How to hack wireless internet connections using aircrack-ng
1. How to Hack WPA (Wi-FiHow to Hack WPA (Wi-Fi
Protected Access) WirelessProtected Access) Wireless
Internet Using Aircrack-ngInternet Using Aircrack-ng
Presented By:Presented By:
Nikesh BalamiNikesh Balami
2. This presentation is intended to inform theThis presentation is intended to inform the
audience about methods used to “Hack”audience about methods used to “Hack”
wireless internet connections, not for anywireless internet connections, not for any
malicious use but strictly for educationalmalicious use but strictly for educational
purposes and personal intentions such aspurposes and personal intentions such as
recovering a misplaced network key forrecovering a misplaced network key for
the users own wireless connection.the users own wireless connection.
3. WPA or WPA2WPA or WPA2
Stands for Wi-Fi Protected AccessStands for Wi-Fi Protected Access
Created to provide stronger securityCreated to provide stronger security
Still able to be cracked if a short password isStill able to be cracked if a short password is
used.used.
WPA 1WPA 1
–– Based on 3rd draft of 802.11iBased on 3rd draft of 802.11i
–– Uses TKIPUses TKIP
–– Backward compatible with old hardwareBackward compatible with old hardware
WPA 2WPA 2
––Based on 802.11iBased on 802.11i
–– Uses CCMP (AES)Uses CCMP (AES)
–– Not compatible with old hardwareNot compatible with old hardware
4. Aircrack-ngAircrack-ng
““Aircrack-ng is an 802.11 WEP and WPA-PSKAircrack-ng is an 802.11 WEP and WPA-PSK
keys cracking program that can recover keyskeys cracking program that can recover keys
once enough data packets have been captured.once enough data packets have been captured.
It implements the standard FMS attack alongIt implements the standard FMS attack along
with some optimizations like KoreK attacks, aswith some optimizations like KoreK attacks, as
well as the all-new PTW attack, thus making thewell as the all-new PTW attack, thus making the
attack much faster compared to other WEPattack much faster compared to other WEP
cracking tools. In fact, Aircrack-ng is a set ofcracking tools. In fact, Aircrack-ng is a set of
tools for auditing wireless networks.”tools for auditing wireless networks.”
5. Tools used in this PresentationTools used in this Presentation
Wi-Fi BoosterWi-Fi Booster
VMware WorkstationVMware Workstation
Backtrack 5 r3Backtrack 5 r3
6. Wi-Fi BoosterWi-Fi Booster
o Make broadband wireless in possibleMake broadband wireless in possible
coveragecoverage
o Strengthen radio signal to increase theStrengthen radio signal to increase the
effective range and coverage area foreffective range and coverage area for
Wi-Fi communicationWi-Fi communication
o Install easily, just plug in and playInstall easily, just plug in and play
o Save lots of wiring costsSave lots of wiring costs
7. VMware WorkstationVMware Workstation
Secure way to run multiple operatingSecure way to run multiple operating
systems at the same time.systems at the same time.
It is an integral component of any seriousIt is an integral component of any serious
technical professional’s toolkit.technical professional’s toolkit.
It offers the broadest host and guestIt offers the broadest host and guest
operating system support, the richest useroperating system support, the richest user
experience, and the most comprehensiveexperience, and the most comprehensive
feature set.feature set.
8. BacktrackBacktrack
Backtrack is an operating systemBacktrack is an operating system
based on the Ubuntu GNU/Linuxbased on the Ubuntu GNU/Linux
distribution aimed at digital forensicsdistribution aimed at digital forensics
and penetration testing use. It is namedand penetration testing use. It is named
after backtracking, a search algorithm.after backtracking, a search algorithm.
The current version is Backtrack 5,The current version is Backtrack 5,
code name “Revolution.”code name “Revolution.”
9. Backtrack ToolsBacktrack Tools
BackTrack includes many well known security tools including:BackTrack includes many well known security tools including:
o Metasploit integrationMetasploit integration
o RFMON Injection capable wireless driversRFMON Injection capable wireless drivers
o Aircrack-NGAircrack-NG
o KismetKismet
o NmapNmap
o OphcrackOphcrack
o EttercapEttercap
o Wireshark (formerly known as Ethereal)Wireshark (formerly known as Ethereal)
o BeEF (Browser Exploitation Framework)BeEF (Browser Exploitation Framework)
o HydraHydra
10. ProcessProcess
Install a VMware workstation on yourInstall a VMware workstation on your
ComputerComputer
Open the Vmware workstation and installOpen the Vmware workstation and install
Backtrack 5 r3 on itBacktrack 5 r3 on it
After completing installationAfter completing installation
Go to VM>Removable DeviceGo to VM>Removable Device
And now connect your Wi-Fi Booster orAnd now connect your Wi-Fi Booster or
Wi-Fi Receiver on itWi-Fi Receiver on it
11. Process Cont…Process Cont…
Now after doing all of this your BacktrackNow after doing all of this your Backtrack
5 r3 is ready to use5 r3 is ready to use
Open the Terminal of backtrack 5 r3Open the Terminal of backtrack 5 r3
And type “And type “airmon-ngairmon-ng” to check our Wi-Fi” to check our Wi-Fi
Booster works on it or notBooster works on it or not
Again type “Again type “airmon-ng start wlan0airmon-ng start wlan0” to” to
create a new mon0 interfacecreate a new mon0 interface
12. How To See Weather OurHow To See Weather Our
Booster Works Or NotBooster Works Or Not
13. Process Cont…Process Cont…
Now type “Now type “airodump-ng mon0airodump-ng mon0” to see the” to see the
connection and use “connection and use “wash –i mon0wash –i mon0” to see” to see
the WPS “ON” connectionthe WPS “ON” connection
After successful completion of the processAfter successful completion of the process
you will see the BSSID of the connectionyou will see the BSSID of the connection
at the first line . Copy that BSSID andat the first line . Copy that BSSID and
keep it at the safe.keep it at the safe.
15. Process Cont…Process Cont…
Last step . Attacking the connection usingLast step . Attacking the connection using
reaverreaver
Type the code at the Terminal “Type the code at the Terminal “reaver –ireaver –i
mon0 –b <<paste the BSSID over hear>>mon0 –b <<paste the BSSID over hear>>
-vv-vv””
After waiting for an hours you will got theAfter waiting for an hours you will got the
keykey