Today, i am going to show you many aspects of the Windows Password Storage path, Method of Encryption, and breaking into Windows by cracking the admin password. We need this often for many reasons:
1) Sometime we have forgotten our old password and Hint isn't helping out.
2) We want to break into someone computer to get the information.
3) Just want to take revenge from someone.
4) Stealing computer data.
Lets, take a deep dive in Cracking Windows password and also where these are stored and in which format.
SAM file and Password Hashes~Place where these passwords are stored in Hashes:
Password Hashes - When you type your password into a Windows NT, 2000, or XP login Windows Seven, Vista etc Windows encrypts your password using a specific encryption scheme that turns your password into something that looks like this:
7524248b4d2c9a9eadd3b435c51404eddc5
This is a password Hash. This is what is actually being checked against when you type your password in. It encrypts what you typed and bounces it against what is stored in the Registry and/or SAM File.
You can break this hash password from
www.md5hash.com
www.passcracking.ru
SAM File - Holds the user names and password hashes for every account on the local machine, or domain if it is a domain controller.
Location of SAM/Hashes:
You can find what you're looking for in several locations on a given machine.
It can be found on the hard drive in the folder %systemroot%system32config (i-e C:\windows\system32\config) . However this folder is locked to all accounts including Administrator while the machine is running. The only account that can access the SAM file during operation is the "System" account.
The second location of the SAM or corresponding hashes can be found in the registry. It can be found under HKEY_LOCAL_MACHINESAM. This is also locked to all users, including Administrator, while the machine is in use.(GO to Run and Type Regedit and Hit enter, Now scroll to HKEY_LOCAL_MACHINESAM, However you may not access to it.)
So the two (Some other also) locations of the SAMHashes are:
- %systemroot%system32config
- In the registry under HKEY_LOCAL_MACHINESAM
Cracking or Breaking Into Admin Account:
How to get Hashes form SAM file?
Well, Below are the methods to do so:
1) Well, the easiest way to do this is to boot your target machine to an alternate OS like NTFSDOS or Linux and just copy the SAM from the %systemroot%system32config folder.
It's quick, it's easy, and it's effective. You can get a copy of NTFSDOS from Sysinternals(http://www.sysinternals.com) The regular version of NTFSDOS is freeware, which is always nice, but only allows for Read-Only access. This should be fine for what you want to do, however, if you're the kind of person that just has to have total control and has some money to burn. NTFSDOS Pro, which is also by Sysinternals has read/write access but it'll cost you $299.
2) You can also get password hashes by using pwdump2 (Google It to get software ~ Search at openwall.com). pwdump uses .DLL injection in order to use the system account to view and get the password hashes stored in the registry. It then obtains the hashes from the registry and stores them in a handy little text file that you can then paste them into a password cracking utility like l0phtcrack or John the ripper (Linux Based works well) also cain and abel can be used.
3) Import Hashes directly from l0phtcrack, and let them open to you by cracking.
Obtained Hashes? Now crack them:
Well, as i have said that these can't be reversed but somehow automated famous cracking softwares can be used to achieve the target. Yes, it is possible, All we have to do is to have a bit patience. The software will use a lot of strings and will compare these hashes also, Inshort it will decode them.
1) John the Ripper - John the Ripper is to many, the old standby password cracker. It is command line which makes it nice if you're doing some scripting, and best of all it's free and in open source. The only real thing that JtR is lacking is the ability to launch Brute Force attacks against your password file. But look at it this way, even though it is only a dictionary cracker, that will probably be all you need. I would say that in my experience I can find about 85-90% of the passwords in a given file by using just a dictionary attack.
2) L0phtCrack - Probably the most wildly popular password cracker out there. L0phtCrack is sold by the folks at @Stake. And with a pricetag of $249 for a single user license it sure seems like every one owns it. This is probably the nicest password cracker you will ever see. With the ability to import hashes directly from the registry pwdump and dictionary, hybrid, and brute-force capabilities. No password should last long. Well, I shouldn't say "no password". But almost all will fall to L0phtCrack given enough time.
Making Your Own Password in Windows:
Injecting Password Hashes into the SAM:
Easiest ways to gain Administrator privileges on a machine, is by injecting your own password hashes into the SAM file. In order to do this you will need physical access to the machine and a brain larger than a peanut. Using a utility called " chntpw " by Petter Nordhal-Hagen you can inject whatever password you wish into the SAM file of any NT, 2000, or XP machine thereby giving you total control, just burn the .iso on a disk and use it. I would give a tip like backing up the SAM file first by using an alternate OS.Make a USB disk of linux or Windows Live dsik can also work. Go in, inject the password of your choosing. Login using your new password. Do what you need to do. Then restore the original SAM so that no one will know that i was hacked.
