Backtrack Wireless Hacking Download

 admin

Book: Backtrack 5 Wireless Penetration Testing by Vivek Ramachandran. This book will provide a highly technical and in-depth treatment of Wi-Fi security. The emphasis will be to provide the readers with a deep understanding of the principles behind various attacks and not just a quick how-to guide on publicly available tools. Now lets sniff packets from our own access point. To do this, we are going to use airodump-ng. Airodump-ng is used to capture wireless packets which have WEP encryption with the idea that you will use aircrack-ng (don’t worry, we’ll get to that soon). New in BackTrack 5 R2: After months of development, bug fixes, upgrades, and the addition of 42 new tools, we are happy to announce the full release of BackTrack 5 R2 available for download now. Running our custom-built 3.2.6 kernel with the best wireless support available, this is our fastest and best.

What you will learn:-

  1. Different method of cracking WPA/WPA2.
  2. Cracking WPA/WPA2 with REAVAR.
  3. Working of WPS.
  4. Securing your Wireless LAN.

What you should Know:-

  1. Back Track 5 or basic Linux command.
  2. Setting up wireless router.

Lead:-

By the year 2001 hacking attacks on WEP (Wired Equivalent Privacy) had grown with the information shared on the internet and by then it has become necessary for IEEE (Institute of Electrical and Electronic Engineers) to come up with better security mechanisms. In the year 2003 IEEE and Wi-Fi alliance had come up with Wi-Fi Protected Access (WPA) which was also known as bullet proof security for the Wi-Fi devised. But as the technology grown different type of attack has taken place for cracking the WPA/WPA2. In rest of the article we will be seeing the most recent type of attack for cracking WPA/WPA2 with using the tool REAVAR.

INTRODUCTIONS:-

WPA/WPA2 as you know they are the security standards to make the secure connection and data exchange between the 2 or more mobile device wirelessly which support wireless data exchange standards. In current time WPA/WPA2 is the highest level of the security policy in WLAN which comes with the different encryption algorithm such as TKIP (Temporal Key Integrity Protocol) or AES (Advance encryption Standards). As the use of WPA/WPA2 grown over the years in all part of the world several research have been conducted over how to break the WPA/WPA2 security even they are still going on.

When comparing WPA/WPA2 with the WEP we can see some major difference as below

  1. WPA/WPA2 comes up with stronger authentication mechanism then WEP
  2. WPA/WPA2 comes with longer key then WEP. 48bits IV and 128bits Masters key.
  3. WPA comes with TKIP (Temporal Key Integrity Protocol) encryption and WPA2 comes with the AES (Advance encryption Standards) encryptions
  4. WPA/WPA2 comes with message integrity code (MIC) or cryptographic check sum to check the integrity of the message.

Even after this much improvement in the security there is open loop holes because of this WPA/WPA2 key cracking was made possible. We will see what are different methods by which you can crack WPA/WPA2 and how the tool Reavar was used to do this. Reavar is the most resent way by which WPA/WPA2 cracking was made possible.

WHAT ARE THE DIFFERENT METHOD FOR CRACKING WPA/WPA2 AND SOME BRIEF ABOUT THEM?

We can use following methodology for cracking the WPA/WPA2.

  1. Dictionary Attack
  2. Brute Force attack.
  3. Cloud Based cracking.
  4. Reavar Attack (Will see in the detail later part of this article)

Dictionary Attack:- In this type of attack on WPA/WPA2 attacker try to create the dictionary of all the possible list of the password and once it receive the handshake of WPA/WPA2 then attacker try to compare all the letter in Dictionary to find out if there is any matching password is there. If he was lucky enough he will get the key (password) for the wireless device else try something other.

Tool : aircrack-ng, pyrit etc

Brute Force Attack:- This is one of the traditional way of cracking the key. In this attack after getting the handshake attacker tries all the possible combination of alphabets, numbers and symbols. This type of attack will surely give you the key but it will going to take time based on the password complexity. So to speed up the process you required more the resource.

Tool:- aircrak-ng, cain n able, john the ripper etc.

Cloud Based Cracking:- A single PC have the limited resource in terms of the processing power so it can take more than years for carking the password for WPA/WPA2. So to speed up the process there are some cloud based services which provides the processing the power of 100s of CPU and makes the cracking in 20 min for which it is going take the more the year or 10.

Tool:- https://www.cloudcracker.com/ , http://wpa.darkircop.org/http://gpuhash.com/ , http://www.onlinehashcrack.com/WPA-WPA2-RSNA-PSK-crack.php, http://www.onlinehashcrack.com/how_to_crack_WPA-WPA2-networks.php

HOW TO CRACK WPA/WPA2 USING REAVAR?

Let’s see how reavar cracks the WPA/WPA2. But before using reavar we should know how it works.

Reavar does not traditionally attack the key of WPA/WPA2 instead it attacks the Pin based WPS (Wi-Fi Protected Setup) services on the AP (Access Point). What is WPS? Well WPS is “designed to ease the task of setting up and configuring security on wireless local area networks. WPS enables typical users who possess little understanding of traditional Wi-Fi configuration and security settings to automatically configure new wireless networks, add new devices and enable security.”

