Wifi Hacking WPA - 2 Using Kali Linux
| During this article we'll getWifite working to capture a WPA2 4-way handshake. Once you capture the 4-way handshake, you'll then use a tool like hashcat to interrupt the handshake to reveal the passphrase wont to access that wireless network. during a previous video, we gotthe ALFA AWUS036ACH adaptor to figure with Kali Linux 2021.1, that's this adaptor. it's working in Kali 2021.1, running in Virtual Box. Right now, on the screen right here, we see wlan0, which is that this adaptor, but it's not in monitoring mode. you'll tell that because there ceive, the RX packets are 0. If this were in monitoring mode, we might constantly be seeing all the wireless networks, and therefore the packets received would be increasing. |
To the try to to wireless hacking or wireless penetration testing, the NIC has got to be able tobe put in monitoring mode and that is why this NIC is employed right here. This ALFA NIC. So, I'm dark put it in monitoring mode first then we'll get wifi found out properly. then we'll capture some handshakes. I'm dark do IP link set wlan 0 down, so I'm gonna put wlan0 down first, then I-W config wlan0 mode monitor. I'm putting wlan0 in monitoring mode.
I-P link set wlan0 up. Now if I do ifconfig, we should always see the receive packets continually go up for wlan0, up to 13 now, but beforewe did not have any. subsequent step is to put in pyrit, so I'm dark do A-P-T install P-Y-R-I-T. Then then , we're going to install the htxdump tool. then we'll run Wifite. Wifite will scan, trying to find wireless networks, then you're getting to pauseit or stop it from scanning, pick a network or several networks, that you simply want it to grabthe handshakes from. Now that pyrit is completed installing, we'll install hcxdump tool.
So, A-P-T install H-C-X dumptool.... When this is often done installing,we will run Wifite which is already installed with Kali. So, just Wifite. immediately it's scanning for targets. May take a short time for them to seem but any wireless networks you see, you'll see from your antenna will start exposure here. you actually got to find wireless networks that have a client on them,so on the second column here, you've got the ESSID which is true here, this is often the access point.
On the far right column, you've got the amount of clients connected thereto access point. What we're trying to dois, if we've a client, we're getting to kick the client off of the access point and force it to re-authenticate. The client won't even notice this but wirelessly the 4-wayhand shake for WPA2 will happen and we're getting to attempt to grab that handshake when the client re-authenticatesto the access point. The more clients you've got , the higher , and therefore the more power, just like the ones here in green, the more likely it's that you are going to succeed kicking the client off of the access point and truly grabbing the handshake.
One other nuance with wireless hacking is you really have tobe on the brink of the client, so as to kick them off. you've got to be on the brink of the client, also because the access point. So ideally you're right within the middle. seems like we've found quite bit here, so I'm gonna plow ahead and hit ctrl+c. Just hit this just one occasion . Now, we're dark select which ESSI or which targets, supported the amount on the left , we would like to grab the handshakes from.
So I'm dark select 1 which is kona. I'm gonna select, I'm dark put a comma, select couple other ones. I'll do Wood lands condo, which is number 7. That has two clients connected thereto , so I'll do this one also . What this is often doing is, we're kicking the clien toff of the wireless network. The client with this MAC address right here, EC:2C:E2 on this wifi network called kona, we're de-authorizing it which'll make it re-authorize itself, or re-authenticate, then when it re-authenticates, we're trying to grab the 4-way handshake. Once we grab that 4-way handshake, we will run that througha password cracking tool like hashcat to crack the passphrase. And this deauth process can take a short time , it isn't always consistent. In my experience, if you've got tons of clients on a busy wireless network, it's easier.
During this case, we've one client. therefore the one client we've is really this iPad down here. It's connected to the access point. it's love it grabbed the handshake for kona. You see right here it's saved it, this dot cap file. therefore the next step, we're gonna covert that cap file to different format then we'll attempt to crack it using hashcat. And one among the thing sthat's quite interesting is that the access point we're using here is my phone right here. I had the phone on an equivalent side as my iPad, which is that the client, and therefore the antenna's on this side up here . once I moved the phone to theother side of the antenna, therefore the antenna was between,the ALFA antenna was between the phone and therefore the iPad, that's once I was abletvo capture the handshake. Doesn't appear to be it should matter but I just noticed that's when it actually captured the handshake. Now we're running through subsequent one, we said we might do two.
We told it to try to to kona and Woodlands Condo. We'll let it run through Woodlands Condo here. There's quite few clients at Woodlands Condo so we've a far better chance of de-authorizing one among those clients and catching the han dshake versus just one client. So we've four we've found thus far , so we will deauth all those and check out to grab the handshake when any of these clients re-authenticates. and that is okay, you may see this message here, "Failed to crack handshake." It just tried this probable list right here, the top 4,800 passwords and our password for this access point or passphrase wasn't therein list. it's like we discovereda new client here. and that we captured the handshake for Woodlands Condo right there.
So it captured two handshakes, they're both in dot cap format. Handshake kona, handshake Woodlands Condo. subsequent step is to convert those handshakes to a... hccapx format then crack those employing a tool like hashcat. Thanks for reading, I hope this text was useful. Please just like the article and follow to our blog please share this text .
Use 15+ character passphrase to avoid having your Wireless passphrase crack.