.
.
.
.
.
.
.
.
You need to have admin access to perform this change from the command line. This is an especially handy trick if you want to change a password on an account but you’ve forgotten the original (going through the Control Panel can require confirmation of the old password).
Now we hack Admin Password To verify the user name, by simply typing net user, I get a list of all the user names on that windows machine. Now, go to the command prompt and enter:
cd\
cd windows\system32
net user
If there are people near you and you don’t want them to see the password you type, enter:
net user *
E.g. > net user username *
> Type a password for the user:
> Confirm the password:
AxomTech.in
Wednesday, 28 October 2015
How to hack windows log in password
"...কবিতাৰ শৰাই..."
1)"..তোমাক নোপোৱাৰ বেদনাত চকুলো নিগৰে.."
মই মৰি মৰি জীয়াই আছো তোমাৰ
অপ্ৰেক্ষাত ♡♡ ♡
তুমিহীনতাৰে জীয়াই থাকিব পৰা
নাই মাথো পাৰ কৰিছো দিনৰ
পাছত দিনবোৰ..........,
তোমাক মই ভাল পাও, ভাল পাও
আজিও______
তোমাৰ কাজল সনা দুচকুলৈ চালে
চাইয়ে থকাৰ এই দূৰভগীয়া প্ৰেমিকৰ
কথা পাহৰি গৈছা চাগে ?
তোমাৰ লগত কটোৱা প্ৰতিটো পল
বাৰে-বাৰে ভাহি আহে মোৰ
দুচকুৰ আগত, তোমাক হেৰোৱাৰ
বেদনাত চকুলোৰে মূৰৰ শিতান
তিয়াই পাৰ কৰো উজাগৰী
নিশাবোৰ.............
তুমি এৰি যোৱাৰে পৰা নিসংগতাৰে
পাৰ কৰিছো প্ৰতিটো দিন , প্ৰতিটো
ৰাতি,, তুমিহীনতাৰে মই কেনেকৈ
আছো এবা চাই যাবাহি চোন এই
দূৰভগীয়া প্ৰেমিকক.........
2) আজি সকলোৱে কয় ....এদিন হাঁহি ফূৰ্তি ধেমালি কৰি কথা পাতিলে প্ৰেম নহয়। এদিন দেখাতেই প্ৰথম চাৱনিতে প্ৰেম হব পাৰে জানো....????
এই প্ৰশ্নটোৰ উত্তৰ আজি কাৰো হাতত নাই। কিছুমানে কয় তেনেকৈ প্ৰেম ভালপোৱা কেতিয়াও হব নোৱাৰে। কিন্তু নিবিৰৰ হৈছিল । এদিন দেখিয়েই পপীৰ প্ৰেমত পৰিছিল। তাইক প্ৰথম দেখোতেই হৃদয়ত এক অবুজ শিহঁৰণ অনুভৱ কৰিছিল । হৃদয়ৰ ধুমুহাজাক খুব সঘনে বলিব লৈছিল । শিৱসাগৰৰ সেই চিনাকি বাছ স্টেন্ডত ৰৈ আছিল সি। তেনেতে সিফালৰ পৰা পপী বাছলৈ বুলি আহিছিল । তাই পিন্ধি অহা হালধীয়া মেখেলা যোৰ সৈতে খুব ধুনীয়া লাগিছিল । ওঁঠত অনবৰত লাগি থকা মিচিকিয়া হাঁহিতো..... কলা কাজলত জিলিকি থকা চকুদুটি..... উস....সেই চকুুযুৰি যেন তাৰ বহুদিনৰ চিনাকী । কত দেখিছিল.....সি.... নাই আগতে দেখা নাই । পিঠিলৈকে পৰি ৰোৱা চুলিকোছা...... বাঃ কিমান ধুনীয়া তাই... এয়াই চাগে অসমীয়া গাভৰুৰ পৰিচয় । তাইও তাৰ ওচৰতে থিয় হল.... নিবিৰে চাঁও নাচাঁও কৈ তাইৰ মুখলৈ এবাৰ চাইছিল । তাৰ বুকুখন ধান বনা দি বানিব ধৰিছিল । ভয় মাথো তাইৰ চকুত চকু থৈ চাবলৈ.......।।
""আজি বাছ লেট আছেনি...??" -- পপীয়ে সুধিলে ।
""নাই আহিব হল.... তোমাৰ নামটো..""--নিবিৰে সুধিলে ।
" পপী....আপোনাৰ. নাম....?"
""মই নিবিৰ.. ... পঢ়ি আছানে....?""
" নাই .....এনেই...."
