Cracking WPA Keys with Aircrack


I received an interesting email from my brother in-law today asking me if Aircrack could crack WPA keys. I sent him this link to a how-to tutorial hosted on Wiretapped. It illustrated cracking WPA keys in 10 easy steps in less than 10 minutes. This is why WEP, WPA, and other wireless security protocols should never be used without some type of host identification mechanism.

  1. #1 by Keatron on March 28, 2006 - 11:15 pm

    Good job with the site. Keep up the good work.

    Keatron Evans, CISSP

  2. #2 by lee on July 22, 2006 - 10:14 am

    excelent. iv been looking all over for something like this.
    your site dosnt show up on a google search which i normally use, i found it with the all in one search tool search.com
    tx again folks im gonna get cracking on. (purely for educational reasons).

  3. #3 by jjoijvjr on November 6, 2006 - 5:03 am

    fhhxyçg_jhgjbjhviohsoihhhr

  4. #4 by Jay T on November 25, 2006 - 6:04 pm

    Good tutorial. Would have been better if the music playing didn’t sound like shit.

  5. #5 by Goofyz on December 6, 2006 - 7:26 pm

    great show on how to crack WPA encryption. only question is how may ppl know UNIX/linux to crack and follow the cracking sequence? every one has to remember the average user cant even encrypt WEP with out problems.

  6. #6 by Xcalie on December 23, 2006 - 3:51 am

    You also have to realize that none of this can be done on a windows OS, Windows OS’s drivers do not support injection. It is also easier to configure, use and develop tools like this on a linux box because of the support available.

  7. #7 by arvee on January 8, 2007 - 12:56 am

    is a good vid…but alot of people are using backtrack 2 now and the commands differ a little..if anyone can post the same commands to use in bt2 would be very helpful

  8. #8 by Jordan on February 5, 2007 - 9:47 am

    I tried BT2, didnt get on with it –
    Afterall it still is BETA.
    The best way, for me at least is to use BT1 Final and update the Aircrack software to aircrack-ng suite.. Maximum compatibility, better drivers and you can use the same comand lines as above.

    Stay with BT1. period.

    :)

  9. #9 by ciphex on February 16, 2007 - 2:58 am

    Isn’t the issue here that the key is a dictionary word? What happens if someone uses a sensible ‘password’ policy for choosing WPA keys? The brute force wont work presumably?

    This seems an easy way to stop this kind of attack?

  10. #10 by laider on March 4, 2007 - 11:47 am

    hi.
    how can i find a passphrase?

  11. #11 by Jeannot on March 13, 2007 - 4:12 pm

    use dictionnary generators. the idea is to deautenthicate (disconnect) the user, make him send initial packets with the initial key derivated from the passphrase and brute force on these packets to find the passphrase.
    the point is to have a good dictionnary, period. in that sense, wpa isn’t weak at all, especially with long passphrases.

  12. #12 by Zombi2 on April 13, 2007 - 6:51 am

    How do you install a good Dictionary to backtrack v1 and crack WPA does anyone have a good method or help guide to crack a WPA thanks.

  13. #13 by Zombi2 on April 14, 2007 - 6:27 pm

    I tried to crack WPA-psk by following the Video tutorial and ran the command-as follow
    -0 1 -a (mac AP) (interface my case wlan0)

    it creates a handshake but it keeps running on and on. Can someone tell me if they had any luck thanks…..

  14. #14 by scriptkiddie on June 28, 2007 - 6:08 am

    Could anybody insert a link for downloading aircrack for windows? Pls

  15. #16 by Tim S on November 24, 2007 - 1:16 pm

    umm i know this post is a little late. but for anyone reading it is possible to use packet injection in windows.
    you still need an atheros based chipset. search for “commview” drivers on google ect. then when you start airserv-ng in command prompt direct it to commview drivers {airserv-ng -d “commview.dll|debug” -c 6 -p 12345} you can only use the packet replay attack in windows but if you know what packets your looking for then its as good as linux. feel free to shoot me a line / question. “timster311@hotmail.com”

  16. #17 by xxx on March 23, 2008 - 2:56 pm

    Nice trick, but you will not hack my WPA protected network, because I do not use so easy and simple passwords :-) If I had a password like “0gvd0fg74d9h8oyb873bfydvw847w28e” you will not be able to bruteforce it anyhow :D

  17. #18 by Dan on July 2, 2008 - 1:47 pm

    To everyone saying that WPA is secure because you can use a strong passphrase:

    True, but how many people in the real world actually use strong passwords? For most businesses, a strong password is hard to remember, and they opt for a dictionary word, often the name of the business or variation thereof.

    This attack is totally valid for 90% of the WPA APs out there, since most people don’t use a strong password.

  18. #19 by DRiFTn3 on August 17, 2008 - 6:43 am

    i use backtrack v3 beta but what are they using in this video, i tried SLAX it didnt accept the first command, backtrack i managed to get it happening with some understand using airodump and putting airodump-ng on the end buit the 0 out 3 shit how that work with it, if i can work out what there using i can do it. the thing is, is it slax, ubuntu, backtrack what???, this video goes thru so much detail but it doesnt even say what to use to do it, maybe making a video with backtrack 2 or B3 would be nice. thankx

  19. #20 by Joe on September 13, 2008 - 10:56 am

    thanks bro, but i have question to you about make adhoc
    in linux. how do we make linux connected with windows on ad-hoc?

  20. #21 by Praveen on September 17, 2008 - 6:51 pm

    Plz tell me ..what linux should i use ?

