We bring a new audit manual for the new Backtrack 5 Revolution. Without doubt, the best Linux distribution for wireless audits. This manual is valid for use with cards Ralink chipset Crotalus 2000mW with Realtek 3070L or 8187L. Also worth other party adapters with the same chipset.
Again, we must remember that this distribution is not designed for criminal purposes. Thus the responsibility of the use made of it, depends solely on you. Make good use of this information.
Let the mess. The first step is to put our network card in monitor mode, so that we open a terminal and type the following command: airmon-ng start wlan0
We note that we put this message: "monitor mode enabled on mon0". This means that monitor mode is enabled on an interface called mon0. Is what we will use from now on.
The next step is to scan the networks that surround us, so we wrote in the terminal: airodump-ng mon0. Leave to seek a few seconds and then stopped with Ctrl + c. We have to stay with this data in the target network: BSSID ( MAC address), CH (channel) and ESSID (network name).
Now we have to partner with the target network to capture the handshake. The handshake is a special package that is transmitted when a client connects to an access point, is an English word meaning "handshake". To make this association we have to write in a terminal: airodump-ng-c CHANNEL-bssid BSSID-w filename mon0
CHANNEL: here we have to put the channel on the target network.
BSSID: MAC address of the access point.
Filename: You choose a file name where we store the data that we capture.
Once accepted the command we will get the following screen:
Now let's see if we have captured the handshake, for this we will open the terminal and if we had succeeded will appear top right MAC WPA handshake. You can see in the image below:
Once we have the handshake is the last step, the dictionary attack. This form of attack is to find the WPA passphrase in a text file and if it matches the password with a dictionary word shown us. This is a link one of the best dictionaries that we found on the web:
- MegaDiccionario
If we succeed we will get the key:
NOTE: If we work with a dictionary dictionary change and we can try again. The key is patience even if a password is most likely not in the dictionary.
Update
We quote some of the cards we've tested and work perfectly with the steps we take in this manual:
- Crota-AL200
- CRT500
- CROTA1200MW
- CROTA2000N-RA
- CROTAMAXN
- AWUS036H
- AWUS036NH