সেইদিনাই তাইৰ হতে প্ৰথম চিনাকি । পাতো নাপাতোকৈ বহু কথাই পাতিলে । বহুদিনৰ বান্ধৱীক লগ পোৱাৰ দৰে হাঁহি হাঁহিয়েই কৈ থাকিল । সদায় সদায় সেই একেটা স্টেন্ডতে লগ পাই ।.... নিতৌ এটি এটি নতুন কথাৰ আলোচনা কৰাত ব্যস্ত হৈ পৰে। দুয়ো ভাল বন্ধু হল। কিন্তু নিবিৰৰ মনত যে আন এটা কথাই সদায় তাক ধৰফৰাই ৰাখিছিল । কব খুজিও কব নোৱাৰিছিল... হৃদয়ত সাঁচি ৰখা গোপন ভাষাবোৰ । কেনেকৈ কব ভালপাওঁ বুলি.....
হঠাৎ এদিন তাইক কৈয়ে পেলালে..... মই তোমাক ভাল পাই পেলাইছো পপী..... তুমি যদি সহাঁৰি দিয়া..... এই ভালপোৱা কেতিয়া হল,,কেনেকৈ হল গমকে নাপালো ।
পপীয়ে মাথো তাৰ শেঁতা পৰা মুখখনলৈ চাই ৰল।
পপী তুমি মোক একো বুলিয়ে নোকোৱা নে....??
পপীয়ে বহু সময় মনৰ ভিতৰতে ভুৰভুৰাই থাকিল । তাৰ পিছত কঁও নকঁওকৈ কলে...." মই আজি জনাব নোৱাৰিম । মোক ভাবি লব দিয়া ।মই কালিলৈহে জনাব পাৰিম ।"
"" ঠিক আছে তুমি কালিলৈয়ে জনাব বাৰু"" নিবিৰৰ মুখত এটা হাঁহিৰ ঢৌ ফুটি উঠিল । নিবিৰে সিদিনা ৰাতি টোপনি যাব নোৱাৰিল । তাই কি বুলি উত্তৰ দিব । যদি না কৰে তেন্তে বন্ধু হিচাপত থাকিম বুলিয়েই ঠিৰাং কৰিলে । ৰাতিপুৱা সোনকালে শুই উঠি প্ৰত্যেক দিনা যোৱাৰ দৰে আজিও গৈছে । তাৰ জীৱনৰ এটা ডাঙৰ প্ৰশ্নৰ উত্তৰ বিচাৰি। বাছ স্টেন্ডত অকলে অকলে ৰৈ আছে সি....ক'তা পপীৰ অহাৰ সময়তো পাৰ হৈ গল । এতিয়ালৈকে অহা নাই কিয়.....??
দিনৰ দিনটো তেনেকৈ তাতে পাৰ কৰিল । ফোন কৰিছে মোবাইলতো Switch off. কি হল এদিনোতো ফোন বন্ধ কৰি নাৰাখে..... হঠাৎ এই পৰিৱৰ্তন কিয়....??
সেইদিনা তেনেকৈয়ে গল। তাৰ পিচদিনাও একেদৰেই ৰৈ থাকিল । তথাপি তাইৰ খবৰ খাতি নাই । আজিলৈকে তাইৰ খবৰ নাই । এবাৰতো কৈ যোৱাহি পপী.... মই কি ভুল কৰিলো.....?? তোমাৰ উত্তৰ দিয়া । তাৰ অবিহনে মই সুখী হব নোৱাৰিম । তুমি যদি ভাল নোপোৱা মোক কৈ দিয়া.... এটা আশাৰ কিয় বলি কৰি ৰাখিচা মোক.... ???
3) মই আজিও ৰৈ আছো তোমালৈ ......
তোমাক দিবলৈ বুটলিছো পদূলিমূৰৰ শেৱালি.......
আজি তোমাক সোণ বোলোয়ে নে ...কি বোলো.....???
তুমি আহিবা আহিবা বুলি.....
চাই থাকো মোৰ মৰমৰ জুপুৰিটো ...।।
নাই আজি.....কোনো নাই মোৰ হৃদয়ত ।
তোমাৰ বাদে মোৰ হৃদয়ৰ থাপনাত...
আনক জানো বহাব পাৰো.....??
চাই যাবাহি..... আজিও মোৰ
হৃদয়ৰ এটি এটি তেজৰ মোহনাত.....
তুমি জিলিকি আছা...।।
আজি আতৰি নাযাবা.....নকবা আতৰি যাওঁ বুলি..... মোৰ দুখ লাগে.... নিৰলে নিৰৱে কান্দিব খোজে মোৰ হৃদয়ে......।।
মোৰ চকুযোৰিলৈ চোৱা.... কি দেখিছা....
