search

wifiWPA/WPA2

Steps to crack the WPA/WPA2 key. We will need a WPA handshake.

hashtag
1. Monitor mode

First of all check and kill with airmon-ng:

sudo airmon-ng check
sudo airmon-ng check kill

Next, we enable monitor mode:

sudo airmon-ng start wlan0
sudo airmon-ng start wlan0 <channel_id>

# scan 5ghz networks
sudo airodump-ng -b a wlan0

hashtag
2. Finding target

We will now find the bssid (MAC) and essid (SSID) of our target:

sudo airodump-ng wlan0

Example output:

We found our target F0:A7:31:46:69:71 and see its using WPA2 PSK auth. We can also see its on channel 1.

hashtag
3. Dumping & getting handshake

-c | channel to 1

-w for write output as wpa2

--bssid for target MAC

wlan 0 our monitor interface

We will now have to wait for a client to connect to the network or inject using a deauthorization attack. We can see one station (client) is connected 8C:EC:7B:0F:63:24.

hashtag
4. Re-authentication attack

We use ‘aireplay-ng’ which is an injection attack. This forces a re-authentication packet into the wire.

After that we can see "WPA handshake: X" status:

We now have captured a handshake in the .cap file. We can now use aircrack to crack the PSK.

hashtag
5. Cracking

Now we will run ‘aircrack-ng’ against the dump file we gathered earlier.

hashtag
With hashcat

Convert cap to hashcat hash mode 22000

Crack it

With cowpatty

First generate list of hashes:

Then crack it:

hashtag
Connecting to WPA2 network

Then connect to wlan3 interface

And get DHCP IP:

PreviousAndroid APKNextWPS

Last updated