Cracking WPA2-PSK Passwords Using Aircrack-Ng
In this tutorial, we’ll look at using Aircrack-Ng and a Dictionary attack on the encrypted password after grabbing it in the 4-way handshake.
You need Kali-linux to do this operation and you need to be root,
STEP 01- Open terminal and type iwconfig
- check connection you have before start this, because wlan0 should be there, this is though only wifi.
STEP 02- Put Wi-Fi Adapter in Monitor Mode with Airmon-Ng
- It permits us to see the entirety of the remote traffic that passes by us noticeable all around. Open a terminal and type:
- airmon-ng start wlan0
STEP 03- Capture Traffic with Airodump-Ng
- This command gets all the traffic that your remote connector can see and shows basic data about it,
- airodump-ng mon0
STEP 04- Focus Airodump-Ng on One AP on One Channel
- Following stage is to concentrate endeavours on one AP, on one channel, and catch basic information from it. (BSSID and channel are needed) . How about we open another terminal and type:
- airodump-ng –bssid 08:86:30:74:22:76 -c 6 –write WPAcrack mon0
- 08:86:30:74:22:76 – BSSID of the AP
- -c 6 -channel the AP is operating on
- WPAcrack – file you want to write to
- mon0 – monitoring wireless adapter*
As in screen capture, Belkin276 is most likely a default SSID, which are ideal objectives for remote hacking as the clients that leave the default ESSID generally don’t burn through much energy making sure about their AP.
STEP 05- Aireplay-Ng Deauth
- So as to catch the encoded passcode key, we have to have the customer validate against the AP.
- In the event that they’re now validated, we can de-confirm them (kick them off) and their framework will naturally re-verify,
- aireplay-ng –deauth 100 -a 08:86:30:74:22:76 mon0
- 100 is the number of de-authenticate frames you want to send
- 08:86:30:74:22:76 is the BSSID of the AP
- mon0 is the monitoring wireless adapter
STEP 06: Capture the Handshake
- Now we bounced the user off their own AP, and now after they re-authenticate, airodump-ng will try to grab their password within the new 4-way handshake.
- Go to airodump-ng terminal and check to work out whether or not we’ve been successful.
Notice within the top line to the far right, airodump-ng says “WPA handshake.” this can be the way it tells us we were successful in grabbing the encrypted password! that’s the primary step to success!
STEP 07- Let’s Aircrack-Ng That Password!
- Now that we have the encrypted passcode in the file WPAcrack, So now can run that file against aircrack-ng using a passcode file that we are using.
- Important- Remember that this type of attack is only as good as your password file.
- You can find best password list on internet by typing best kali linux Wordlist list, my wordlist name is darkc0de,
- open another terminal and typing:
- aircrack-ng WPAcrack-01.cap -w /pentest/passwords/wordlists/darkc0de
- WPAcrack-01.cap (name of the file we created to in the airodump-ng command
- /pentest/passwords/wordlist/darkc0de – absolute path to your passcode file
This process are often relatively slow and tedious. Depending upon the length of your password list, you’ll be waiting some minutes to some days.
After password is found, it will be on your screen. Remember, the password file is critical. Try the default password file first and if it isn’t successful, advance to a bigger, more complete password file.
128 total views, 1 views today