চকুৰ পাহিবোৰ কলা পৰিছে ন......
পৰিবইতো.... ৰাতি ৰাতি কান্দিছো যে যিহেতু .!!
4) জীৱনত সদাই দুটাই পোৱা যায় সুখ আৰু দুখ । সুখতকৈ দুখ মানুহ জীৱনলৈ বেছি পৰিমানে আহে সুখ জীৱনত হথাৎ আহে আৰু হথাৎ নোহোৱা হয় ।সুখ যেতিযাই মানুহৰ জীৱনলৈ আহে তাক আদৰি লৈ হাঁহি ধেমালিয়ে সেই সময় চোৱা পাৰ কৰিব লাগে । দুখ আহিলে কেতিযাও নিজে দুখত পৰিছো বুলি ভাবিব নালাগে পৃথিৱীত এনেকোৱা মানুহ বহোত আছে যাৰ গোটেহ জীৱনটো অকল দুখ পাই আহিছে । দুখ আতৰাই সুখ আদৰি লোৱাটো আমাৰ নিজৰ কর্তব্য । মানুহে কেতিযাও দুখি হব নালাগে সদায় সুখত থাকিবা...
5) শুকুলা ফুল পাহিত দিলা ৰং সানি
কৰেনো তুমি পখিলা ঐ,
মোৰ পাহিত মৌ সানি
উৰা মাৰিলানো কোন খন বাগিছালৈ।
দিলা পাহিত ৰং সানি
দিলা প্ৰেমৰ বোল,
তোমাৰ প্ৰেমত পৰি হৈ
পৰিছো অতি ব্যাকুল।
কলৈ গলানো অ'
মৰম লগা পৰি,
তোমাৰ বাবেই পালো এই ৰং
তোমাৰ বাবেই দিম
ৰঙৰ দলিছা খন পাৰ...
6) প্ৰেমে হহোঁৱাই.....প্ৰেমে কন্দুৱাই ........
প্ৰেমে মানুহৰ কলিজা...খুলি খুলি খাই...!!
জানি বুজিও মই তোমাৰ প্ৰেমত পৰিছিলো । কত সপোন.... কত আশা জোখতকৈ বেছি কৰিছিলো । তোমাৰ মুখৰ মিঠা মিঠা শব্দবোৰে মোক পাগল কৰি তুলিছিল । ভবাই নাছিলো কিছুমান সপোন দেখিবলৈ যে এতিয়াও মোৰ সময় হোৱা নাই । কত সৃষ্টি হল প্ৰেম নামৰ শব্দটো । কোনে উলিৱালে .....?? যাৰ বাবে আজি ইমান কস্ট ভুগিছো । মানুহে দেখিব বুলি ৰাতি ৰাতি কান্দি দিওঁ হৃদয়ৰ অবুজ স্মৃতিবোৰক লৈ। মোক নিতৌ কন্দুৱাই সেই আধা ভঙা আধা ছিঙা সপোনবোৰে ।। বাৰে বাৰে ওলাই যাব বিচাৰো প্ৰেমে গৰকা দিনবোৰৰ পৰা। কিয় হল মোৰ লগত এনেকুৱা....??? চাবা.... সোণ আজি তুমি মোৰ কাষত নাই কিন্তু এনে এদিন আহিব মোকো কোনোবাই পাগলৰ দৰে ভাল পাব লব আৰু তাইৰ মৰমৰ মাজত তোমাক পাহৰিব পাৰিম......সেয়া মই জানো । তুমি সুখী হোৱাগৈ........ চিৰদিন ।।
7) তোক বিচাৰো সদায় মোৰ
কাষতে...
গোটেই জীৱন তোৰ লগত পাৰ
কৰি দিব বিচাৰো ৷ তোৰ বুকুৰ
মাজতেই কটাব বিচাৰো...অসুখ
হলে তোৰ যত্ন অলপ বিচাৰো সদায়, আজিৰ দৰেই ৷ তোৰ
দুবাহুৰ মাজতেই পাৰ কৰি দিব
বিচাৰো জীৱনৰ জটিল
ক্ষণবোৰ ৷
কেতিয়াবা ভয় খাই দৌৰি আহি
তোৰ বুকুত মুখ গুজি সাবটি ধৰিব বিচাৰো ৷ মোৰ প্ৰতি তোৰ মৰম
মিহলি খং, তোৰ অভিমান
সদায়েই চাই থাকিব খোজো ৷
কেৱল তোক কাষত বিচাৰো...
আজি তোৰ প্ৰতি মোৰ যি
সীমাহীন ভালপোৱা , ভৱিষ্যতেও তোৰ নামত পাগল
হৈ থাকিব বিচাৰো ঠিক আজিৰ
দৰেই...তোৰ কাষতে থাকি...
