Commview For Wifi 6.3 Crack Tutorials
Regulo Akers
When Wi-Fi was first developed in the late 1990s, Wired Equivalent Privacy was created to give wireless communications confidentiality. WEP, as it became known, proved terribly flawed and easily cracked. You can read more about that in my beginner's guide to hacking Wi-Fi.
The weakness in the WPA2-PSK system is that the encrypted password is shared in what is known as the 4-way handshake. When a client authenticates to the access point (AP), the client and the AP go through a 4-step process to authenticate the user to the AP. If we can grab the password at that time, we can then attempt to crack it.
In this tutorial from our Wi-Fi Hacking series, we'll look at using aircrack-ng and a dictionary attack on the encrypted password after grabbing it in the 4-way handshake. If you're looking for a faster way, I suggest you also check out my article on hacking WPA2-PSK passwords using coWPAtty.
For this to work, we'll need to use a compatible wireless network adapter. Check out our 2017 list of Kali Linux and Backtrack compatible wireless network adapters in the link above, or you can grab our most popular adapter for beginners here.
Now that our wireless adapter is in monitor mode, we have the capability to see all the wireless traffic that passes by in the air. We can grab that traffic by simply using the airodump-ng command.
This command grabs all the traffic that your wireless adapter can see and displays critical information about it, including the BSSID (the MAC address of the AP), power, number of beacon frames, number of data frames, channel, speed, encryption (if any), and finally, the ESSID (what most of us refer to as the SSID). Let's do this by typing:
As you can see in the screenshot above, we're now focusing on capturing data from one AP with a ESSID of Belkin276 on channel 6. The Belkin276 is probably a default SSID, which are prime targets for wireless hacking as the users that leave the default ESSID usually don't spend much effort securing their AP.
In order to capture the encrypted password, we need to have the client authenticate against the AP. If they're already authenticated, we can de-authenticate them (kick them off) and their system will automatically re-authenticate, whereby we can grab their encrypted password in the process. Let's open another terminal and type:
In the previous step, we bounced the user off their own AP, and now when they re-authenticate, airodump-ng will attempt to grab their password in the new 4-way handshake. Let's go back to our airodump-ng terminal and check to see whether or not we've been successful.
Now that we have the encrypted password in our file WPAcrack, we can run that file against aircrack-ng using a password file of our choice. Remember that this type of attack is only as good as your password file. I'll be using the default password list included with aircrack-ng on BackTrack named darkcOde.
This process can be relatively slow and tedious. Depending upon the length of your password list, you could be waiting a few minutes to a few days. On my dual core 2.8 gig Intel processor, it's capable of testing a little over 500 passwords per second. That works out to about 1.8 million passwords per hour. Your results will vary.
When the password is found, it'll appear on your screen. Remember, the password file is critical. Try the default password file first and if it's not successful, advance to a larger, more complete password file such as one of these.
Keep coming back, as I promise more advanced methods of hacking wireless in future tutorials. If you haven't seen the other Wi-Fi hacking guides yet, check them out here. Particularly the one on hacking WEP using aircrack-ng and hacking WPA2-PSK passwords using coWPAtty.
Just updated your iPhone? You'll find new emoji, enhanced security, podcast transcripts, Apple Cash virtual numbers, and other useful features. There are even new additions hidden within Safari. Find out what's new and changed on your iPhone with the iOS 17.4 update.
First of all, thanks for the great tutorial.
The only problem I have is the following:
14:49:01 wlan0mon is on channel 6, but the AP uses channel 9
I tried things like "airmon-ng start wlan0mon 9" but it displayed the same error.
Any Ideas how to fix this?
i tried it with this time darkcode..changing the zero in darkc0de to to an o..still No such file or directory...am imagining my kali doesnt have it...i deleted backtrack5 and installed kali...so how do i get other password lists and more important how do i install it straight into the aircrack-ng directory...
