Follow this simple guide. But you will need to prepare some tools before you can start cracking!
Let the games BEGIN!
Firstly, you will need a software known as BackTrack
BackTrack is a bootable Linux distribution that's full off network testing tools.
Head over to this link to get your own copy of BackTrack
http://www.backtrack-linux.org/downloads/
As of this writing, you should select BackTrack 5 R3 from the Release drop-down, select Gnome, 32- or 64-bit depending on your CPU (if you don't know which you have, 32 is a safe bet), ISO for image, and then download the ISO.
I bet most of you would not have a physical DVD drive with your laptops nowadays, so you need not worry. What you need to do is to use a USB drive or any removable drive for that matter and have BackTrack boot from the USB drive.
To do this, you will need an external program to load Backtrack into the USB drive.
Head over to this link to learn how,
http://www.backtrack-linux.org/tutorials/usb-live-install/
Note: You need to use Unetbootin to load Backtrack into USB drive. Follow the instructions there.
After that you are all set!
We'll start with WEP cracking! This will be easier and quicker that WPA cracking.
First, you will need to know whether your wireless card in your computer or laptop is capable of packet injection.
To do this you need to boot into Backtrack. Note: you cannot run backtrack in Windows. You need to restart your system and boot from your USB drive that is loaded with backtrack.
After booting into backtrack, type startx in the command line to start up the user interface.
type
iwconfig
then you have to put your wireless card into monitor mode
type
airmon-ng start wlan0
assuming your wireless interface name is wlan0Then you will have to check whether your modem supports packet injection or not. You can use this command line.
aireplay-ng -9 wlan0
When the system responds injection is OK. means your wireless card works!
After that, you will have to find out what wireless networks are available.
Type
airodump-ng mon0
running airodump-ng displays all wireless access points and associated clients in range, as well as MAC addresses, SSIDs, signal levels and other information about them.
Press Ctrl + C to stop the scanning
Then you can pick your victim and start the real cracking process!
Type
airodump-ng -c 6 --bssid 00:0F:CC:7D:5A:74 -w data mon0
the above command will capture packets of data from the specificed MAC address. These packets of data will be used to decipher the wifi password of the specified network.
airodump-ng -c 6 --bssid 00:0F:CC:7D:5A:74 -w data mon0
the number 6 is the specific channel for the wifi network
00:0F:CC:7D:5A:74 is the MAC address for the router AP
data is the name of the file that the packets of data is captured in.
Notes:
You typically need between 20,000 and 40,000 data packets to successfully recover a WEP key.
WEP cracking is a simple process, only requiring collection of enough data to then extract the key and connect to the network. You can crack the WEP key while capturing data. In fact, aircrack-ng will re-attempt cracking the key after every 5000 packets.
To attempt recovering the WEP key, open a new terminal window, type:
aircrack-ng data-01.cap (assuming your capture file is called data...cap, and is located in the same directory)
Then you just need to wait for the system to crack and deliver you with the WEP key!
Presto!
You can refer to the websites below for illustrations.
For WPA cracking you can refer to lifehacker's website, they have a comprehensive guide on how to crack WPA passwords with a brute force attack.
Enjoy!
Reference:
http://www.speedguide.net/articles/how-to-crack-wep-and-wpa-wireless-networks-2724
http://lifehacker.com/5873407/how-to-crack-a-wi+fi-networks-wpa-password-with-reaver
