How to do
it...
Let's begin the process of using AirCrack to crack a network
session secured by WPA.
1.
Open a terminal window and bring up a list of wireless
network interfaces.
airmon-ng
2.
Under the interface column, select one of your
interfaces. In this case, we will use wlan0.
If you have a different interface, such as mon0, please substitute it at
every location where wlan0
is mentioned.
3.
Next, we need to stop the wlan0 interface and take it down.
airmon-ng stop wlan0
ifconfig wlan0 down
4.
Next, we need to change the MAC address of our
interface. In this case, we will use 00:11:22:33:44:55.
macchanger
-–mac 00:11:22:33:44:55 wlan0
5.
Now we need to
restart airmon-ng.
airmon-ng
start wlan0
6.
Next, we will use airodump to locate the available
wireless networks nearby. airodump-ng wlan0
7.
A listing of available networks will begin to appear.
Once you fi nd the one you want to attack, press Ctrl + C to stop the
search. Highlight the MAC address in the BSSID column, right-click, and
select copy. Also, make note of the channel that the network is transmitting
its signal upon. You will fi nd this information in the Channel column. In this case, the
channel is 10.
8.
Now we run airodump
and copy the information for the selected BSSID to a fi le.
We will utilize the following
options:
q –c allows us to
select our channel. In this case, we use 10.
q –w allows us to
select the name of our file. In this case, we have chosen wirelessattack.
q –bssid allows us to
select our BSSID. In this case, we will paste 09:AC:90:AB:78 from the
clipboard.
airodump-ng
–c 10 –w wirelessattack --bssid 09:AC:90:AB:78 wlan0
9.
A new terminal window will open displaying the output
from the previous command. Leave this window open.
10.
Open another terminal window; to attempt to make an
association, we will run aireplay,
which has the following syntax: aireplay-ng
–dauth 1 –a [BSSID] –c [our chosen MAC address] [Interface]. This
process may take a few moments.
Aireplay-ng
--deauth 1 –a 09:AC:90:AB:78 –c 00:11:22:33:44:55 wlan0
11.
Finally, we run AirCrack to crack the WPA key. The –w option allows us
to specify the location of our wordlist. We will use the .cap fi le that we
named earlier. In this case, the fi le's name is wirelessattack.cap.
Aircrack-ng
–w ./wordlist.lst wirelessattack.cap
That's it!
How it works...
In this recipe, we used the AirCrack suite to crack the WPA
key of a wireless network. AirCrack is one of the most popular programs for
cracking WPA.
AirCrack works by gathering packets from a wireless connection
over WPA and then brute-forcing passwords
against the gathered data until a successful handshake is established.
We began the recipe by starting AirCrack and selecting our desired interface.
Next, we changed our MAC address which allowed us to change our identity on the
network and then searched for available wireless networks to attack using airodump. Once we
found the network we wanted to attack, we used aireplay to associate our machine
with the MAC address of the wireless device we were attacking.
We concluded by
gathering some traffi c and then brute forced the generated CAP file in order
to get the wireless password.
No comments:
Post a Comment