WPA Dictionary crack with Backtrack 5

July 8, 2011 by: admin

Disclaimer: All information on this site is for testing and educational purposes only; for use by network security administrators or testing the security of your own wireless connection.
Getting a WPA or WPA2 handshake is great but what do you do once you have gotten one? Well it needs to be cracked. Unlike WEP, WPA is hard to crack and is usually done with Brute Force.

There are other ways such as Rainbow Tables, but the simplest or easiest way to crack WPA is to use Brute Force. The way this works basically is that there is a large dictionary that you use to throw as many combinations of words as possible at the WPA encryption until it cracks. If the password is easy then it will find it quick, if it is a long paraphrase with many different number letter combinations then it will be much harder.

Getting a good dictionary can be hard there are some dictionaries within Backtrack 5 that I will use to explain the Brute Force method but there size is limited making them useless against all but the easiest passphrase.


For pepole having a problem with the built in Backtrack 5 dictionary Darkc0de here are some that can be downloaded and used. These are dictionaries that have been floating around for some time now and are good to practice with. If none of these crack your WPA capture then you can always create your own dictionary with hashcat.
I am hosting these files on a free service called Cleanfiles, they are free but require a survey be done before downloading.
WPA/WPA 2 Dictionaries
Misc Dictionary


You should already have a WPA handshake file and Backtrack 5 running.

The default storage for a WPA handshake is under /root and will be there under what ever name you called it. The dictionary that we will use is built into backtrack under the /pentest/passwords/wordlists and is called darkc0de.lst.

We will be using aircrack to do the cracking and the command to do this is:

aircrack-ng (file name) -w (dictionary location)

Where the file name is the handshake file you captured and the dictionary location is the path to your dictionary. The location of where this two files are and there names will be up to you. as I said above the usual default location of the handshake file is under /root and is what ever you called it. we will be using the darkc0de.lst dictionary for this example under the
/pentest/passwords/wordlists directory.

So the command for me to do this would be:

aircrack-ng /root/mywpacatch-05.cap -w /pentest/passwords/wordlists/darkc0de.lst

If done right aircrack should start and begin to try to crack the WPA handshake capture with the dictionary.

If the dictionary finds it it will show as below if not then another dictionary will need to be used.


Disclaimer: All information on this site is for testing and educational purposes only; for use by network security administrators or testing the security of your own wireless connection.

Incoming search terms:

Filed under: Home


9 Responses to “WPA Dictionary crack with Backtrack 5”
  1. carlosm says:

    Do you have any more WPA2 dictinaries that you can share?

  2. Visio says:

    Hello there, simply turned into aware of your blog thru Google, and found that it is really informative. I?m gonna watch out for brussels. I will appreciate if you continue this in future. A lot of other folks will be benefited from your writing. Cheers!

  3. Blogi says:

    I need your help. I like your blog. Your texts are interesting. I entered here by accident and I started reading. I became interested in the topic and I am thinking whether I could use your words on my article, of course with the quotation. Please write me back, thanks.

  4. Galen Todman says:

    Straight to the point and well written! Why can’t everyone else be like this?

  5. As a Newbie, I am constantly browsing online for articles that can help me. Thank you

  6. Stan Dobratz says:

    As a Newbie, I am permanently exploring online for articles that can be of assistance to me. Thank you

Leave a Reply