Cracking WPA/WPA2 Via Wordlist

Generating a Wordlist & Cracking the Password

In the previous part of our tutorial, we successfully captured the 4-way handshake, a critical step for cracking WPA/WPA2 passwords. Now, we’ll proceed to generate a wordlist tailored to our target and use that wordlist to attempt cracking the password using Aircrack-ng. Here’s a detailed step-by-step guide to take you through this process.

Prerequisites

• Ensure you have the necessary tools installed: Crunch and Aircrack-ng.

Step 1: Generate a Wordlist Using Crunch

Crunch is a powerful wordlist generator that allows you to create custom wordlists based on specified criteria. This will help in crafting a potential list of passwords that matches the complexity and format likely used by the network’s password.

• Open your terminal.
• To generate a wordlist with combinations of characters like ‘a’, ‘b’, ‘c’, ‘1’, and ‘2’, with lengths ranging from 6 to 8 characters, run the following command:

sudo crunch 6 8 abc12 -o test.txt

• This command tells Crunch to create a wordlist starting from 6-character to 8-character combinations of the specified set and save it to test.txt.
• Check the contents of the generated wordlist by running:

sudo cat test.txt

• You’ll see all the generated password combinations. Use Ctrl+C to exit the view.

Step 2: Crack the Password Using Aircrack-ng

Aircrack-ng is a network software suite consisting of a detector, packet sniffer, WEP and WPA/WPA2-PSK cracker, and analysis tool. It is used here to crack the WPA/WPA2 passwords by matching the wordlist against the captured handshake.

• To start the password cracking process, execute:

sudo aircrack-ng wpa_handshake-01.cap -w test.txt

• Replace wpa_handshake-01.cap with the actual filename of your captured handshake file.
• Aircrack-ng will iterate through the wordlist, attempting to match each entry against the MIC (Message Integrity Code) contained in the handshake.
• The effectiveness of this attack heavily relies on the quality and relevance of your wordlist. If the password exists within your wordlist, Aircrack-ng will display it; if not, you’ll receive a message indicating the password was not found.

This approach’s success depends significantly on the strength and appropriateness of the wordlist. If the password is not cracked, consider using more sophisticated wordlist generation strategies or employing other methods such as mask attacks or rainbow tables.