গোটেই জীৱন তোৰ ছাঁ হৈ কটাব
বিচাৰো ৷ এটা এটা মূহুৰ্ত তোৰ
লগত পাৰ কৰিব বিচাৰো ৷ পৃথিৱীৰ সমস্ত ৰং তোৰ লগত
চাব বিচাৰো...
কেৱল তোক কাষত
বিচাৰো...গোটেই জীৱন...
WirelessHack | Source of news for electronic projects including Kali Linux, Wireless Security,...
WirelessHack
Source of news for electronic projects including Kali Linux , Wireless Security, KODI , SDR , Raspberry Pi , How- To - information , Guides and Tutorials.
Step By Step Kali Linux and Wireless Hacking Basics WEP Hacking Part 3
This is a multiple part series for someone new to wireless hacking, with pictures and videos.
Introduction To Kali and WiFi Pen Testing
How to Install Kali Linux
WEP Hacking
Kali Linux and Reaver
Getting a Handshake and a Data Capture, WPA Dictionary Attack
Using Aircrack and a Dictionary to Crack a WPA Data Capture
Cracking a WPA Capture with the GPU using HashCat
Next Creating a Dictionary / Wordlist with Crunch Part 8
Note: If you are using a updated version of Kali and aicrack-ng mon0 interface has been changed to
wlan0mon . Read here for more info.
Kali Linux and WEP Hacking
WEP is the original widely used encryption standard on routers. WEP is notoriously easy to hack. Even though WEP is rarely seen anymore it still does pop up every now and again.
Also this is a good place to start for someone new to wireless pen testing before moving on to WPA encryption.
Penetration Testing Setup
Setup a old router and log into it setting it up as WEP for wireless security to use as a test router. Have one other computer, tablet, or smartphone connected to it wirelessly since the encrypted data between the two will need to be captured.
The basic idea of this attack is to capture as much traffic as possible using airodump-ng. Each data packet has an associated three byte Initialization Vector called IV’s. After the attack is launched the goal is to get as many encrypted data packets or IV’s as possible then use aircrack-ng on the captured file and show the password.
At this point Kali Linux should be running along with the WEP encrypted router and a wireless connected device. Also a wireless USB adapter should be plugged in and ready.
Open a terminal window by pressing the terminal icon at the top left.
Next type in the command “airmon-ng” without the quotes to see if your adapter is seen by Kali Linux. It should show the interface, chipset, and driver. If it doesn’t then some troubleshooting will have to be done as to why the adapter is not seen.
Next type in “airmon-ng start wlan0” to set the USB adapter into monitor mode.
Now we need to see what routers are out there and find the test router. To do this run the command “airodump-ng mon0”. After this command is run a screen will come up showing the routers in range and there information.
(If a adapter comes up enabled on mon1 or mon2 simply used that instead of mon0)
The test machine that was setup should be seen along with its information. The information needed will be the BSSID, channel (CH), and ESSID. The test machine here is the dlink router with the BSSID: 00:26:5A:F2:57:2B the channel is on 6 and the ESSID is dlink.
Once this information is seen don’t close the terminal window press CTRL+C inside the window to stop it from using the USB adapter and leave it to refer back to.
Open another terminal window to run the next command. Also when done this way the BSSID can be simply copied and pasted when needed.
Next the WEP encrypted data packets needs to be captured. To do this the airodump-ng command is used along with some switches and information collected.
For me this would be:
airodump-ng -w dlink -c 6 –bssid 00:26:5A:F2:57:2B mon0
airodump-ng is the command, -w is a switch saying to write a file called dlink to the drive, -c is a switch saying the target is on channel 6, –bssid is another switch saying which bssid to use, and finally mon0 is the command to use the USB adapter enabled on mon0.
Change the file name, channel, and bssid to match your test router. Copy the information from the first terminal window. Copy and pasting the BSSID into the new terminal window is much quicker then typing it for most.
airodump-ng -w (ESSID) -c (channel) –bssid (BSSID) mon0
After this is done correctly a window will come up and show information about the target router. The main feedback we need to watch is the Beacons and the Data.
These numbers will start at zero and grow as traffic is passed between the router and another device. As these numbers grow, they are being captured in the file specified in the previous command for this example it would be a file named “dink”. IV’s need to grow big to crack the password usually at least 20,000 plus, but ideally 100,000 plus. At this point someone can simply wait for the IV’s to grow large enough to crack the password, but there is a way to speed things up.
