Backtrack 5 Revolution Manual for WPA key
17. June, 2011 
77 Comments
We bring a new audit manual for the new Backtrack 5 Revolution. Without doubt, the best Linux distribution for wireless audits. This manual is valid for use with cards Ralink chipset Crotalus 2000mW with Realtek 3070L or 8187L. Also worth other party adapters with the same chipset.
Again, we must remember that this distribution is not designed for criminal purposes. Thus the responsibility of the use made of it, depends solely on you. Make good use of this information.
Let the mess. The first step is to put our network card in monitor mode, so that we open a terminal and type the following command: airmon-ng start wlan0
We note that we put this message: "monitor mode enabled on mon0". This means that monitor mode is enabled on an interface called mon0. Is what we will use from now on.
The next step is to scan the networks that surround us, so we wrote in the terminal: airodump-ng mon0. Leave to seek a few seconds and then stopped with Ctrl + c. We have to stay with this data in the target network: BSSID ( MAC address), CH (channel) and ESSID (network name).
Now we have to partner with the target network to capture the handshake. The handshake is a special package that is transmitted when a client connects to an access point, is an English word meaning "handshake". To make this association we have to write in a terminal: airodump-ng-c CHANNEL-bssid BSSID-w filename mon0
CHANNEL: here we have to put the channel on the target network.
BSSID: MAC address of the access point.
Filename: You choose a file name where we store the data that we capture.
Once accepted the command we will get the following screen:
Now let's open another terminal to capture the handshake. It is imperative that there is a connected client. To get the handshake have to disconnect the customer that is connected to re-connect, to do this we enter the following command: aireplay-ng-deauth 20-a BSSID-c CLIENT mon0
BSSID: MAC address of the access point.
CLIENT: the Mac client is connected to the access point.
Once we introduce the command will get a screen like this:
Now let's see if we have captured the handshake, for this we will open the terminal and if we had succeeded will appear top right MAC WPA handshake. You can see in the image below:
Once we have the handshake is the last step, the dictionary attack. This form of attack is to find the WPA passphrase in a text file and if it matches the password with a dictionary word shown us. This is a link one of the best dictionaries that we found on the web:
When we have dictionaries let's try to do a dictionary attack. For we wrote the following in another terminal: aircrack-ng-a 2-w / path / to / filename-01.cap dictionary
If we succeed we will get the key:
NOTE: If we work with a dictionary dictionary change and we can try again. The key is patience even if a password is most likely not in the dictionary.
Update
We quote some of the cards we've tested and work perfectly with the steps we take in this manual:
Obviously these are not the only compatible but these are the best we've tested.
Related Books
mmmmm
... Is the one and only ... my laptop acer aspire 5750g.
jooo ... if I have the black!
My other laptop has died.
then there is no solution?
.
HI, I have only a laptop acer 5750g Apire because the other has died just recently.
sniff, sniff.
then there is no solution?
joooo ...
ups ... I have cast a message! XD
hi, excellent manual, but I would like to know .... in back track 3, the application had spoonwep you did everything easier, is there an application BT5 like that, thanks
Hello, Manolo:
In the 5 have the Gerix backtrack. I think you are looking for this:
http://www.lacuevawifi.com/2011/07/07/manual-backtrack-5-revolution-para-wpa-usando-gerix/
A saludote!
Hello, I get all my almost perfect, but when you throw the handshake (aireplay-ng-deauth 20-a BSSID-c CLIENT mon0), I get what WPA handshake: MAC.
What could be wrong?, I have repeated several times, adding packets to the client, which gives me to understand that there is exchange of information, but then nothing.
Regards, and excellent tuto.
just a doubt is the same for wpa and wpa2. also like to know if it does not matter the type of authentication
LET'S SEE, I HAVE THE BACKTRACK 5, BUT WHEN I GET THE HANDSHAKE OF WIFI WPA2, ME Q ESPESIFIQUE DICTIONARY SAYS, THAT IS IN THE DICTIONARY CDROM / CASPER / WORD.LST, AS I DO FOR ME Q-W READ THE ADDRESS THAT? THANKS: $
Cuevawifi thank you very much this week when I have a hole you'll miss out "Gerix"
a greeting, one last thing, I've read some "wifite" what works?, thanks
PajaroMalo, chances are you will not work because there is no traffic. The customer has to do something with the network, browsing, downloading / uploading a file or doing a ping to the router (us to "make" the manual did the latter).
zer0, this tutorial does not apply to WPA2
Soyyo try to do the audit Gerix (leave a link) is much easier: http://www.lacuevawifi.com/2011/07/07/manual-backtrack-5-revolution-para-wpa-usando-gerix /
Manolo, we have not tried but looks interesting. As momentillo have a taste, and if successful will post a guide.
A saludote!
Where I can download the Audit BackTrack 5 Wireless?
Thank you,
Backtrack is not a program is a Linux distribution. Can be downloaded free from the official website of Backtrack:
http://www.backtrack-linux.org/downloads/
could make a tutorial to install windows BT5 with and how we do the partitions with gparted, please
Hey guys! on the official site of bt, are options to choose before you download, for example, in release: bt bt 5 R1 or 5
in WM FLAVOR: gnome or kde
What are the differences?
I just want to download it, burn it to cd and install it on my note ...
THANKS!
hello, my acer aspire 5750g fails to put me startx to get started on back track 4? a alludita please ......
Pam, GNOME and KDE are both graphical environments for Linux. Choose the one you like.
Hello
may update the links as closed dictionaries megaupload
thanks
Hello
may update the links as closed dictionaries megaupload IF NOT MUCH THE HASSLE ...
thanks
When you have your time, update links to new dictionaries, guys.
I'll be waiting for new links to the dictionaries.
Hello! thank you very much for the tute! peroo the diccionariooss? We screwed the fbi the mega ....
hehe good that we do, waiting dictionaries! 
dictionaries need
Well, I updated the link to dictionaries (finally). I put one of millions that I found online that seems to be very complete, the trouble is that heavy.
A greeting!
Well so far so good I just do not get the handshake up when I do after putting the deauth aireplay-ng-20-a BSSID-c CLIENT mon0 handshake does not come up because? is because I have a dictionary right? or because the chip does not allow it? I expect a response saludooooo mail or aquiiii ^ ^
What is the nomnbre of dictionaries? my not help me capture the handshake porfa
To capture the handshake .. with a different PC Connect to the network by placing any password .. with another PC and any network ... when trying to get .. receives the handshake.
GREETINGS!