Tutorial on hacking wireless access points to include capture handshakes and crackings .cap files.
Legal Usage: The information provided by execute@will is to be used for educational purposes only. The website creator and/or editor is in no way responsible for any misuse of the information provided. All the information on this website is meant to help the reader develop penetration testing and vulnerability aptitude to prevent attacks discussed. In no way should you use the information to cause any kind of damage directly or indirectly. Information provided by this website is to be regarded from an “ethical hacker” standpoint. Only preform testing on systems you OWN and/or have expressed written permission. Use information at your own risk.
By continued reading, you acknowledge the aforementioned user risks/responsibilities.
Based off TheCyberMentor amazing Udemy course available at https://www.udemy.com/course/practical-ethical-hacking/
Wifi Pentesting Overview
Types Wireless Security: WPA2 Pre Share Key (PSK) - “Everyday” seen security across wireless networks WPA2 Enterprise - Utilize Radius Servers/Credentials (advanced environments)
Evaluating Networks:
- Evaluating strength of PSK
- Reviewing nearby network
- Assessing guest networks
- Checking network access
Tools used for Assessments:
- Wireless Cards - Alfa AWUD036NH
- Router
- Laptop
The Process / Methodology
Attacking Wireless Networks
- Relys on poor password on wireless networks
- After a WPA hand shake
Setup Wireless Card on Kali
1 |
|
## Place wireless card into monitor mode
- kill process that would interfere with the wireless network airmong-ng check kill
Start monitor mode
1 |
|
changing modes from wlan0
to [phy1]wlan0mon
.
confirm with iwconfig
Searching nearby area of wifi networks
1 |
|
devices are populating in the list.
- The lower the PWR is the closer you are to the device
ctrl+c
as we identifed the TP-Link to attack:
Narrow the wifi network down via airodump-ng
1 |
|
-w = name of file
if this was a larger network we would see more devices.
Performing a DEAUTH attack
- within a new window
- might need to run the attack several times to get the deauth aireplay-ng -0 1 -a 50:C7:BF:8A:00:73 -c 3C:F0:11:22:DB:E3 wlan0mon
-a = Wifi mac address -c = Station (client)
Beacon rate began to increase which then led to the “WPA handshake”
Viewing captured data
Cracking the captured data
1 |
|
-b = MAC address of target router
Passphrase was discovered quite quickly in this case.