Add to collection(s) Add to saved
  1. No category
Uploaded by christiantc0000

WiFi-Hacking-01

advertisement 
< foreach
Gabriel 's Desk
Courses/Network Security/Ethical Hacking With Kali Linux/Hacking a WiFi se…
Hacking a WiFi secured with WPA or WPA2
Step 1: Capturing WPA packets
1.1. Let's make sure we're not connected to any wireless network.
1.2. Let's show the available WiFi cards that can be used for the monitor mode. A monitor mode allows a
computer with a Wireless Network Interface Controller(WNIC) to monitor all traffic received from wireless
network.
To show the WiFi cards let's type the command:
ifconfig
Let's assume the WiFi card is named wlan0 as it is mostly the case in Kali Linux.
1.3. Now that we know the WiFi card we can start the monitor mode.
Let's start the monitor mode by typing
airmon-ng start wlan0
Just ignore a warning about a process that can cause problems.
1.4. Now that the monitor mode is running, a new WiFi card named wlan0mon has been added to our network
card list.
We can then start capturing the information of all wireless access points that are available around us. Let's do
that by typing
airodump-ng wlan0mon
Once we see our target network we'll use ctrl+c to stop dumping the traffic.
Let's understand the important terms in our capture:
a) BSSID is the mac address of the router.
b) Beacons are the packets broadcast by the router to show its availability. More the beacons nearer is the
router.
c) Data means the packets that are travelling between authenticated clients and router that show users
connected to a router is doing something on the internet.
d) Channel(CH) is the frequency channel at which a router is broadcasting. A router can shift between channel
1 to 13.
e) ENC is the type of security a router has.
f) ESSID is the name of the WiFi.
Step 2: Capturing Handshakes
Before capturing the handshakes let's prepare how to store them.
Let's say the target WiFi name is "Benax-WiFi" and Let's say we want the path of files containing the
handshakes to look like "traffics/Benax-WiFi-*"
Let's create a directory "traffics" by typing the command
mkdir traffics
Then let's find a suitable prefix for the files that will be automatically created in the directory "traffics"
we've just made.
airodump-ng -c [CH] --bssid [BSSID] -w traffics/Benax-WiFi wlan0mon
Let's replace [CH] by the channel of our targeted WiFi. The channel is found in the output of the command
"airodump-ng wlan0mon".
Let's replace [BSSID] by the bssid(MAC Address) of our targeted WiFi. The bssid is also found in the output
of the command "airodump-ng wlan0mon".
The "–w" followed by a file path specifies a place where airodump will save any intercepted handshakes,
necessary to crack the password.
Well, now that the command above is running,
We can sit down and wait for the handshake to occur. That is to wait until a device connects or re-connects
with the WiFi router.
But this can take long and we cannot even be sure about it.
This is where aireplay-ng comes in handy.
Using aireplay-ng let's force clients connected to the router to reconnect with the router by sending
deauthentication packets to those clients. When the device is disconnected it will immediately try to reconnect
with the router and we'll then capture that handshake.
One handshake is enough to start cracking.
Without closing the current terminal, let's open another terminal and type the command
aireplay-ng -0 15 -a [BSSID] wlan0mon
Here -0 enables deauth mode.
15 is the number of deauth packets to be sent. We can send any number of deauth packets.
With the command above every device that's connected to the targeted WiFi will get disconnected.
If we want to target only one client we can add "-c [Client's MAC address]" just before wlan0mon.
As aireplay-ng is sending 15 deauth packets, let's get back to the terminal we're using to capture the
handshakes and check for a text like "WPA handshake:[Client's MAC address]". If we see such a text, Bingo! a
handshake captured. We can stop here.
Now let's check the path of the captured handshake. Benax-WiFi-01.cap contains the password that we are
seeking.
Step 3: Getting a Wordlist
Wordlist are basically the list of passwords.
rockyou.txt is of 148 MB. There are various wordlists available on internet . We can download them. There is
even a wordlist of 28 GB. We can also download it.
ONLY if we never used rockyou.txt before , it should be still compressed as rockyou.txt.gz requiring us
to unzip it using the command
gunzip /usr/share/wordlist/rockyou.txt.gz
The command above gave us the file path /usr/share/wordlist/rockyou.txt that we'll need soon during cracking.
Otherwise go ahead and crack.
Step 4: Cracking
Let's open another terminal and type
aircrack-ng -a2 -b [BSSID] -w /usr/share/wordlists/rockyou.txt traffics/Benax-WiFi01.cap
-a is the method aircrack will use to crack the handshake, 2=WPA method.
If we have different parameters than what we have in the command we should make necessary replacements.
aircrack-ng picks each password from wordlist and encrypts it using the same encryption that password in
handshake is having and compare both of them.
The thing is we cannot decrypt the encrypted password in captured handshake.
so aircrack-ng encrypt each password with same encryption that password in capured handshake is having and
compare encryptions.
This method does not 100% guarantee that it will crack the password. As it depend upon the type of password
and capacity of wordlist.
Larger the size of wordlist more are the chance of cracking the password. But on the other hand it takes more
time.
How to prevent your password from being cracked:
- Add special characters.
- Add numbers.
- Add uppercase and lowercase characters.
- Try to make its length long.
- Use phrases instead of just words.
Security of our wifi, emails, or any accounts depends upon the complexity of our passwords.
like:
MyNickNameisRusty@123
goshesmakepasswordssecure!56
iloverwanda(@@@@@)
Related documents
1. Click on your computer`s WIRELESS ICON ( ) located in the
1. Click on your computer`s WIRELESS ICON ( ) located in the
Download
advertisement