Wifi Password Cracking

Cracking WPA2-PSK Passwords Using Aircrack-Ng


Welcome back, When Wi-Fi was first developed in the late 1990s, Wired Equivalent Privacy was created to give wireless communications confidentiality. WEP, as it became known, proved terribly flawed and easily cracked. You can read more about that in my beginner's guide to hacking Wi-Fi.

As a replacement, most wireless access points now use Wi-Fi Protected Access II with a pre-shared key for wireless security, known as WPA2-PSK. WPA2 uses a stronger encryption algorithm, AES, that's very difficult to crack—but not impossible. My beginner's Wi-Fi hacking guide also gives more information on this.
The weakness in the WPA2-PSK system is that the encrypted password is shared in what is known as the 4-way handshake. When a client authenticates to the access point (AP), the client and the AP go through a 4-step process to authenticate the user to the AP. If we can grab the password at that time, we can then attempt to crack it.
Anonymous hacker
In this tutorial from our Wi-Fi Hacking series, we'll look at using aircrack-ng and a dictionary attack on the encrypted password after grabbing it in the 4-way handshake. If you're looking for a faster way, I suggest you also check out my article on hacking WPA2-PSK passwords using coWPAtty.

Step 1Put Wi-Fi Adapter in Monitor Mode with Airmon-Ng

Let's start by putting our wireless adapter in monitor mode.
For this to work, we'll need to use a compatible wireless network adapter. Check out our 2017 list of Kali Linux and Backtrack compatible wireless network adapters in the link above, or you can grab our most popular adapter for beginners here.
A roundup of Kali Linux compatible wireless network adapters.Anonymous Hacker
This is similar to putting a wired adapter into promiscuous mode. It allows us to see all of the wireless traffic that passes by us in the air. Let's open a terminal and type:
  • airmon-ng start wlan0
Note that airmon-ng has renamed your wlan0 adapter to mon0.

Step 2Capture Traffic with Airodump-Ng

Now that our wireless adapter is in monitor mode, we have the capability to see all the wireless traffic that passes by in the air. We can grab that traffic by simply using the airodump-ng command.
This command grabs all the traffic that your wireless adapter can see and displays critical information about it, including the BSSID (the MAC address of the AP), power, number of beacon frames, number of data frames, channel, speed, encryption (if any), and finally, the ESSID (what most of us refer to as the SSID). Let's do this by typing:
  • airodump-ng mon0
Note all of the visible APs are listed in the upper part of the screen and the clients are listed in the lower part of the screen.

Step 3Focus Airodump-Ng on One AP on One Channel

Our next step is to focus our efforts on one AP, on one channel, and capture critical data from it. We need the BSSID and channel to do this. Let's open another terminal and type:
  • airodump-ng --bssid 08:86:30:74:22:76 -c 6 --write WPAcrack mon0

0 comments:

Copyright © 2013 Anonymous Hacker