I tried cracking WPA2 networks last week using airodump and fern, but my chromebook's processor is not that powerful! :P Will definitely have to play around with the command prompt way, I'm a sucker for GUi's...haha Also, thanks for the password lists, those are hard to find sometimes, surprisingly.
now in the second airodump when we are specifically looking at the target AP, where it says fixed channel mon0 in the top right corner the channel is changing up there an i cant tell from the picture wether your one is doing the same or it is fixed on ur specified channel
Great write up. I think it is worthwhile for those who choose this endeavor to understand just how long bruteforcing a pwd might take. You can enter a pwd here and get a fair calculation. Fortunately for those who might want to do this most people will use the name of their pet if they even change the admin/admin default.
Thanks for that info! Technically, this isn't a brute force attack though and its not a dictionary attack either. We are using wordlists of commonly used passwords with special characters and numbers. It might best be called a hybrid attack and takes a lot less time than a brute force attack.
So I've been following your recent guides (and already got to test on some Wi-fi's) but now trying to expand the dictionary (Darkc0de isn't enough, more if your language is not English) but the alternative dictionaries you offered are txt's and aircrack says it only takes IVs or Cap, so, as a beginner that I am, how would I get those in the correct format? Is there a converter and what parameters would I have to set up to get it right?
Mkay. I tried this this morning. I'm not sure if it worked or not. I was originally making an attempting on cracking the WPA2, yet something a little different happened, so I just followed through with a DoS attack of which i think worked. I'm led to believe that it worked because after the deauth went through, the saw the mac addy pop back up and re-authenticate itself onto the network. I decided to quit the WPA2 crack because I never saw the 4-way hand shack after they reconnected. It's suppose to say 4-way handshack in the top right... here's a screenshot. It never appeared when they reauthenticated back onto the network. Any idea why?
Hey, i came across a issue, i think i went through all of the steps here word for word and about two times it said "WPA Handshake" and the Bssid in the top right but when i went and tried to use the darkc0de command "aircrack-ng WPAcrack-01.cap -w /pentest/passwords/wordlists/darkc0de" it at first said specify a dictionary so i entered darc0de as darkc0de.lst and it seemed to work, but now I'm coming across this in the top right console it says there is no Valid WPA Handshake but on the left one it says it went through after authentication.
I thought of that, so i went and deleted all of the other ones i failed with before i went and started this one, so i should only have 1 file to "Load" it from, i guess i will make sure i have none again this time and try again, also does the Reauthentication the machine doing that or a human having to reenter their password or something? (After i deauthenticate them, when should it say WPA Handshake? As in a time interval?)
Hmm from what i seen/hear from yours that would be the case, but when i tried last night only a few times would i even get a WPA Handshake, the other times i waited hours and got nothing, so WPA handshake should be instant and afterwards i use the aircrack-ng WPAcrack-01.cap -w /pentest/passwords/wordlists/darkc0de.lst command and it should be all fine and i will have to wait for that one
After i realised there was no handshake yes, and when i ran to start airmon-ng start wlan0 (without resetting computer first) It made different monitoring devices so will i have to restart every time i do this?
Hmm, is there a "Quicker" Method to WEP/WPA/WPA2 Password cracking? The two smaller files that i tried were both unable to find the password and the Larger One i downloaded from the two links will take about a week I'm guessing to even come near completion and i only have one Laptop and use it daily so i can't exactly just leave it for a week and Hope for it to find the password, Given that the password isn't in that large list.
alright, I'll Check out Reaver, and its probably just having to be Patient, but that is kind of hard to wait a week without being able to use Your only source of Connectivity. I know this may be the best way and we Don't have Transformer Technology that will get us inside in Minutes. Just seems a little Drastic for a whole Week+ of a possibility for a password. But enough complaining i'll go check Reaver now.
If you want the password, sometimes you have to be patient. By the way, their are other tools such a GPU's and specially designed ASIC's that can reduce the time by about 1,000,000 times. Unfortunately, they are a bit pricey. About $2000.
I have no clue of what the password would be or even what it would start with, So that is a no go or i would have edited one of the lists, if it was just a simple word file or such, and only had the passwords with the first letter in it. I Suppose that would drastically reduce it. Or perhaps i could break up the file into smaller ones and test them while i am sleeping. Also about the background i myself don't have internet at my house and the RAM on my computer is rather low, i don't think i should try anything else as to not Corrupt or interfere with the speed or stability of the Cracking Process. Also in your "Reaver" Link would having BTr3 Already have all of these already?
b37509886e