To speed up the IV’s open a third terminal window letting the second run capturing the data. In the new terminal window the aireplay-ng command will be used in a two part process first use the command “aireplay-ng -1 0 -a (BSSID) mon0”. So for this example it would be aireplay-ng -1 0 -a 00:26:5A:F2:57:2B mon0
After this run the command “airplay-ng -3 -b (BSSID) mon0” for this example it would be the following:
aireplay-ng -3 -b 00:26:5A:F2:57:2B mon0
This will begin sending out ARP request and the data and the beacons should begin to grow quickly. Again speeding up the capturing of the IV’s is not necessary but handy.
Aircrack-ng will be used on the data file being written to with the information. Aircrack-ng can be run at anytime even when there is not enough data captured it will say on the screen it needs more if there is not enough.
To use aircrack-ng we need the data file being written to the hard drive. In this example it is dlink. Open a new terminal window and type the command “ls” to see the file. The one aircrack-ng needs is the .CAP file here it is called “dlink-01.cap”.
To start aircrack-ng run the command “aircrack-ng (file name)” so here that would be
aircrack-ng dlink-01.cap
Aircrack will begin to run and start to crack the password. Here is what is what it looks like when it is done.
After “Key Found” it shows the password in hexadecimal or ASCII they are the same and either one can be used. For this example the password on the router was 12345.
Next Kali Linux and Reaver
Category: Wireless Security
5 thoughts on “Step By Step Kali Linux and Wireless Hacking Basics WEP Hacking Part 3”
I’ve a problem on the terminal i’m new with Kali and linux in general, i’m using bootable USB this is the the problem i’m facing:
root@kali:~# airodump-ng wlan0monmon
ioctl(SIOCSIWMODE) failed: Device or resource busy
ARP linktype is set to 1 (Ethernet) – expected ARPHRD_IEEE80211,
ARPHRD_IEEE80211_FULL or ARPHRD_IEEE80211_PRISM instead. Make
sure RFMON is enabled: run ‘airmon-ng start wlan0monmon ‘
Sysfs injection support was not found either.
Reply ↓
Kali 2.0 has been having these errors with some setups.
Run these commands
ifconfig wlan0mon down
iwconfig wlan0mon mode monitor
ifconfig wlan0mon up
Here is a video showing the steps.
Reply ↓
When using aircrack-ng getting error, “Please specify dictionary”
Reply ↓
Extra info: I’m not getting any handshake during airodump, nor am I getting any stations.
Reply ↓
Do you have a Kali Linux compatible USB adapter? How are you running Kali?
Reply ↓
Leave a Reply
Your email address will not be published. Required fields are marked
*
Name *
Email *
Website
Comment
Post Comment
What Is The Fastest USB WiFi Adapter Of 2015
How To Use Kodi Media Center Tutorial
The Best Security Options For A Wireless Router in 2015
How To Increase a 5 GHz WiFi Router Range
Aircrack-ng v1.2 RC2 Adds New Options: wlan0mon With WPS Support
How to install Kali Linux on a Raspberry Pi 2 Quad Core
Top Kali Linux compatible USB adapters / dongles 2015
How to Install Kodi on a Android Phone and watch Free TV shows and Movies
How to install Kodi on a Raspberry Pi model 2
Kali Linux and the Alfa AWUS051NH Dual Band USB adapter review
Best Selling Wireless Do It Yourself Home Security Systems
Get rid of Cable TV with XBMC / Kodi
Recent Posts
Review: The Dragon Box Quad Core Media Streaming Device Db4 Android TV Box
How to Do a Clean Install Update of Kodi on a Android TV Box
How to Install Kodi and Genesis on a Windows 10 PC
What is The Best OBD2 Scan Tool for a PC Laptop
Top Android Bluetooth Automotive Scan Tools 2015
What Is The Best Bluetooth OBD2 Scan Tool?
What is a TV Dongle Stick?
Kali Linux 2.0 Compatible USB Adapter Test
How To Install The Alfa AWUSU36H USB Adapter In Windows 10
How To Get Local TV Channels Without Cable 2015
How To Install a Digital TV Antenna
Highest Rated Wireless Gaming Headset 2015
Windows 10 Smart TV Box Options
How to install Kali Linux on a Raspberry Pi 2 Quad Core
Best USB Wireless Adapter For Gaming Desktop PC
How To Setup a Wireless Router Without a Computer
What Is The Fastest USB WiFi Adapter Of 2015
How To Install/Upgrade Your Laptop to Wireless 802.11ac
The Best Walkie Talkie of 2015
Amazon Releases New Fire TV Box
Top Selling Handheld CB Radio With Reviews
What Is A Good CB Radio To Buy?
Review: Best Motorcycle Bluetooth Transmitter to Headset With Mic
Over The Air Digital TV Antenna Reviews
How To Turn Off Windows 10 WiFi Password Sharing
Can The Raspberry Pi 2 Run Windows?
