5 Steps Wifi Hacking – Cracking WPA2 Password Note: This guide is only for knowledge purpose
------------------------------
New Kali linux is on the way. Keep backtrack safe.
*Wi-Fi Protected Access (WPA) and Wi-Fi Protected Access II (WPA2) are two security protocols and security certification programs developed by the Wi-Fi Alliance to secure wireless computer networks. The Alliance defined these in response to serious weaknesses researchers had found in the previous system, WEP (Wired Equivalent Privacy) *
Requirements:
1. Wireless card (support promiscuous mode)
2. Access point with WPA2 and WPS enables
3.Kali Linux
------------------------------
1. Open our terminal (CTRL+ALT+T) and type airmon-ng
5 Steps Wifi Hacking - Cracking WPA2 Password
this command will lists our wireless card that attached with our system.
2. The next step we need to stop our wireless monitor mode by running airmon-ng stop wlan0
3. Now we ready to capture the wireless traffic around us. By running airodump-ng wlan0 our wireless interface will start capturing the data.
Information:
BSSID (Basic Service Set Identification): the MAC address of access point
PWR: Signal level reported by the card.
Beacons: Number of announcements packets sent by the AP
# Data: Number of captured data packets (if WEP, unique IV count), including data broadcast packets.
#/s: Number of data packets per second measure over the last 10 seconds.
CH: Channel number (taken from beacon packets).
MB: Maximum speed supported by the AP. If MB = 11, it's 802.11b, if MB = 22 it's 802.11b+ and higher rates are 802.11g.
ENC: Encryption algorithm in use.
CIPHER: The cipher detected. TKIP is typically used with WPA and CCMP is typically used with WPA2.
AUTH: The authentication protocol used.
ESSID: Shows the wireless network name. The so-called “SSID”, which can be empty if SSID hiding is activated.
4. From the step 3 above, we can find access point with encryption algorithm WPA2 and note the AP channel number. Now we will find out whether target AP has WPS enabled or not.
wash -i wlan0 -c 8 -C -s
if the WPS Locked status is No, then we ready to crack and move to step 5.
5. The last step is cracking the WPA2 password using reaver.
reaver -i <your_interface> -b <wi-fi victim MAC address> –fail-wait=360
Because we already get the information from step 3 above, so my command look like this:
reaver -i wlan0 -b E0:05:C5:5A:26:94 –fail-wait=360
it takes hours to crack 20 characters WPA2 password depend with our hardware and wireless card.
Note:
1. WPA and WPA2 security implemented without using the Wi-Fi Protected Setup (WPS) feature are unaffected by the security vulnerability.
2. To prevent this attack, just turn off our WPS/QSS feature on our access point.
------------------------------
New Kali linux is on the way. Keep backtrack safe.
*Wi-Fi Protected Access (WPA) and Wi-Fi Protected Access II (WPA2) are two security protocols and security certification programs developed by the Wi-Fi Alliance to secure wireless computer networks. The Alliance defined these in response to serious weaknesses researchers had found in the previous system, WEP (Wired Equivalent Privacy) *
Requirements:
1. Wireless card (support promiscuous mode)
2. Access point with WPA2 and WPS enables
3.Kali Linux
------------------------------
1. Open our terminal (CTRL+ALT+T) and type airmon-ng
5 Steps Wifi Hacking - Cracking WPA2 Password
this command will lists our wireless card that attached with our system.
2. The next step we need to stop our wireless monitor mode by running airmon-ng stop wlan0
3. Now we ready to capture the wireless traffic around us. By running airodump-ng wlan0 our wireless interface will start capturing the data.
Information:
BSSID (Basic Service Set Identification): the MAC address of access point
PWR: Signal level reported by the card.
Beacons: Number of announcements packets sent by the AP
# Data: Number of captured data packets (if WEP, unique IV count), including data broadcast packets.
#/s: Number of data packets per second measure over the last 10 seconds.
CH: Channel number (taken from beacon packets).
MB: Maximum speed supported by the AP. If MB = 11, it's 802.11b, if MB = 22 it's 802.11b+ and higher rates are 802.11g.
ENC: Encryption algorithm in use.
CIPHER: The cipher detected. TKIP is typically used with WPA and CCMP is typically used with WPA2.
AUTH: The authentication protocol used.
ESSID: Shows the wireless network name. The so-called “SSID”, which can be empty if SSID hiding is activated.
4. From the step 3 above, we can find access point with encryption algorithm WPA2 and note the AP channel number. Now we will find out whether target AP has WPS enabled or not.
wash -i wlan0 -c 8 -C -s
if the WPS Locked status is No, then we ready to crack and move to step 5.
5. The last step is cracking the WPA2 password using reaver.
reaver -i <your_interface> -b <wi-fi victim MAC address> –fail-wait=360
Because we already get the information from step 3 above, so my command look like this:
reaver -i wlan0 -b E0:05:C5:5A:26:94 –fail-wait=360
it takes hours to crack 20 characters WPA2 password depend with our hardware and wireless card.
Note:
1. WPA and WPA2 security implemented without using the Wi-Fi Protected Setup (WPS) feature are unaffected by the security vulnerability.
2. To prevent this attack, just turn off our WPS/QSS feature on our access point.
Comments
Post a Comment