29 November 2014

How to Crack WEP, WPA, & WPA2 Wireless with BackTrack4 & GRIM WEPA

Main article: How to Protect Your Wireless Network

I have previously posted 2 articles on:

  1. How to Crack WEP Wireless with BackTrack 4 running on Windows
  2. How to Crack WPA & WPA2 Wireless with BackTrack 4 running on Windows

This article explains how to crack a WEP, WPA, or WPA2 using a Graphical User Interface (GUI) instead of writing codes. I would recommend that you check out the previous articles to understand the steps involved in the process.

Before you begin

  1. You need to have BackTrack installed and running on VMWare Player. How to Install VMWare & Backtrack 4
  2. Check if your wireless adapter is compatible with Backtrack 4 from List of compatible adapters
  3. I am using the Alfa AWUS036H which is a very well known usb wireless adapter because of its good performance and cheap price.
  4. Make sure that your wireless adapter is plugged into your virtual machine. In VMWare goto the menu “Virtual Machine” -> “Removable Devices” -> “YOUR ADAPTER MUST BE TICKED”

Downloading & Installing GRIM WEPA

First, we need to download and install “GRIM WEPA” inside Backtrack 4:

  1. Download: Goto http://code.google.com/p/grimwepa/ and download “grimstall.sh” & the latest version of “grimwepa”. In my case: it is “grimwepa_1.0.jar”
    GRIM WEPA - Download
  2. Copy the files into the virtual machine by dragging & dropping them into the virtual machine
    GRIM WEPA - Copy to VM
  3. Launch Konsole and run the following command
    ./grimstall.sh install /pentest/wireless/grimwepa/

    GRIM WEPA - Install

Running GRIM WEPA

Run:

grimwepa

  1. Select the wireless interface that you want to use to put in monitor mode. In my case: wlan0
    GRIM WEPA - Start
  2. Select the monitoring interface from. In my case: mon0
  3. Make sure “All Channels” is checked
  4. Hit “Refresh Targets” until the list of available networks appear.
  5. Hit “Stop scanning”
  6. Select the network that you wish to crack

Cracking a WEP Network

If the network that you have selected is WEP encrypted then follow these steps:

  1. Select “ARP-Replay” as the Attack method
  2. Tune the Injection rate to “600″
  3. Click “Start Attack” (if Captured IVs doesn’t increase then restart the attack)
  4. Cracking will automatically start when number of IVs collected reach 10,000. In case it wasn’t able to crack it at 10,000 then it will keep collecting more IVs and try to crack
  5. In the end it should show you the WEP key in the status bar as shown below

GRIM WEPA - WEP Cracked

Cracking a WPA/WPA2 Network

If the network that you have selected is WPA or WPA2 encrypted follow these steps:

  1. Click “Start Deauth + Handshake Capture Attack”. You need someone who is already using the wireless network that you are attacking, or you have to wait until someone connects to it. So you might need to keep it running for some time
    GRIM WEPA - WPA2 Start Handshake Capture
  2. Wait until you see “Handshake was captured!” GRIM WEPA - WPA2 Handshake Captured
  3. Now select the dictionary file that you wish to use to crack the password and click “Crack WPA (Dictionary Attack)”
  4. In case the password wasn’t cracked then you need to try another dictionary file
  5. In case the password was cracked then you should see it in the status bar as shown below GRIM WEPA - WPA2 Password Cracked

As mentioned in my previous articles that cracking a WPA or WPA2 network is directly related to the complexity of the password and the dictionary file that you are using. This means that you might be able to crack the password in a matter of seconds or not crack it at all.

Conclusion

GRIM WEPA is a GUI application used to automate the process of cracking a WEP, WPA, or WPA2. Cracking a WEP protected wireless network is almost guaranteed to succeed, easy, and fast to achieve. The success of cracking a WPA or WPA2 wireless network is directly related to the complexity of the password and the dictionary file that you’re using.

This is why you should set your home wireless network to be WPA2 protected with a long password that contains a variety of letters, capital letters, numbers, and symbols. Check How to Protect Your Wireless Network for more details.

Feel free to ask questions or let me know if I have missed something by leaving a comment below.

References

  • Moustafa

    Excellent article Basil, I will be waiting more nice articles like this through RSS.

    • http://www.banbouk.com Basil Banbouk

      Thanks, wait for the articles on creating a website :)

      • Bill

        How do I get a dictionary word list ? I get a message dictionary not found.

        • http://www.banbouk.com Basil Banbouk

          There are lots of dictionary files or wordlists on the internet, use google to find a good one.

  • http://feeds.feedburner.com/IndieProPub Nicki Minaj

    Thanks for sharing this helpful info!

  • http://technopolis.ir Towhid

    nice, worked fine

  • James

    why do i keep receiving this eror plz i need explaination.

    [+] WARNING: recommended packages/apps were not found pyrit
    [+] launching gui interface
    [+] wireless devices: “”
    [!] no wireless adapaters found
    [!] make sure your wifi card is plugged in, then check airmon-ng

    [!] the program is unable to continue and will now exit
    root@bt:~#

  • Xander

    basil you are a Genius!! nice article& it really worked.. i used the backtrack 5 with grimwepa & got a WEP code… excellent!

    now i am into WAP attack& ill let u know once ive cracked it ;) peace bro!