Wireless routers with WPS built-in ship with a personal identification number (PIN – usually 8 digits) printed on them. Using WPS, the user can enable strong encryption for the wireless network simply by pushing a button on the router and then entering the PIN in a network setup wizard designed to interact with the router. But according to new research, routers with WPS are vulnerable to a very basic hacking technique: The brute-force attack. Put simply, an attacker can try thousands of combinations in rapid succession until it happens on the correct 8-digit PIN that allows authentication to the device. It can take from 2 HR to 10 HR to recover the key so have patience.

This is how the REAVAR tool works. Its attacks the WPS services try to brute force the 8 Digit PIN. Once the WPS PIN is cracked you can get the longest key for the WPA/WPA2 with in a second. We will see the next how it is done.

Requirement:-

SOFTWARE:-

  • BACKTRACK 5 OS ISO http://www.backtrack-linux.org/downloads/
  • Unetbootin http://unetbootin.sourceforge.net/

HARDWARE:-

  • Computer with wireless card adapter which is capable to work on BACK TRACK

List of back track supported wireless card can be found on below link.

  • One Access point or WLAN which is working on WPA/WPA2 security.
  • One 4 GB USB drive or DVD

First of all you have to burn the ISO image on the DVD. I have made my USB drive bootable using the Unetbooting application. The process of making pen drive bootable can be found on following link. http://unetbootin.sourceforge.net/#install

Once you have bootable DVD or USB then you have to change the boot priority in BISO from hard disk to USB media or to CD ROM in case if you are using the DVD. Steps for changing boot priority can be found on following link http://www.hiren.info/pages/bios-boot-cdrom or Google it to search for you PC.

Once you have changed the boot priority and created the bootable DVD or USB, Now is time to boot the Backtrack OS. Insert the DVD or USB and restart the PC. Now boot the back track in text mode. Once boot process is completed type startx command on console and press ENTER, graphical user interface will be displayed for back track.

Now follow the steps mentioned below to crack the WPA/WPA2 key.

Let’s see how it works

Step 1:- Boot up router with WPA/WPA2 security settings with WPS.

To how to set WPA/WPA2 follow the below link

Backtrack Wireless Hacking Download Free

Step 2:- Boot up you Back Track 5r3

Once you done with this you can proceed further.

Step 3:- Setting up the Back Track wireless card in monitor mode

a. Check the weather your wireless card is detected by BT5. This can be done executing either of one command

i. airmon-ng

ii. iwconfig

In the Figure 1 we can see the BT5 has detected wlan0 interface.

b. Now put the wlan0 in monitor mode by executing the below command

Backtrack 5r3 Download Windows 10

airmon-ng start wlan0

Figure 2

In the figure 2 we can see that monitor mode was enabled on mon0 interface. Now we will you this interface for monitoring the traffic.

STEP 4:- Now let’s find out what all the different access point are working around us to choose the target. For this we have execute the below command on you BT5 terminal

airodump-ng mon0

mon0 is the interface which is in monitor mode.

You will see the output as below.

In the figure 3 you can see the different BSSID working around. We will crack the key for ESSID dlink which have WPA2 ENC.

Now you have the target to attack so just go for it.

STEP 5:- Just open a new terminal and fire the below command

Backtrack Download Iso

reavar -i mon0 –b (BSSID of target) -vv [enter]

-i is for the interface name.

-b is for the BSSID .

Figure 4

You can see in the figure 4 reavar is started working and it is doing the brute forcing work. Here you have be patience as this can take time from 2Hours to 10 Hours to try out all the possible combination for the WPS PIN.

Free Backtracks Download

See the figure 5 its trying the pin 1235678 in the above screen shot.

Figure 6

It shows the message like 0.05% completed and 4 seconds/pin in the speed of brute forcing.

After waiting for around 6 hours I have got what I wanted. It’s a 24 character WPA PSK password. The length of the key doesn’t matter in this case. Once you cracked the WPS PIN you can retrieve key of any length. These how Reavar works try it out yourself.

HOW TO SECURE WLAN?

  1. Used the complex password to make the dictionary and brute forcing attacks to take more time.
  2. Change the password on regular interval.
  3. See the log for any unauthorized access.
  4. Disable be the WPS service on router.
  5. Sometime disabling the WPS doesn’t works so check the whether you router really disabling the WPS service and take the action accordingly.
  6. Make sure range for the router are not big.
  7. Always use the latest security policy to avoid the breaches.

Conclusion:-

Backtrack os

I would like to conclude this article just by saying this much, as there is new implements are coming out for making the user experience easy and better somehow it having the impact on the security as in the case of WPS. WPS was made to make user experience more easy with the higher standards of WLAN (Wireless Local Area Network) security it leads to loop hole in system. But this is not the end of the road here, there is enhancement is going on to make WLAN security more tighter than ever. So just make sure you take all the possible security measure once you are aware of the issue so no one can take advantage of the same. BE SAFE AND BE SECURE.

Backtrack 3

For Extra References:-