  21. #22 by brandon on September 19, 2008 - 9:03 am

    @xxx
    “If I had a password like “0gvd0fg74d9h8oyb873bfydvw847w28e” you will not be able to bruteforce it anyhow”

    I love people who pick passwords like that… Its very unlikely that they have memorized something like that. It will be written down somewhere…

    People really need to learn about picking “secure” passwords.

  22. #23 by asshole on September 20, 2008 - 3:47 pm

    Nice video. I use BT3 to hack WEP. I never succeeded in hacking WPA bec I don’t have a strong dictionary. Im an asshole. :D

  23. #24 by Bill of Poway on May 3, 2009 - 5:18 pm

    brandon,
    Since the main purpose of a strong (WPA) password is to keep outsiders from accessing your wireless I don’t see what the problem is with writing it down. Also, once set up is it necessary to remember it each time you use the computer? So you keep the passphrase in the safe or wherever. Here is a great passphrase generator: http://www.kurtm.net/wpa-pskgen/
    It made me this in 1/10th second: x9C&|%B9(q-rT%k/^WDNo82+.Zma!mVN9@={SlN8(Sln#06yn1MR4|V_qbwG/H^
    Crack that you crackheads!! lol

  24. #25 by Fidel Cashflow on August 18, 2009 - 8:02 am

    Hi Zombi
    Could you please help me with your video tutorial let me give it a try?
    Thanks
    paul_fru@yahoo.com

  25. #26 by israel on August 18, 2009 - 8:13 am

    good job

  26. #27 by mike on September 3, 2009 - 8:26 pm

    x9C&|%B9(q-rT%k/^WDNo82+.Zma!mVN9@={SlN8(Sln#06yn1MR4|V_qbwG/H^
    cracked lmao… another way to make a strong passcode is to think of a phrase like im singing in the rain, take just the letters, isitr, then change the some letters to numbers ect… 1$iTr then add extra caracters as well such as +1$iTr€, some routers do not allow certain caracters but if you do this to a long phrase then it establishes a stronger passcode that can be eaisly remembered to… and if you really wanted to get more secure, use caracter map on your computer and use symbols instead of caracters, also as mentioned above, NEVER save passcodes on any computer, it is to keep people outside out, so write it down if you need to, and when your not home, power off your router which restricts hackers access when your not home, or not using the internet

  27. #28 by TooTiredRightNow on December 18, 2009 - 7:36 am

    For a secure password you can mix things up a bit. to make it easy to remember (no need to write it down) use a common word. However mix in numbers and special characters. Example, instead of the letter ‘a’ use @. use number 1 instead of lowercase L. Stuff like that. You can gnerate a password difficult to break but still setup something easy to remember.

  28. #29 by purehate on January 18, 2010 - 3:06 pm

    Online wpa password cracker

    http://tools.question-defense.com

  29. #30 by Dave on January 26, 2010 - 7:01 pm

    It’s so true that tough passwords will be written down! but the corollary to that axiom is that the cracker has to gain physical access to the site, find the place where the password is written down without being discovered, and exit the site without being caught.

    That being said, I was hosting 3 ethical hackers doing penetration testing for my organization. One of their laptops keyboards started flaking out. They asked me if I had a spare keyboard I could loan them. I said “Sure”, and went to the store-room and grabbed a spare keyboard.

    I gave it to them, and they jokingly (I thought), said, “Let’s look on the bottom for passwords!”.

    They turned the keyboard over, and sure enough, stuck to the bottom of the keyboard, there were 5 or 6 stickies, with long passwords written on them!

    Lesson learned!

  30. #31 by tony on February 10, 2010 - 4:07 am

    I have captured wpa handshake and I tried some wordlist with aircrack
    but aircrack didn’t find the password…
    If anyone can help my here is my cap file http://www.4shared.com/file/195846133/1b793e0/cap_file.html

    and this is my email : tony.nahhat@yahoo.com
    please help me
    [add comment]

  31. #32 by Lara Croft on March 8, 2010 - 7:33 pm

    Password lists:
    I downloaded from btjunkie the next lists:
    wordlist.7z (unpacked 2.1GB)
    WPA-PSK WORDLIST 2 (107 MB).rar
    WPA-PSK WORDLIST (40 MB).rar
    wordlists.ace
    Unpack all lists and rename to list1, list2….
    Make a directory in the filesystem /list/
    and copy all the lists in this directory.

  32. #33 by atasözleri on March 12, 2010 - 7:54 am

    thank you working very fine.

    I like speeder program. Please anyone help me!

  33. #34 by praew on March 15, 2010 - 11:48 pm

    I can’t watch it I need to hack the wireless but the problem is i don ‘t know how to install the dictionaries
    help me
    dark-mocha@hotmail.com

  34. #35 by dyuane on February 11, 2011 - 7:54 pm

    thanks for the info. I new to linux and trying aircrack-ng. I learning alot.

  35. #36 by sanam on May 9, 2011 - 5:21 am

    hey,if someone has save the page of hacking,plz forward me to my mail address(sanam_pudasaini1991@yahoo.com)….help me

  36. #37 by nassomexe on May 12, 2011 - 3:40 am

    Joe :thanks bro, but i have question to you about make adhocin linux. how do we make linux connected with windows on ad-hoc?

    türk müsün la :D

  37. #38 by RJ on November 5, 2011 - 8:35 am

    i need your help for wpa password hack.please give me good dicnationary please.

  38. #39 by mohammad on December 4, 2011 - 2:52 am

    Dearr sir

    I visit the your web site and veru good information

    Qustion : I want software for Hack password WPA and WPA2 pleses send the software for attack thank you and I’m waiting
    best regards
    Mohammad
    UAE

(will not be published)