WPA Dictionary crack with Backtrack 5

July 8, 2011 by: admin

Disclaimer: All information on this site is for testing and educational purposes only; for use by network security administrators or testing the security of your own wireless connection.
Getting a WPA or WPA2 handshake is great but what do you do once you have gotten one? Well it needs to be cracked. Unlike WEP, WPA is hard to crack and is usually done with Brute Force.

There are other ways such as Rainbow Tables, but the simplest or easiest way to crack WPA is to use Brute Force. The way this works basically is that there is a large dictionary that you use to throw as many combinations of words as possible at the WPA encryption until it cracks. If the password is easy then it will find it quick, if it is a long paraphrase with many different number letter combinations then it will be much harder.

Getting a good dictionary can be hard there are some dictionaries within Backtrack 5 that I will use to explain the Brute Force method but there size is limited making them useless against all but the easiest passphrase.

Through popular request here is a large dictionary in three parts if needed:(This dictionary does not need to be downloaded for this tutorial as I use a built in Backtrack 5 dictionary)
Filesonic has shut down along with Megaupload so links are not currently working.

These files are too big for me to host, so I am using filesonic, each file is 250-300 Mega bytes (With a cable modem or DSL it should take 2-3 hours to download depending on your speed). This dictionary is made up to a combination of up to 20 characters long.


If you download this dictionary each of the three parts will have to be unzipped with Win RAR or other unzipping tool. These files are huge especially once they get done unzipping. Once downloaded an run against a WPA/WPA2 encryption passphrase, I have seen this dictionary take three days to go through all three parts running on a dedicated Dual core 4800 AMD with 4 Gigs of RAM. So depending on how fast you machine is and how hard the password is it may take some time. Ideally split them up with three machines.


You should already have a WPA handshake file and Backtrack 5 running.

The default storage for a WPA handshake is under /root and will be there under what ever name you called it. The dictionary that we will use is built into backtrack under the /pentest/passwords/wordlists and is called darkc0de.lst.

We will be using aircrack to do the cracking and the command to do this is:

aircrack-ng (file name) -w (dictionary location)

Where the file name is the handshake file you captured and the dictionary location is the path to your dictionary. The location of where this two files are and there names will be up to you. as I said above the usual default location of the handshake file is under /root and is what ever you called it. we will be using the darkc0de.lst dictionary for this example under the
/pentest/passwords/wordlists directory.

So the command for me to do this would be:

aircrack-ng /root/mywpacatch-05.cap -w /pentest/passwords/wordlists/darkc0de.lst

If done right aircrack should start and begin to try to crack the WPA handshake capture with the dictionary.

If the dictionary finds it it will show as below if not then another dictionary will need to be used.


Disclaimer: All information on this site is for testing and educational purposes only; for use by network security administrators or testing the security of your own wireless connection.

Incoming search terms:

Filed under: Home


9 Responses to “WPA Dictionary crack with Backtrack 5”
  1. carlosm says:

    Do you have any more WPA2 dictinaries that you can share?

  2. Visio says:

    Hello there, simply turned into aware of your blog thru Google, and found that it is really informative. I?m gonna watch out for brussels. I will appreciate if you continue this in future. A lot of other folks will be benefited from your writing. Cheers!

  3. Blogi says:

    I need your help. I like your blog. Your texts are interesting. I entered here by accident and I started reading. I became interested in the topic and I am thinking whether I could use your words on my article, of course with the quotation. Please write me back, thanks.

  4. Galen Todman says:

    Straight to the point and well written! Why can’t everyone else be like this?

  5. As a Newbie, I am constantly browsing online for articles that can help me. Thank you

  6. Stan Dobratz says:

    As a Newbie, I am permanently exploring online for articles that can be of assistance to me. Thank you

Leave a Reply