack-ng.png)