Top 5 Devices To Run KODI From 2015
Best Wireless Remote Control Power Outlet Outdoor On Off Switch
Best Windows 10 Compatible Wireless USB Dongles
Top WiFi SIP Phones for Home or Business 2015
All information on this site is for testing and educational purposes only; for use by network security administrators, penetration testing professionals, or testing the security of your own wireless connection.
The owner of this website, wirelesshack.org , is a participant in the Amazon Services LLC Associates Program, an affiliate advertising program designed to provide a means for sites to earn advertising fees by advertising and linking www.wireleshack.org to Amazon properties including, but not limited to,
amazon.com , endless.com, myhabit.com ,
smallparts.com, or amazonwireless.com
Wirelesshack.org is a source of news for electronic projects including Kali Linux, Wireless Security, Network Security, Raspberry Pi, How-To- information, Guides and Tutorials.
Any Amazon product listed as best or top selling is always changing. Amazon product list should always be verified on the Amazon site
WirelessHack | Source of news for electronic projects including Kali Linux, Wireless Security,...
wirelesshack.org
How To Hack WPA/WPA2 Wi-Fi With Kali Linux & Aircrack-ng
AxomTech.in
Kali Linux Howto ' s
▼
‹ › Home
View web version
Lewis Encarnacion
How To Hack WPA/WPA2 Wi-Fi With Kali Linux & Aircrack-ng
Kali Linux can be used for many things, but it probably is best known for its ability to penetration test, or “hack,” WPA and WPA2 networks. There are hundreds of Windows applications that claim they can hack WPA; don’t get them! They’re just scams, used by professional hackers, to lure newbie or wannabe hackers into getting hacked themselves. There is only one way that hackers get into your network, and that is with a Linux-based OS, a wireless card capable of monitor mode, and aircrack-ng or similar. Also note that, even with these tools, Wi-Fi cracking is not for beginners. Playing with it requires basic knowledge of how WPA authentication works, and moderate familiarity with Kali Linux and its tools, so any hacker who gains access to your network probably is no beginner!
These are things that you’ll need:
A successful install of Kali Linux (which you probably already have done). If not, follow my tutorial here: http://lewiscomputerhow
to.blogspot.com/complete-guide-on-how-to-install-kali.html
A wireless adapter capable of injection/
monitor mode, here is a list of the best: http://
blackmoreops.com/recommended-usb-
wireless-cards-kali-linux
A wordlist to try and “crack” the handshake password once it has been captured
Time and patients
If you have these then roll up your sleeves and let’s see how secure your network is!
Important notice: Hacking into anyone’s Wi-Fi without permission is considered an illegal act or crime in most countries. We are performing this tutorial for the sake of penetration testing, hacking to become more secure, and are using our own test network and router.
By reading and/or using the information below, you are agreeing to our Disclaimer
Step One:
Start Kali Linux and login, preferably as root.
Step Two:
Plugin your injection-capable wireless adapter, (Unless your computer card supports it). If you’re using Kali in VMware, then you might have to connect the card via the icon in the device menu.
Step Three:
Disconnect from all wireless networks, open a Terminal, and type airmon-ng
This will list all of the wireless cards that support monitor (not injection) mode. If no cards are listed, try disconnecting and reconnecting the card and check that it supports monitor mode. You can check if the card supports monitor mode by typing ifconfig
in another terminal, if the card is listed in ifconfig, but doesn’t show up in airmon-ng, then the card doesn’t support it.
You can see here that my card supports monitor mode and that it’s listed as wlan0 .
Step Four:
Type airmon-ng start followed by the interface of your wireless card. mine is wlan0 , so my command would be: airmon-ng start wlan0
The “(monitor mode enabled)” message means that the card has successfully been put into monitor mode. Note the name of the new monitor interface, mon0.
EDIT:
A bug recently discovered in Kali Linux makes airmon-ng set the channel as a fixed “ -1 ” when you first enable mon0 . If you receive this error, or simply do not want to take the chance, follow these steps after enabling mon0:
Type: ifconfig [interface of wireless card] down and hit Enter.
Replace [interface of wireless card] with the name of the interface that you enabled mon0 on; probably called wlan0 . This disables the wireless card from connecting to the internet, allowing it to focus on monitor mode instead.
After you have disabled mon0 (completed the wireless section of the tutorial), you’ll need to enable wlan0 (or name of wireless interface), by typing: ifconfig [interface of wireless card] up and pressing Enter.
Step Five:
Type airodump-ng followed by the name of the new monitor interface, which is probably
mon0.
If you receive a “ fixed channel –1” error, see the Edit above.
