HOW TO CRACK A WI-FI NETWORK WPA PASSWORD USING BACKTRACK 5R3

WHAT IS WPA?

The Wi-Fi Alliance intended WPA as an intermediate measure to take the place of WEP pending the availability of the full IEEE 802.11i standard. WPA could be implemented through firmware upgrades on wireless network interface cards designed for WEP that began shipping as far back as 1999. However, since the changes required in the wireless access points (APs) were more extensive than those needed on the network cards, most pre-2003 APs could not be upgraded to support WPA. WPA also includes a message integrity check. This is designed to prevent an attacker from capturing, altering and/or resending data packets.

But here the bad news....... a new freeeopen source software known as  Reaver exploits a security hole in WI-FI router and crack this type of passwords .

TOOLS REQUIRED:

1.BACKTRACK 5R3 OR REAVER (Which is pre installed in backtrack5r3 )

2. A CLOSED WI-FI NETWORK

LETS CRACK THE PASSWORD

STEP 1:

 To install Reaver, you'll first need to connect to a Wi-Fi network that you have the password to.P

1. Click Applications > Internet > Wicd Network Manager
2. Select your network and click Connect, enter your password if necessary, click OK, and then click Connect a second time.

Now that you're online, let's install Reaver. Click the Terminal button in the menu bar (or click Applications > Accessories > Terminal). At the prompt, type:P

apt-get update
P

And then, after the update completes:P

apt-get install reaver
P

If all went well, Reaver should now be installed. It may seem a little lame that you need to connect to a network to do this, but it will remain installed until you reboot your computer. At this point, go ahead and disconnect from the network by opening Wicd Network Manager again and clicking Disconnect. (You may not strictly need to do this. I did just because it felt like I was somehow cheating if I were already connected to a network.)

Step 2: Gather Your Device Information, Prepare for attackP

In order to use Reaver, you need to get your wireless card's interface name, the BSSID of the router you're attempting to crack (the BSSID is a unique series of letters and numbers that identifies a router), and you need to make sure your wireless card is in monitor mode. So let's do all that.P

Find your wireless card: Inside Terminal, type:P

iwconfig
P

Press Enter. You should see a wireless device in the subsequent list. Most likely, it'll be namedwlan0, but if you have more than one wireless card, or a more unusual networking setup, it may be named something different.

Put your wireless card into monitor mode: Assuming your wireless card's interface nameis wlan0, execute the following command to put your wireless card into monitor mode:P

airmon-ng start wlan0
P

This command will output the name of monitor mode interface, which you'll also want to make note of. Most likely, it'll be mon0, like in the screenshot below. Make note of that.P

Find the BSSID of the router you want to crack: Lastly, you need to get the unique identifier of the router you're attempting to crack so that you can point Reaver in the right direction. To do this, execute the following command:P

airodump-ng wlan0
P

(Note: If airodump-ng wlan0 doesn't work for you, you may want to try the monitor interface instead—e.g., airodump-ng mon0.)P

You'll see a list of the wireless networks in range—it'll look something like the screenshot below:P

When you see the network you want, press Ctrl+C to stop the list from refreshing, then copy that network's BSSID (it's the series of letters, numbers, and colons on the far left). The network should have WPA or WPA2 listed under the ENC column.P

Now, with the BSSID and monitor interface name in hand, you've got everything you need to start up Reaver.P

Step 4: Crack a Network's WPA Password with ReaverP

Now execute the following command in the Terminal, replacing bssid and moninterfacewith the BSSID and monitor interface and you copied down above:P

reaver -i moninterface -b bssid -vv
P

For example, if your monitor interface was mon0 like mine, and your BSSID was8D:AE:9F:65:1F:D2 (a BSSID I just made up), your command would look like:P

reaver -i mon0 -b 8D:AE:9F:65:1F:D2 -vv
P

Press Enter, sit back, and let Reaver work its disturbing magic. Reaver will now try a series of PINs on the router in a brute force attack, one after another. This will take a while. In my successful test, Reaver took 2 hours and 30 minutes to crack the network and deliver me with the correct password. As mentioned above, the Reaver documentation says it can take between 4 and 10 hours, so it could take more or less time than I experienced, depending. When Reaver's cracking has completed, it'll look like this:

P