Step Six:
Airodump will now list all of the wireless networks in your area, and lots of useful information about them. Locate your network or the network that you have permission to penetration test. Once you’ve spotted your network on the ever-populating list, hit Ctrl + C
on your keyboard to stop the process. Note the channel of your target network.
Step Seven:
Copy the BSSID of the target network
Now type this command:
airodump-ng -c [channel] --bssid [bssid] -w /root/Desktop/ [monitor interface]
Replace [channel] with the channel of your target network. Paste the network BSSID where [bssid] is, and replace [monitor interface] with the name of your monitor-enabled interface, (mon0 ).
A complete command should look like this:
airodump-ng -c 10 --bssid 00:14:BF:E0:E8:D5 -w /root/Desktop/ mon0
Now press enter.
Step Eight:
Airodump with now monitor only the target network, allowing us to capture more specific information about it. What we’re really doing now is waiting for a device to connect or reconnect to the network, forcing the router to send out the four-way handshake that we need to capture in order to crack the password.
Also, four files should show up on your desktop, this is where the handshake will be saved when captured, so don’t delete them!
But we’re not really going to wait for a device to connect, no, that’s not what impatient hackers do. We’re actually going to use another cool-tool that belongs to the aircrack suite called aireplay-ng, to speed up the process. Instead of waiting for a device to connect, hackers use this tool to force a device to reconnect by sending deauthenticatio
n (deauth) packets to the device, making it think that it has to reconnect with the router.
Of course, in order for this tool to work, there has to be someone else connected to the network first, so watch the airodump-ng and wait for a client to show up. It might take a long time, or it might only take a second before the first one shows. If none show up after a lengthy wait, then the network might be empty right now, or you’re to far away from the network.
You can see in this picture, that a client has appeared on our network, allowing us to start the next step.
Step Nine:
leave airodump-ng running and open a second terminal. In this terminal, type this command:
aireplay-ng –0 2 –a [router bssid] –c [client bssid] mon0
The –0 is a short cut for the deauth mode and the 2 is the number of deauth packets to send.
-a indicates the access point (router)’s bssid, replace [router bssid] with the BSSID of the target network, which in my case, is 00:14:BF:E0:E8:D5.
-c indicates the clients BSSID, noted in the previous picture. Replace the [client bssid] with the BSSID of the connected client, this will be listed under “STATION.”
And of course, mon0 merely means the monitor interface, change it if yours is different.
My complete command looks like this:
aireplay-ng –0 2 –a 00:14:BF:E0:E8:D5 –c 4C:EB:42:59:DE:31 mon0
Step Ten:
Upon hitting Enter, you’ll see aireplay-ng send the packets, and within moments, you should see this message appear on the airodump-ng screen!
This means that the handshake has been captured, the password is in the hacker’s hands, in some form or another. You can close the aireplay-ng terminal and hit Ctrl + C on the airodump-ng terminal to stop monitoring the network, but don’t close it yet just incase you need some of the information later.
Step 11:
This concludes the external part of this tutorial. From now on, the process is entirely between your computer, and those four files on your Desktop. Actually, the .cap one, that is important. Open a new Terminal, and type in this command:
aircrack-ng -a2 -b [router bssid] -w [path to wordlist] /root/Desktop/*.cap
-a is the method aircrack will use to crack the handshake, 2=WPA method.
-b stands for bssid, replace [router bssid] with the BSSID of the target router, mine is 00:14:BF:E0:E8:D5.
-w stands for wordlist, replace [path to wordlist] with the path to a wordlist that you have downloaded. I have a wordlist called “wpa.txt” in the root folder.
/root/Desktop/*.cap is the path to the .cap file containing the password, the * means wild card in Linux, and since I’m assuming that there are no other .cap files on your Desktop, this should work fine the way it is.
My complete command looks like this:
aircrack-ng –a2 –b 00:14:BF:E0:E8:D5 –w /root/wpa.txt /root/Desktop/*.cap
Now press Enter.
Step 12:
Aircrack-ng will now launch into the process of cracking the password. However, it will only crack it if the password happens to be in the wordlist that you’ve selected. Sometimes, it’s not. If this is the case, then you can congratulate the owner on being “Impenetrable,” of course, only after you’ve tried every wordlist that a hacker might use or make!
Cracking the password might take a long time depending on the size of the wordlist. Mine went very quickly.
If the phrase is in the wordlist, then aircrack-ng will show it too you like this:
The passphrase to our test-network was “notsecure,” and you can see here that aircrack found it.
If you find the password without a decent struggle, then change your password, if it’s your network. If you’re penetration testing for someone, then tell them to change their password as soon as possible.
Saturday, 24 October 2015
Hackers club
hackingzz.blogspot.in/?m=1